×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC AMI Defender for z/OS 5.9 Planning

Multiple syslog server support

BMC AMI Defender and CZASEND can support multiple destination syslog servers (subject to memory constraints). You can code multiple alternative server IP addresses for these servers. All SERVER parameter specifications, except for the PROTOcol specification, must be the same for all server IP addresses. Therefore, the TRANSport specification (UDP or TCP) and maximum message length applies to all IP addresses. For more information, see SERVER statement.

The treatment of multiple server IP addresses differs depending on whether you specify UDP or TCP (including SSL and TLS):

  • UDP—BMC AMI Defender and CZASEND send all syslog messages to all of the specified addresses. The order in which they are specified is not significant.
  • TCP, SSL, and TLS—If BMC AMI Defender or CZASEND receives an IP error when communicating with the primary syslog server, it switches to the first alternative, then the second, and so on. The product issues console and CZAPRINT messages documenting the switch. 

The order of ALTERNate specifications is significant: the first becomes alternative 1, the second becomes alternative 2, and so on. BMC AMI Defender tries them in that order and validates the connectivity to each server address on startup.

When you refresh a parameter file, the product first tries to connect to the server with which it had the last connection based on the server address, not the server number.

Example

If BMC AMI Defender were connected to alternative 2, and you deleted the first alternative from the parameter file and refreshed the parameters, the product would reconnect to the same server, even though that it was now alternative 1, not alternative 2.

BMC AMI Defender maintains cumulative statistics for each server address across the refreshing of parameter files.

TCP/IP error recovery

When a syslog protocol TCP/IP error occurs, BMC AMI Defender cannot determine how many messages were not delivered except for the message it just tried to send (that is usually also not delivered). 

BMC AMI Defender supports the SERVER parameter REXMIT(n) specification, where n defaults to 2 and can have any value from 1 through 20 (where 20 is an arbitrary reasonableness check). If BMC AMI Defender encounters a TCP/IP session failure and starts a new session with an alternate server IP address, it retransmits the same number of preceding messages.

Example

You specify REXMIT(5). If two messages are lost due to a failure, then on the alternative connection you receive the two lost messages preceded by three duplicates (that is, the retransmissions of three messages that were already successfully delivered). If ten messages are lost due to a failure, then five messages are irretrievably lost, but five messages are sent again on the retransmission.

Tip

To prevent duplicates, specify REXMIT(1). If you can tolerate duplicates but want to minimize the number of messages that are lost due to an error, specify REXMIT(20). The default specification, REXMIT(2), is a compromise between the two extremes.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sara Kamen on Jun 25, 2020
planning

Comments

Log in or register to comment.

Time settings
Proprietary syslog format extensions
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.