Monitoring ODBC and FTP Login entries to SYSLOG

Now that Syslog in IBM i is working and sending data to a remote server, i think i will use for auditing ODBC and FTP entries on my system.

I have already a FTP Server Request Validation exit point to control what the ftp users can do on my server, but it´s writing a lot of data into a database log. For auditing reason im just interested in audit the logon for users coming in FTP and ODBC server. Basically, using Exit Points programs, you can send whatever you need to SYSLOG: telnet sessions, audit change of users profiles, BRMS logs, etc.

I made a basic CL program based n TCPL0100 parameters that send messages to the syslog daemon when a user login into FTP. Using the PASE command "logger",  i just send:

STRQSH CMD('/QOpenSys/bin/logger -p 5 -t FTPSERVER message_text)

result in the file /var/adm/messages:

 Jan  2 12:19:38 my-AS400 user:notice FTPSERVER: Login by user: JOHN

and in the remote server i got:

Jan  2 12:19:38 splunk-server user:notice Message forwarded from my-AS400: FTPSERVER: Login by user: JOHN

The parameter "p" setup the level of the log that could be:

0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages

Posted in: