Halcyon Adds Real-Time Notification to Audit Journal Manager

November 30, 2010 Alex Woodie

The product development folks over at Halcyon Software have been busy lately, as the company released updates to three separate products this month. The most important may be the addition of real-time monitoring capabilities to its Audit Journal Manager, which will help IBM i shops detect intrusions. On the performance front, Halcyon shipped the first release of Snapshot TSC since buying it earlier this year, and it also unveiled an iPhone app for its Performance Analyzer product.

On its face, the introduction of Audit Journal Manager would appear to be a brand new addition to Halcyon’s suite of systems management tools for the IBM i server. However, in its announcement Halcyon points out that the “new” product is actually a major new version of the pre-existing Audit Journal Monitor product, which Halcyon will no longer sell.

Audit Journal Manager, like the product that came before it, helps IBM i administrators parse through the millions of entries written to the security audit journal (QAUDJRN), and identify the entries that reflect security policy violations. The product offers dozens of reporting templates that filter out superfluous journal entries and display only what the administrator or auditor is looking for.

There are several differences between the old product and the new product. For starters, there are real-time capabilities now, according to Halcyon senior technical services manager Ashley Giddings. “Based on feedback from customers, further enhancements have been added to boost the real-time alerting facility to assist with intrusion detection,” he states in Halcyon’s announcement.

Also, new alerting features were added that allow administrators to be quickly notified of potential breaches. The software will distribute the alerts via SMS, e-mail, SNMP, or Syslog formats, and it will also make a sound on the management console when a potential breach is detected.

Halcyon also gives users the option of overwriting the cryptic QAUDJRN warnings, and replacing them with more understandable phrases in the real-time messages generated by the product. This handy feature will help busy administrators (who many also be in charge of Windows or Linux systems) to understand the nature of the problem, without seeking an IBM i-to-English translator.

Much focus has been placed on real-time detection of changes to sensitive parts of the system; Halcyon calls it “continuous monitoring.” Actions that immediately pop up now include changes to user profiles and access control lists; invalid sign-on attempts; and any changes to sensitive objects, such as a payroll file. Admins can also get notifications of failed attempts to access certain files.

The Audit Journal Manager is included in three Halcyon products, including the Systems Operations suite, the Advanced Automation suite, and its Operations Manager suite.

Performance Mods

This month, Halcyon also unveiled a new release of its Snapshot TSC (Total System Control) performance management tool, which it acquired earlier this year from the Australian software company Mid-Comp International. Snapshot collects performance data via IBM i agents, and displays the information on a Windows-based console, where administrators can view colorful graphics depicting the state of their monitored systems as well as perform “what if” capacity planning.

Snapshot version 10.6 is primarily a maintenance release. It introduces several minor bug fixes, as well as support for IBM i 6.1 and 7.1, which people are beginning to adopt. “We also want to demonstrate to Snapshot TSC customers that Halcyon is totally committed to releasing new versions of the software and will continue to invest in developing this technology,” stated Donnie MacColl, director of technical services.

To that end, the company is planning another release early next year that will introduce new capabilities, including: statistic gathering improvements; new disk collection features; automated restart of agents; a refresh of the capacity planning database; and modeling enhancements.

A New App for That

Last but not least, Halcyon rolled out a new iPhone interface for Performance Analyzer, a separate performance monitoring tool that Halcyon launched earlier this year.

The new iPhone interface will display some of the server metrics that Performance Analyzer collects, such as CPU consumption, active jobs, and server response times, for multiple servers or LPARs. Customers can use the preset metrics, or pick their own. The data is automatically refreshed every minute, and Halcyon says it has taken steps to minimize any impact on production systems.

In addition to real-time information, the new iPhone interface will record and display server performance at different intervals, providing some long-term trend analysis. Users also have the option of using a report wizard to build custom service level reports. Automatic report distribution is included.

Halcyon says its new iPhone interface also works with iPads and iPod Touch devices. The program has been approved by Apple, and is available for purchase in the Apple iPhone app store.

Performance Analyzer was introduced as a new module of its high-end Operations Center version 3 suite, which Halcyon introduced in May, a week or so before the Snapshot acquisition. The software displays various performance metrics of IBM i servers. While it duplicates some of the Snapshot functions, it is more of an everyday, tactical type of tool, compared to the historical modeling and capacity planning function of Snapshot.

In addition to Operations Manager, Performance Analyzer and its new iPhone app are available with Halcyon’s Advanced Automation suite, which sits just below the flagship Operations Manager suite on the functionality scale. The company also has started referring to its suits as Level 1 through Level 4, with Operations Manager being Level 4.