Forum Discussion

Former Employee

Nov 21, 2020

Solved

AS400 CEF Sentinel

Hello Community experts, We have started working on PoCs with partners for two different customers in the finance industry that are in need to monitor AS400 systems. They will be collecting th...

Daniel Piedra
Oct 21, 2021
Hi JKatzmandu, thanks for your response, we were able to configure it by using a 3rd party tool to convert CEF format to Syslog format and then forward the logs to a relay VM installed onprem with a Syslog agent and Log Analytics Agent for Linux and from there successfully ingested the logs to Log Analytics Workspace for Sentinel use.

JKatzmandu

Brass Contributor

Nov 23, 2020

Daniel Piedra

The last time I did anything like this was with ArcSight; it required a batch job where we'd fetch the journal logs from OS/400 over FTP (later ssh) and then an ArcSight connector to read the journal log, convert it into CEF, and then forward it over to an ArcSight Connector (either file or syslog.)

You *may* want to look at addressing the journal log file as a flat file and custom log that is imported by an agent, and then use a Function within Sentinel to extract() the common fields.

Daniel Piedra
Former Employee
Oct 21, 2021
Hi JKatzmandu, thanks for your response, we were able to configure it by using a 3rd party tool to convert CEF format to Syslog format and then forward the logs to a relay VM installed onprem with a Syslog agent and Log Analytics Agent for Linux and from there successfully ingested the logs to Log Analytics Workspace for Sentinel use.
- desgoh
  Copper Contributor
  Oct 15, 2023
  Hi Daniel Piedra, can you share the steps and 3rd party tools that you used to send logs from AS400 to Sentinel please?