Alliance LogAgent

Alliance LogAgent

Secure System Logging for IBM i

Meet compliance regulations by collecting security system logs and transmitting to a log collection server or any Security Information & Event Management (SIEM) solution.

Automatically Collect and Transmit System Security Events
Format security events into an open systems log format, and securely transmit them to a log server for consolidation with the security events from other servers in the Enterprise.
Convert IBM i System Logs to Common Syslog Formats
Logs can be collected from the IBM i security journal QAUDJRN, system operator message queue, and system history file QHST. Log entries are converted from the internal IBM format to either syslog format (RFC3164) or Common Event Format (CEF). Converted entries are then transmitted to a central log server or SIEM product for log collection, analysis, and alert management.
High Performance Event Handling
Alliance LogAgent can process more than 800 log entries per second. This means that you can process the large number of events that are generated when IBM i security levels are at the highest settings.
Supports Two Factor Authentication
Paired with Alliance Two Factor Authentication, organizations can reduce the security weakness of relying on passwords as their only authentication mechanism.  By requiring an additional piece of information delivered to authorized users via SMS text or voice message, organizations can improve security of their sensitive data.
Security Events Reported to Leading SIEM Companies

Dell SecureWorks Splunk
LogRhythm HP (ArcSight)
SolarWinds Intel Security
Solutionary Tripwire
Symantec EMC (RSA)
Solutionary Many others

Splunk Business Intelligence
Many IBM i customers deploy Splunk for real time business intelligence. Alliance LogAgent supports the ability to detect changes (insert, update, delete) in selected database files and report information to Splunk. You can select any file and selected fields in the file to be reported to Splunk. As records are processed from your database file the information is normalized and formatted so that Splunk can easily process it. This capability of Alliance LogAgent makes it easy to create Splunk dashboards, reports, and alerts based on any business data you select. Townsend Security can provide professional services assistance to set up and configure Splunk dashboards and reports.

Operations Management
To help IBM i system administrators monitor the health of their IBM i servers, LogAgent can collect selected system and disk status information and send this information to your SIEM solution. Collected system information includes CPU utilization, disk utilization, disk unit status, and other metrics. Operations management information is independent of security monitoring and can be enabled or disabled as needed.

Exit Points
Alliance LogAgent monitors all of the major IBM i exit points including host management servers, FTP, ODBC and others. Important security information is collected, converted to standard system log format (Syslog, CEF, LEEF) and transmitted to your SIEM monitoring system or log collection server. For SQL connections to the IBM i over ODBC or DRDA connections, the SQL statement is collected and reported. Exit points can be selectively activated or de-activated.   

Administrative User Email Notification
When an administrative user starts a job on your IBM i server you can select to receive an email alert. After determining the authority level of a user an email alert can be sent to a selected email address or distribution group. Alliance LogAgent uses its own SMTP client for email delivery and you can easily configure email servers such as Microsoft Exchange to receive and process email from Alliance LogAgent on the IBM i server. The email alert identifying the user with administrative access provides date, time, system name, logical partition and job information to help the IBM i system administrator quickly respond to the event.

ServiceNow Integration
Alliance LogAgent for IBM i integrates IBM i servers and applications with ServiceNow, the leading cloud-based solution for IT system support problem tracking and resolution. Leveraging the ServiceNow REST web interface, Alliance LogAgent can instantly record critical system events as ServiceNow Incident reports. Additionally, the solution also exposes an API command to allow IBM i customers the ability to integrate line-of-business applications with ServiceNow. When business applications encounter critical events or errors, these can be immediately visible to the IT administrative and security teams for rapid response and resolution.

Flexible Licensing Options

With flexible licensing options, including perpetual and subscription licensing, protecting sensitive data on the IBM i has never been easier or more affordable.
Need Even More Advanced Logging Tools?
Check out Alliance LogAgent Suite.  It has all the features of Alliance LogAgent, but with additional tools that let administrators selectively monitor data access and change activity at the column or field level - without changing applications or user accounts.


Supports direct user application QAUDJRN entries

Commands to send syslog and Common Event Format (CEF) messages

Bindable service program for syslog message creation

Bindable service program for ArcSight CEF message creation


IBM i OS/400 V6R1 or later

IBM Power Systems (IBM i, iSeries, AS/400)

Supported SIEM Solutions

Compatible with any SIEM solution using syslog including: Splunk, Symantec, Dell SecureWorks, ArcSight, LogRhythm, Alert Logic, more

Solution Briefs

Alliance LogAgent for IBM i

Meet compliance regulations by collecting security system logs and transmitting to a log collection server or any Security Information & Event Management (SIEM) solution.

Alliance LogAgent Performance

Poor performance can consume CPU resources and slow event management, defeating your security strategy.


Alliance LogAgent

Alliance LogAgent collects security journal (QAUDJRN), system operator, QHST, and user security messages for distribution to a syslog server or to a SIEM.