Many organizations have a variety of tools that enable them to analyze their mainframe systems and components. For decades, software vendors have provided silo point-based solutions that enabled deep dive analytics into performance, availability, security, and more. But there has been little integration between these silo monitorers and virtually no integration with information from other platforms. This resulted in gaps in understanding security issues and service delivery on an enterprise-wide basis for cross-platform IT services.
What Is Mainframe Log Data?
There are a number of different data sources that are available within the IBM z/OS mainframe that can be leveraged to provide insight into the operational health of the system and applications as well as providing visibility into security and compliance issues. For example, the System Management Facility (SMF) on z/OS is the component which collects and records a large amount of real-time and historical information on performance, security, and technical operations. Terabytes of very useful information can be recorded daily. Virtually every operational event that occurs on the mainframe—from a simple log-in attempt at a particular workstation to a potential breach of system security—is captured and recorded in one or more SMF record types.
Another source of information is the system log (SYSLOG) which contains messages that can be used to monitor CICS, DB2, IMS, Webshpere MQ, Unix System Services (USS), Websphere Application Server (WAS) and other sub-systems along with JOB activity on z/OS. Unix System Services files may contain log records and application information from web-based and other applications that can provide valuable insights.
Syncsort, a global leader in big-data software, introduced Ironstream to the Splunk market in September 2014. Ironstream is the industry’s leading automatic forwarder of z/OS mainframe operations and security data. It collects that data and sends it in machine-readable form to a Splunk® Enterprise or Splunk Cloud™ platform where it can be merged and analyzed with other machine data from across an organization’s infrastructure for operational intelligence and security insights.
Ironstream running with Splunk represents an easy, cost-saving way for an organization to get that invaluable 360-degree view of its entire IT infrastructure by integrating key performance indicators and events contained across the different logging facilities within the z/OS operating system. Organizations can address the decline of mainframe expertise due to staff aging and retirement because with Ironstream there is no need for special knowledge and expertise to correlate mainframe data with that coming from other platforms.
Here’s a short 4-minute video Introducing Syncsort Ironstream:
Ironstream integrates with both Splunk IT Service Intelligence and Splunk Enterprise Security, providing the following benefits:
- Mainframe security information is correlated and displayed alongside security data from distributed platforms in all Enterprise Security dashboards.
- KPIs for mainframe components including CICS and DB2 are mapped to critical business services for total visibility into IT service delivery.
There are a number of sample applications and dashboards provided via Splunkbase that can be accessed simply by searching on Ironstream within Splunkbase. Included are sample apps for security and performance of z/OS components and sub-systems including SYSLOG, CICS, and Websphere MQ. There is a premium application for Ironstream that provides cross-platform Transaction Tracing from mobile and web-devices into CICS and DB2 on the mainframe for total visibility.
Try Ironstream for free with z/OS Syslog data!
Director of Mainframe Product Marketing & Management