Document toolboxDocument toolbox

mainframe.ibm

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Aug 03, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with mainframe.ibm identify events generated by an IBM mainframe.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as mainframe.ibm. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

Tag

Data table

mainframe.ibm.type80.<subtype>

mainframe.ibm.type80



For more information, read more About Devo tags.

How is the data sent to Devo?

A couple of relay rules are needed to define the fourth level of the tag and send the data to the target table. Create the rules using the following values:

Relay rule 1

  • Source Tag → devo.collectors.out

  • Select the Stop processing checkbox

Relay rule 2

  • Source message → ([^ ]+).*

  • Target tag → mainframe.ibm.type80.\M1

  • Select the Stop processing and Sent without syslog tag checkboxes

Table structure

These are the fields displayed in this table:

mainframe.ibm.type80

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

EVENT_TYPE

str

 

EVENT_QUAL

str

 

TIME_WRITTEN

str

 

DATE_WRITTEN

str

 

SYSTEM_SMFID

str

 

VIOLATION

str

 

USER_NDFND

str

 

USER_WARNING

str

 

EVT_USER_ID

str

 

EVT_GRP_ID

str

 

AUTH_NORMAL

str

 

AUTH_SPECIAL

str

 

AUTH_OPER

str

 

AUTH_AUDIT

str

 

AUTH_EXIT

str

 

AUTH_FAILSFT

str

 

AUTH_BYPASS

str

 

AUTH_TRUSTED

str

 

LOG_CLASS

str

 

LOG_USER

str

 

LOG_SPECIAL

str

 

LOG_ACCESS

str

 

LOG_RACINIT

str

 

LOG_ALWAYS

str

 

LOG_CMDVIOL

str

 

LOG_GLOBAL

str

 

TERM_LEVEL

str

 

BACKOUT_FAIL

str

 

PROF_SAME

str

 

TERM

str

 

JOB_NAME

str

 

READ_TIME

str

 

READ_DATE

str

 

SMF_USER_ID

str

 

LOG_LEVEL

str

 

LOG_VMEVENT

str

 

LOG_LOGOPT

str

 

LOG_SECL

str

 

LOG_COMPATM

str

 

LOG_APPLAUD

str

 

LOG_NONOMVS

str

 

LOG_OMVSNPRV

str

 

AUTH_OMVSSU

str

 

AUTH_OMVSSYS

str

 

USR_SECL

str

 

RACF_VERSION

str

 

RECORD_EXTENSION

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

v

Â