CCSS Adds Syslog Support to QMessage Monitor

July 21, 2009 Alex Woodie

System i shops that rely on the QMessage Monitor from CCSS to automate the handling of System i messages can now export those messages to third-party products as a result of the recently announced support for the Syslog message format. This will give QMM customers the capability to use cross-platform security event and information management (SEIM) products to keep watch over their entire IT environment, among other uses.

QMessage Monitor is a message management solution for single- and multi-site OS/400, i5/OS, and IBM i OS implementations. The software constantly watches a variety of system messages, logs, and journals so operators don’t have to and provides a range of filtering options to ensure that the most critical messages are brought to somebody’s attention, via the Windows-based console or through paging and alerts, while escalation procedures ensure a response to critical messages.

It’s been a while since QMM was updated, the last release being version 6.064 in the spring of 2007. Now, with the release of version 6.073, CCSS is helping its customers by enabling the product to route System i messages outside the product using Syslog. This new features should be a boon for System i shops that are struggling with managing the System i server in conjunction with other platforms.

Syslog is a standard for forwarding log messages in an IP network. While Syslog is the most widely supported protocol for sharing messages generated by a range of servers, it is not supported natively in i OS. This has provided work for third-party security management vendors, who have developed connectors for converting richly detailed i OS operational and security messages into the Syslog format.

While the System i often generates more security-related messages than other platforms, the messages are somewhat cryptic to the uninitiated and can be hard to share off-platform. This creates a liability for organizations that aim to manage the security for all platforms from a central point using an overarching SEIM product.

Now, with the capability to generate Syslog content, QMM can help customers to move relevant security and operational messages from the System i to a SEIM product. QMM is well positioned for this role, thanks to its advanced filtering mechanisms to suppress the minor and unimportant messages and amplify the most important and critical. This will help to ensure that the “talkative” nature of the System i messaging system does not overwhelm the SEIM product and drown out messages with potentially serious ramifications.

The addition of Syslog to QMM gives customers greater flexibility in how they use the product, says CCSS product manager Paul Ratchford.

“Part of the underlying equation for any messaging solution is not only the types of messages that are being generated, but also, how they are delivered,” he says in the announcement. “With each company and [piece of] network environment, the needs are unique, so we need to provide the maximum number of choices so customers can tailor the delivery to suit their resources, shift patterns, and communications preferences. The addition of Syslog is a good example of how we’re always looking at both sides of that equation and seeing how we can do more, and better, for our customers.”

QMM version 6.073 is available now. Pricing was not disclosed. For more information, visit the company’s Web site at www.ccssltd.com.