JOBLOG statement
Each JOBLOG statement specifies one data set to be streamed to the SIEM. You can code as many JOBLOG statements as you want, subject only to available memory. Each JOBLOG specification operates functionally independent. You can specify different parameters on each JOBLOG statement. Each JOBLOG statement comprises a JOBLOG definition.
The parameters might be coded in any order. All of the parameters are optional, except that either JOBID or JOBName must be coded.
The following table summarizes the required parameters:
Parameter | Description |
|---|---|
JOBLOG | Must be coded as shown. |
FOR(smfid ...) | LPAR or LPARs (by their SMF IDs) to which this JOBLOG statement applies If you omit FOR, the JOBLOG statement is used for any LPAR. You might code multiple JOBLOG statements each with different FOR operands (or no FOR parameter at all). CZAJOBLG ignores JOBLOG statements specifying a FOR parameter that does not include the SMF ID of the machine on which the program is running. |
FILTER or MATCH | Specifies that only certain records from the data set are to be streamed to the SIEM Specify FILTER to specify records to be eliminated from the transmission or specify MATCH to specify a condition that records must meet in order to be transmitted. This parameter is optional; if omitted, all records from the data set are passed to BMC AMI Defender for transmission to the SIEM. FILTER and MATCH use regular expressions. |
RX or NRX | Specify the type of filter or match, RX or NRX. An RX condition is true if the record matches the specified regular expression; an NRX condition is true if the record does not match One of these parameters is required. FILTER(NRX and MATCH(RX are similarly equivalent. |
ICASE | Specifies that regular expression processing should ignore case If not specified, then regular expression processing is case-sensitive. |
'regularExpression' | Specifies the regular expression to be used for FILTER or MATCH |
JOBID(jobid) JOBName(jobname) | One and only one of these parameters must be specified CZAJOBLG locates a job with the specified name or job ID (also called job number, such as JOB01234 or STC05432) running on the specified or default system or systems. Specify a JOBName of 1 to 8 characters or a JOBID of 2 to 8 characters. If JOBName is specified rather than JOBID, then CZAJOBLG selects the first (or only) matching executing job. You might specify the name in upper, lower or mixed case: the name is converted to upper case. See JOBLOG Names for the implications of the JOBLOG definition name, and how JOBID or JOBName come into play if NAME is omitted. You can use wildcards in the JOBName: * matches any string of characters and ( ? ) matches any single character. A wildcard JOBName selects only the first matching job found, not all matching jobs. JOBIDs must be a string of 2 to 8 characters. The first one to three characters must be J, JO, JOB, T, TS, TSU, S, ST, STC, I, IN or INT in upper, lower or mixed case; the remaining characters must be decimal digits. The string is converted to upper case and normalized to JOB, TSU, STC or INT and five digits if the numeric portion is less than or equal to 99999, and J, T, S or I and seven digits otherwise. If the specified JOBName or JOBID is not executing on the specified or default system or systems, CZAJOBLG keeps checking every JOBDelay seconds until it is. |
NAME(name) | Specifies a name of from 1 to 20 characters for the JOBLOG definition The name cannot contain embedded spaces or parentheses. NAME is optional. For more information, see JOBLOG Names. |