Troubleshooting - 7.0

Assure Security Illumio Implementation Guide
Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Encryption
Assure Security > Assure Secure File Transfer
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure Security > Assure Security Risk Assessment (SRA)
Assure Security > Assure System Access Manager (SAM)
Assure Security > Assure Secure File Transfer with PGP
Version
7.0
ft:locale
en-US
Product name
Assure Security
ft:title
Assure Security Illumio Implementation Guide
Copyright
2025
First publish date
2025
ft:lastEdition
2025-06-03
ft:lastPublication
2025-06-03T12:57:58.093000

 

Test the syslog connection

To test the syslog configuration on both the IBM i and the syslog server, run the SNDQXSYLOG command.

Fill in the following parameters:

  • Content - Specify the message text to be sent to the syslog server. The message can be up to 5000 characters. This field is mandatory.
  • Tag - Specify a character string of up to 32 characters to be included in the header portion of the syslog message. This field is mandatory. Enter the string or use the default value ASSURE SECURITY SAM to indicate that the message originates from Assure System Access Manager.
  • Facility - Specify the facility of the message. This field is mandatory. Enter a value between 0 and 23, corresponding to a specific event type. Refer to the 5250 Help for the full list of event types. The default value is 4, for Security/authorization messages.
  • Severity - Specify the severity of the message. This field is mandatory. Enter a value between 0 and 7, corresponding to a specific severity. Refer to the 5250 Help for the full list of severities. The default value is 6, for informational messages.
  • End of message indicator - Specify the character to use as the end of message character. This field is mandatory. Enter one of the following values:

    *NULL - The NULL character. This is the default value.

    *CR - Carraige return

    *CRLF - Carriage return/line feed

    *LF - Line feed

    *NONE - No specific character is defined as the end of message character.

    *TAB - Tabulation

  • Mode - Specify the protocol to use to send the syslog message. This field is mandatory. Enter one of the following values:

    *UDP - Specifies the User Datagram Protocol. This is the default value.

    *TCP - Specifies the Transmission Control Protocol which is used in connection with IP (TCP/IP).

  • SSL connection - For *TCP connections, specify whether to use a secure socket to send the syslog message. This field is mandatory. Enter *YES to use a secure socket or *NO to use a normal socket.
  • Keep connection open - For *UDP connections, specify whether to keep the connection open between sending successive messages. This field is mandatory. Enter one of the following values:

    *NO - The connection is closed after each message is sent and reopened to send the next message. This is the default value.

    *YES - The connection remains open until the command SNDQXSYLOG CONTENT (*SOCKETCLOSE) is run.

The following is an example of the command with *TCP mode specified:
SNDQXSYLOG 
        CONTENT('SYSI18,2025-03-06T07:08:37.216269,SCK_CONNEC,*DFT,TESTUSR,R,Y,
10.22.27.78,10.22.27.26,20010,6')
TAG('PRECISELY') MODE('*TCP')
RMTSYS('ec2-24-67-123-412.us-west-2.compute.amazonaws.com')
PORT(5015) EOM(*LF) KEEPOPEN(*YES)
The following is an example of the command with *UDP mode specified:
SNDQXSYLOG 
        CONTENT('SYSI18,2025-03-06T07:13:38.611341,SCK_CONNEC,*DFT,TESTUSR,R,Y,
10.22.27.78,10.22.27.26,20010,6')
TAG('PRECISELY') MODE('*UDP')
RMTSYS('ec2-24-67-123-412.us-west-2.compute.amazonaws.com')
PORT(5015) EOM(*NONE)

Revert to a previous ACL file

The imported ACL file is stored in the following IFS directory: /visionsolutions/secops/product-library/ILLUMIO/ACL.

In case of emergency (for example, the ACL file installed a policy that rejected valid connections), if there is no quick way to change the Illumio policy, you may want to revert back to one of the previous ACL files stored in the directory. To revert to a previous ACL file, do the following:

  1. Run the following command to end the Illumio service: 
    ENDILOSRV SERVICE(*ACL)
  2. Run the following command to import the file to which you want to revert:
    IMPILOACL ACLFILE(<filename>)
  3. Change the Illumio policy to fix the error.
  4. Run the following command to restart the Illumio service:
    STRILOSRV SERVICE(*ACL)