on Oct 15, 2012PowerTech Interact
PowerTech Interact sends real time events from the IBM Power Systems running IBM iSeries to syslog in a syslog format. The log data comes from three sources: the OS/400 security audit journal (QAUDJRN), PowerTech security applications, Network Security and Authority Broker, and critical operating system messages.
Release Date | What’s New In This Release |
11/30/2011 | Initial support for PowerTech Interact |
12/19/2011 | Updated release to include 10 new messages |
01/30/2012 | Updated XML to included new message types. |
02/15/2012 | Updated XML to correct a username placement issue. |
03/05/2012 | Updated XML to include TAF0004 event.. |
06/25/2012 | Converted XML to Content 2.0. |
| 04/09/2014 | Updated XML to included new message types. |
One caution on the latest release -- the DeviceType has changed from "powertechinteractpe" to "powertechpe". The new naming is shown in the PDF but it's not called out as a change so it's easy to miss.
We are finding that our iSeries hosts that were marked 'multi' devices are automatically creating a new device entry when events in the updated XML are observed. Data is still flowing to both device types... We're opening a support to determine the best way to transition from one source to the other.
We're happy to have lots more events included (309 vs the previous 134), but the type change caught us by surprise.