Powertech SIEM Agent for IBM i

NOTE: In versions 3.10 and earlier, SIEM Agent for IBM i was called Interact.

May 2018

Version 3.10
  • The new PLICHGAPP command allows you to separate syslog messages with delimiter characters when using the TCP protocol.
  • The Interact license entry program and license checker now recognizes LPAR numbers greater than 255.

April 2017

Version 3.09
  • CEF entries for custom journals are no longer missing the file information (library, file, member).
  • Commands STRPLIAMON and ENDPLIAMON can now be run outside of the product.
  • Help text from the Work with Brokers/Agents screen that incorrectly stated all messages sent to QSYSMSG are also sent to QSYSOPR has been corrected.

November 2016

Version 3.08
  • Event Filters have been added for new PTF related journal entries added in OS V7R2 (T/PF & T/PU):

    Msg Id Function Desc
    TPF0009 Type: PF/I PTF IPL operation
    TPF0012 Type: PF/L PTF product(s) operation
    TPF0016 Type: PF/P PTF operations
    TPU0004 Type: PU/D Directory PTF object changed
    TPU0012 Type: PU/L Library PTF object changed
    TPU0019 Type: PU/S LIC PTF object changed
  • New fields have been added to T/CD entries in *CEF format:

cs4Label=commandDetail

cs4=Entry_Specific_Data_up_to_the_Command_String

cs5Label=commandString

cs5=Command_String_from_Entry_Specific_Data

  • Subfile issues when paging up and down on the ‘Work with Event Filters’ screen (e.g. partial screens, odd cursor positioning) have been fixed.

November 2016

Version 3.07
  • Interact is now delivered with new deployment functionality, including the ability to stage the product installation.

August 2016

Version 3.06
  • Prior releases of Interact provided communication with syslog and SIEM solutions via a transport layer protocol called “User Datagram Protocol” or UDP. UDP does not provide encryption or guarantee delivery of events. Transmission Control Protocol (TCP) has been added to Interact to address these issues. TCP provides reliable, ordered, and error-checked delivery of Events. In order to encrypt event data, Interact now also includes Secured TCP communications using TLS certificates. This allows you to encrypt the traffic between Interact and your syslog server or SIEM product. (User Datagram Protocol (UDP), Interact's former method of event data communication, which does not offer guaranteed delivery or encryption, is still supported). See Work with Interact Broker/Agent Properties for more details on TCP in Interact.
  • The following Hardware Message ID’s are no longer missing from Interact:
    • CPPEA01
    • CPPEA03
    • CPPEA06
    • CPPEA10
    • CPPEA11
    • CPPEA14
    • CPPEA23
    • CPPEA25
    • CPPEA30
    • CPPEA31
    • CPPEA40
    • CPPEA42
    • CPPEA45
    • CPPEA46
    • CPPEA47
    • CPPEA5A
    • CPPEA51
    • CPPEA52
    • CPPEA53
    • CPPEA54
    • CPPEA55
    • CPPEA56
    • CPPEA57
    • CPPEA58
    • CPPEA59
    • CPPEA60
  • When outputting in *CEF format, T/CD information is no longer missing.

January 2016

Version 3.05
  • Support for 3rd party journals has been added.
  • Missing sub-types CD/X, DO/I, SV/D, SV/E, and SV/F for Host Role *CEF have been added.
  • The Interact Network Security monitor job will now run on a system with Network Security 7.

December 2014

Version 3.04
  • Subtypes CD/X, DO/I, SV/D, SV/E, and SV/F have been added to accommodate PCI-DSS System Time Change requirements.
  • The space offset error (MCH0601) in the Interact Journal Monitor (PLIRAJE) has been fixed.
  • Duplicate record messages during product update have been eliminated.
  • User checks on T/PW filters have been fixed.

May 2013

Version 3.02
  • Add support for the Interact Local Filter (ILF)
  • Change the default User Class (USRCLS) *USER and Special Authorities (SPCAUT) *NONE for the PTIAADM user profile

Back to Product Index

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
Last Published: 201912051020