Does anyone know of a way to offload SYSLOG and Audit log data of the masters to Splunk or some other data capturing tool? or is there an API already built to perform this function?
Trying to utilize tools already built to view these logs effectively and efficiently to better server our customers. This would also help in reducing the amount of time needed to resolve issues if there was a way to search these logs from over time. Splunk provides that capability easily. Just need a way to offload in near real time without affecting the performance of the Master.
Or is there already an API that performs this function?
Would the Report Server provide what you need?
https://docops.ca.com/ca-workload-automation-esp-edition/11-4/en/operating/control-report-serverCreate a simple ESP PROC that does the following:
Let me know if you are interested in the second option and need additional details.
Thanks Rick for the response. Do you know if this database setup takes the place of the VSAM for the History file or is this in addition to the VSAM?
This would solve the near real time update of job history data but, what about the logs to be able to trouble shoot problems. To be able to view several logs worth of data to review what transpired?
Commonly our users will spin the auditlog daily and write the closed ones to a dataset (like Rick said). And of course you can write current auditlog to a dataset similarly. Spining the log can avoid it being too large, and therefore reduce the effort for writing; especially for near real time data, the current log can be written multiple times.
Some users also spin the JESMSLG (there is no ESP command for it, but IBM SDSF can set it up) and similar method can be used to write it to a dataset.
Hope this helps,
Lucy, thank you for your reply.
We already spin off the AUDIT and JESMSGLG daily (24 hours) to GDGs. I think RickR had an excellent idea of using the Report Writer for updates to job statuses. We are already looking to utilize this suggestion (thanks RickR).
I was looking for something non-intrusive as the Report Writer to offload the above logs to be utilized with Splunk or some other tool to easily peruse through many days/weeks/months quickly and easily to help when problems arise. I was thinking of an API or something similar to the Report Writer that would sit on top of the master and funnel information out to utilized in near real time scenarios for problem resolution. This would be easier to setup views and offload to documents than cutting and pasting from the mainframe (numerous times) into a document to pass along for the root cause analysis to management.
Unfortunately there is no way to do it yet.
It sounds a good topic for possible enhancement. You may post an idea for it.