If the optional journal monitoring job EVJRNPROC is running on the System, data will be presented in the format defined by the monitors that were created using the Configuration Tool.
From the Configuration Tool, select the Journal Monitors tab and define a new journal monitor group to hold the monitors.
Click the Create button to create a new journal monitor group or click the Edit button to modify an existing group. You can also Copy, Rename, or Delete an existing group.
Figure 8: Configure Journal Monitors
In the Journal Monitor group, click the Add Monitor button to add a new journal monitor.
Figure 9: Create Journal Monitors
In the new Journal Monitor definition, enter values for these fields:
Table 2: Fields of a Journal Monitor definition
Field
Description
Notes
Journal Name
Name of the journal to be monitored.
Required
Journal Library
Library where the journal resides.
Required
Destinations
Kafka – Select to send events to Kafka.
Splunk – Select to send events to Splunk.
See note below.
Frequency
The interval (in seconds) that this monitor will be checked. Restrict values to multiples of 30.
Mandatory Defaulted to 30.
Raw
Forward raw journal records to the Ironstream Proxy Server.
This option should always be selected for the system audit journal (QAUDJRN). If Object Type is *STMF, Raw is enforced and cannot be changed.
Field Description Config
Dropdown of File Field Descriptions to be applied.
Only enabled if Raw is unchecked. Field Description Config defined in
File Field Description tab.
Object Type
The type of object. Valid values are
*FILE, *DTAARA, *DTAQ, *LIB, and
*STMF.
Mandatory
Object Name
Specify the name of a specific object whose changes are being recorded in this journal.
If no object is specified, all objects are collected in this journal unless restricted by other filtering options.
Hidden if the Object Type is *STMF. Mandatory for all other Object Type
values.
Object Library
The name of the library where the object resides.
Hidden if the Object Type is *STMF. Mandatory for all other Object Type
values.
Path Name
Specify the path of the IFS logs you want to collect. The restrictions are as follows:
It MUST start with a forward slash (/).
Include the full path to the folder where the logs are stored.
Note: Do not use wildcards in the folder name.
Specify the name of the log or use a wildcard instead of the name to collect some or all logs in the folder.
Only available if Object Type is
*STMF.
Limited to 1024 Characters.
Object Member
The name of the file member of the object that is being monitored for changes.
Optional, but only allowed if Object Type is *FILE. Hidden if Object Type is *STMF.
Entry Code
To filter on a specific journal code, enter the code in this field.
Optional
Note: This field should be left blank if Entry Types are specified.
Types
The Entry Types to be forwarded to the collector. To add event types,
click the Add Type button and enter a 2-character event type, for example, UB.
To add additional event types, click the Add Type button and enter the additional event types.
Up to 300 types can be specified per monitor.
Note: The Entry Code field should be left empty if one or more event types are specified.
Fill in the Assigned systems field to assign the completed Journal Monitor Group to one or more IBM i LPARs.
Click the Save button.
Click the Distribute button to send the new monitor group to the Ironstream Agent for IBM i for the Assigned systems.
On the Systems tab restart each System that is in the Assigned systems list of the newly created Journal Monitor Group.
Note: After creating or changing a journal monitor, you MUST restart each System affected by the changes to ensure that the Proxy Server is using the new configuration details when processing journal entries.
Note: There must be at least one destination selected for the data. When only one check box is selected, it is greyed out to ensure it cannot be cleared until another destination has been selected.
If the journal monitor configurations are deleted after they are distributed to an LPAR, the Splunk/Kafka options will be lost, and the data will not be sent to any destinations.