search

zhmcclient / zhmc-log-forwarder

A forwarder for HMC audit and security logs
Apache License 2.0
0 stars 0 forks source link
hmc logging mainframe python s390x

readme

A log forwarder for the IBM Z HMC

Version on Pypi Docs status (master) Test status (master) Test coverage (master)

Overview

The zhmc-log-forwarder package provides a log forwarder for the IBM Z Hardware Management Console (HMC), written in pure Python.

It contains a command named zhmc_log_forwarder that collects security logs and audit logs from the Z HMC and forwards the log entries to various destinations, such as stdout, the local syslog, or a QRadar service.

The command can gather log entries from the past, since a specified date and time, or since specific points such as now or all available entries. The command can in addition subscribe for notifications from the HMC about new log entries, so that it can wait for any future log entries to appear.

The log forwarder supports the following destinations:

and the following formats:

Installation

$ pip install zhmc-log-forwarder

This will install the package and all of its prerequisite packages into your current Python environment.

It is recommended to use a virtual Python environment, in order not to clutter up your system Python.

Quickstart

  1. Make sure you installed the zhmc-log-forwarder package (see the previous section).

  2. Create a config file for the zhmc_log_forwarder command. The config file specifies the targeted HMC, the desired destination for the logs, and other data.

    An example config file with explanations of the parameters is shown when invoking:

    $ zhmc_log_forwarder --help-config-file

    Additionally, an example config file is here: example_config_file.yml

    Redirect that output into a file and edit that file as needed.

  3. Optional: The zhmc-log-forwarder package includes a default HMC log message file. That file is used when generating CADF output format and defines how the HMC log messages are classified in the CADF output. It is possible to specify your own HMC log message file using the log_message_file parameter in the config file. When omitting this parameter, or when setting it to null, the default HMC log message file included with the zhmc-log-forwarder package is used.

    An example HMC log message file explaining its format is shown when invoking:

    $ zhmc_log_forwarder --help-log-message-file

  4. Start the zhmc_log_forwarder command as follows:

    $ zhmc_log_forwarder -c CONFIGFILE

    Where CONFIGFILE is the file path of the created config file.

    The command will run forever (or until stopped with Ctrl-C) and will forward the log records as specified in the config file.

Documentation and Change Log

License

The zhmc-log-forwarder package is licensed under the Apache 2.0 License.