Alliance LogAgent for System i Supports Compliance Regulations for Security Log Monitoring, Alerts

Extracts and formats security events for analysis by SIEM software for security breaches

• By James E. Powell
• 10/09/2007

Patrick Townsend & Associates has released its new Alliance LogAgent for System i to help enterprise customers bring their IBM System i platforms (aka AS/400 and iSeries) into compliance with several regulations, including PCI, Sarbanes-Oxley, and HIPAA that require active network security monitoring. Alliance LogAgent extracts System i security events, formats them to the open standard for Syslog events, and sends them to a system log server (9such as Syslogd or Syslog-ng). Once centralized, the security events can be analyzed by Security Information and Event Management (SIEM) software for security breaches.

Customers with a variety of IBM, UNIX, Linux, and Windows servers have not been able to implement the same SIEM strategy for all systems, according to the company. The Alliance solution enables a single, common approach to log collection and management.

Patrick Townsend, company president, said “The effectiveness of log analysis and management software depends on the ability to consolidate all of the security information and events in one place. Only then can patterns be analyzed for potential security breaches. The Alliance LogAgent solution lets enterprise customers connect their System i platforms directly into their centralized SIEM security solutions. By providing a System i log agent and integrating all of our encryption and data security solutions into the logging architecture our customers get unmatched support for security monitoring.”

The program extracts security information from several locations in the System i platform, including the IBM security journal QAUDJRN, the system operator’s message queue, the IBM Apache Web server, OpenSSH, PHP, MySQL, and user applications. Alliance LogAgent supports custom security events, can filter security events (to minimize network impact), and is compatible with the Syslogd communications protocol and secure transport using SSL/TLS communications.

The Alliance LogAgent solution is compatible with several SIEM vendors, including ArcSight, Symantec, and LogLogic. The company says its solution can co-exist with intrusion detection systems and vulnerability scanning tools for enhanced monitoring for security breaches.

More information is available at http://www.patownsend.com or by calling (360) 357-8971.