CorreLog, Inc.   Solutions   Download   Partners   News   Support   About Login

Solutions > CorreLog Z/OS Mainframe Agent

The CorreLog Mainframe Agent (CMA Agent) expands the role of the CorreLog Server within your enterprise to include monitoring of SMF mainframe messages, empowering you with new important capabilities and visibility into your mainframe and enterprise security. Complete your SIEM strategy using this powerful and unique management component.

 

Product Overview

The Mainframe Agent program is installed and executes in one or more Z/OS mainframe LPARs, and continuously monitors mainframe SMF records. The Windows Mainframe Agent Receiver program executes on the Windows CorreLog Server platform as a background process. Together, these components permit the user to watch for security violations and performance issues on mainframe components as a regular part of operational security.

All mainframe messages, once received by CorreLog, are converted to regular syslog messages, which can be matched via correlation threads, alerted, and assigned to users via the CorreLog ticketing system. Additionally, the user can create dashboards that depict the mainframe associated threads, devices, and alerts.

Since the messages are just normal syslog messages, they can be easily relayed to other syslog management and log file aggregators, including any standards based third-party system. This extends the life cycle of the software, insuring your technology investment is not built with proprietary protocols. As with all CorreLog software, the mainframe agent is highly documented, easily extended, and designed to insure continued interoperability with other standards-based products.

System Features

The CorreLog Mainframe Agent is designed to be highly secure, non-intrusive, and easy to deploy. This program contains multiple features that provide tight integration to the CorreLog server, and high visibility into the security and performance of your mainframe.

  • CMA Agent Program. The Mainframe Agent software executes on both the CorreLog Windows platform, and on one or more mainframe LPARs. These components cooperate to log SMF messages from the mainframe as regular syslog messages, permitting all the features of CorreLog Server to be applied to mainframes. Messages are decoded to be completely human-readable text that is ideal for correlation functions as well as operator understanding.

  • CMA Support Screen. The Mainframe Agent software includes a CorreLog Server support screen, as part of the Windows component installation. This screen allows the user to configure various special aspects of the mainframe agent software, including source filters, match patterns, and other parameters. The user can specify facilities and severities for any mainframe message (based upon match keywords) as well as tag messages with user specified text, assisting in the correlation of these messages with other events on the network.

  • CMA Dashboard Gadget. The Mainframe Agent software supports the CorreLog dashboard facility by adding new gadgets to the CorreLog Server system. These new dashboard elements allow the special mainframe data to be viewed with other enterprise data received by the CorreLog Server, enhancing your view of the enterprise, and the awareness of critical events specific to your mainframe.

  • CMA API And Utilities. We include command line utilities and API elements, which transmits mainframe type messages (in EBCDIC) to the Mainframe Agent Program, useful for testing automation that may exist at the CorreLog server, or extending the range of messages.

Installation Requirements

The CorreLog Mainframe Agent requires a mainframe executing Z/OS or MVS operating systems. Installation is performed on both the CorreLog server and Mainframe system, with administrative logins required at both platforms. Installation requires the following:

  • Existing CorreLog Server Installation. Prior to installing the CMA Mainframe Agent, the CorreLog Server system must be installed on a Windows platform. This must occur before attempting to install the CMA Mainframe Agent software.

  • Disk Space Requirements. The CMA Mainframe Agent requires no significant disk space beyond the normal footprint of the CorreLog server. There is generally no extra disk space load due to the agent program.

  • CPU Requirements. The CMA Mainframe Agent requires very little extra CPU requirements. A single process is started on both the mainframe and Windows platforms. Each consumes minimal CPU resources.

  • Service Ports. The CMA Mainframe Agent requires allocation of a single TCP service port (normally port 51414, but possibly any other port selected by the user.) Firewalls should be adjusted to accommodate this service port and communication channel between the mainframe agent and the CorreLog server.

The CorreLog Mainframe Agent software includes a ready-to-run configuration, and 50+ page CorreLog Agent User Reference Manual in Adobe PDF format.

This software is available for evaluation on user request. Contact CorreLog for specific help.

View Other Solutions & Services...

This is CorreLog
Security Compliance
Datasheets
 
Free Trial Download
Request Product Demo
Purchase CorreLog

Privacy  |  Product Licensing  |  Contact Us

CorreLog: High Performance Correlation, Search, and Log Management

Copyright © 2010, CorreLog, Inc. All rights reserved.
All trademarks and registered trademarks used herein are the properties of their respective owners.

Google, Twitter, Digg, SlashDot, Cisco, Microsoft