Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version 2

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel2
typeflat

Introduction

The tags beginning with mainframe.ibm identify events generated by IBM Mainframe.

Valid tags and data tables

The full tag must have n levels. The first two are fixed as mainframe.ibm. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

Technology

Brand

Type

Subtype

mainframe

ibm

  • type80
  • <subtype>

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

mainframe.ibm.type80.<subtype>

mainframe.ibm.type80


How is the data sent to Devo?

Logs generated by IBM Mainframe are forwarded to Devo using a dedicated collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.

Log samples

The following are sample logs sent to each of the mainframe.ibm data tables. Also, find how the information will be parsed in your data table under each sample log.

Note
titleExtra columns

Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.

mainframe.ibm.type80

Code Block
2020-12-08 19:46:51.986 localhost=127.0.0.1 mainframe.ibm.type80.ACCESS: ACCESS SUCCESS 08:59:34 2020-06-10 SY03 NO NO NO IMSRUSR XZWST NO NO NO NO YES NO NO NO NO NO NO YES NO NO NO NO 000 NO NO I03ABZ61 04:34:48 2020-06-10 NO NO NO NO NO NO NO NO NO NO 77A0 MWFESRS READ READ TIMS IMS DEPENDENT REGION NO YES NO NO NO NO NO NO NO NO STARTED NO NO YES IMSRUSR XZWST NO YES
2020-12-08 19:46:51.986 localhost=127.0.0.1 mainframe.ibm.type80.JOBINIT: JOBINIT UNDFUSER 08:59:18 2020-06-10 SY03 YES NO NO S12AS999 NO NO NO NO NO NO NO NO NO NO NO NO YES NO NO NO 000 NO NO I03ABZ61 04:34:48 2020-06-10 NO NO NO NO NO NO NO NO NO NO 77A0 I03A NO NO NO NO NO NO NO YES NO NO NO NO NO S12AS999 YES YES

And this is how the log would be parsed:

Field

Value

Type

Extra field

eventdate

date('2020-12-08 19:46:51.986')

eventdate


hostchain

localhost=127.0.0.1

str

hostname

localhost

str


tag

mainframe.ibm.type80.ACCESS

str

EVENT_TYPE

ACCESS

str


EVENT_QUAL

SUCCESS

str


TIME_WRITTEN

08:59:34

str


DATE_WRITTEN

2020-06-10

str


SYSTEM_SMFID

SY03

str


VIOLATION

NO

str


USER_NDFND

NO

str


USER_WARNING

NO

str


EVT_USER_ID

IMSRUSR

str


EVT_GRP_ID

XZWST

str


AUTH_NORMAL

NO

str


AUTH_SPECIAL

NO

str


AUTH_OPER

NO

str


AUTH_AUDIT

NO

str


AUTH_EXIT

YES

str


AUTH_FAILSFT

NO

str


AUTH_BYPASS

NO

str


AUTH_TRUSTED

NO

str


LOG_CLASS

NO

str


LOG_USER

NO

str


LOG_SPECIAL

NO

str


LOG_ACCESS

YES

str


LOG_RACINIT

NO

str


LOG_ALWAYS

NO

str


LOG_CMDVIOL

NO

str


LOG_GLOBAL

NO

str


TERM_LEVEL

000

str


BACKOUT_FAIL

NO

str


PROF_SAME

NO

str


TERM

null

str


JOB_NAME

I03ABZ61

str


READ_TIME

04:34:48

str


READ_DATE

2020-06-10

str


SMF_USER_ID

null

str


LOG_LEVEL

NO

str


LOG_VMEVENT

NO

str


LOG_LOGOPT


str


LOG_SECL


str


LOG_COMPATM


str


LOG_APPLAUD


str


LOG_NONOMVS


str


LOG_OMVSNPRV


str


AUTH_OMVSSU


str


AUTH_OMVSSYS


str


USR_SECL

null

str


RACF_VERSION

77A0

str


RECORD_EXTENSION

MWFESRS READ READ TIMS IMS DEPENDENT REGION NO YES NO NO NO NO NO NO NO NO STARTED NO NO YES IMSRUSR XZWST NO YES

str


rawMessage

ACCESS SUCCESS 08:59:34 2020-06-10 SY03 NO NO NO IMSRUSR XZWST NO NO NO NO YES NO NO NO NO NO NO YES NO NO NO NO 000 NO NO I03ABZ61 04:34:48 2020-06-10 NO NO NO NO NO NO NO NO NO NO 77A0 MWFESRS READ READ TIMS IMS DEPENDENT REGION NO YES NO NO NO NO NO NO NO NO STARTED NO NO YES IMSRUSR XZWST NO YES

str