Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Datastream for Db2 7.1.

EVENT statement

The EVENT statement is coded to control the formatting and forwarding of Application Program Interface (API1) events. Code an EVENT statement for an API1 event as directed by the author or vendor of the relevant API1 program.

EVENT.png

severity.png

Parameter

Description

EVENT ChangeMan statement

ChangeMan is a product of Serena Software, part of Micro Focus. ChangeMan keeps track of user and system data set modification. ChangeMan monitors alterations to individual data sets and reports what type of modification was done by you, including link edits and SUPERZAPs of load modules. Monitoring ChangeMan events helps to monitor system integrity.

EVENT GENERIC statement

EVENT IND$FILE statement 

(Does not apply to Datastream for Ops)EVENT IND$FILE records might be written by the IND$defender component. For more information, see IND-defender and EVENT-IND-FILE-fields.

EVENT JOBLOG statement 

(Does not apply to Datastream for Ops)CZAJOBLG is a program that streams the JES-spooled output of one or more running z/OS jobs, started tasks or both to any SIEM in real-time. The streaming of JES SYSOUT is commonly referred to as Job Log support. For more information, see EVENT-JOBLOG-fields.

EVENT LSPACE statement 

(Does not apply to Datastream for Ops)CZALSPAC is a simple list space utility program that sends the allocated and available space on one or more on-line DASD volumes in a syslog message to your configured syslog server. CZALSPAC also serves as an example of an API1 program. Your syslog server might optionally be configured to send an alert of your choosing if available space falls below some configured threshold. For more information, see EVENT-LSPACE-fields.

One LSPACE Event is generated by the utility for each DASD volume specified. Code an EVENT LSPACE statement to specify how the event is to be formatted as a syslog message.

EVENT MODIFY statement

MODIFY is not an event in the sense of most BMC AMI Defender event types. If you enable EVENT MODIFY, BMC AMI Defender can receive MODIFY commands from API1 programs as Type CorreLog Minor 12. Consider the potential security implications before enabling EVENT MODIFY. EVENT MODIFY supports only the LOG(HEX) parameter.

Common parameters

Parameter

Description

EVENT type

Must be specified as shown. For type code LSPACE or the API1 event identifier provided by the API1 program author or vendor. If you code more than one EVENT statement for the same type then a subsequent SMF statement for the same type replaces any EVENT statement(s) for that type that came before.


For a list of event types, see Event types for the EVENT statement.

FACILITY(facilityName)

Specifies the RFC 3164 facility that is to be indicated as the origin of the syslog messages corresponding to the indicated API1 event. If you omit this parameter, it defaults as specified by the API1 author or vendor or as shown in the table. If you would like a different facility indicated, code one of the RFC 3164 facility names as listed in Syslog-facilities-and-severities.

Event type

Default facility

ChangeMan

LOCAL2

Generic

LOCAL1

LSPACE

LOCAL3

FIELDs(fieldName…)

Specifies the names of the event fields that are to be transmitted to the BMC AMI Defender or other syslog console, and the order in that they are to appear in the message. Specify one or more of the fields as described in FIELDS-parameter. You can only specify fields appropriate to the event type.

Filter-specification

For information about filterSpecification, see FILTER-and-MATCH-parameters.

LOG | LOG(HEX)

Specifies that the selected Event data is to be logged on CZAPRINT and optionally dumped in hexadecimal and character format. This parameter is intended primarily for diagnostic purposes. Use care in specifying LOG(HEX) as it might generate a large volume of print records, especially if the API1 program generates many events.

PROCess(‘processTag’)

Specifies the tag that appears at the start of the syslog messages for the indicated event type, following the priority, timestamp and host name, and preceding the formatted fields. Specify the exact process tag that you want to include in syslog messages, including any spaces and punctuation. Process-tag might be any length from the null string (‘’) to 32 characters. If PROCess is omitted, it defaults as specified by the API1 program author or vendor or as indicated here followed by the leading delimiter from OPTIONS DELIM.

Event type

PROCess default

LSPACE

LSPACE

SEVerity(severity)

Specifies the syslog severity. See Syslog-facilities-and-severities. The API1 developer or vendor might specify the severity when creating the event; if so this parameter has no effect. For the following event types, Severity has the value shown.

Event type

Severity

ChangeMan

INFORMATIONAL

Generic

INFORMATIONAL

LSPACE

INFORMATIONAL

Event types for the EVENT statement

The following event types are valid for the EVENT statement:

  • BACKLOG—Internally defined backlog message
  • CONSOLE—Console messages
  • LOG4J—Log4j data through LOADFILE
  • SPM—BMC AMI Security Policy Manager
  • SIV—System integrity violation
  • LOADFILE—LOADFILE messages
  • VMCONSOLE—VM console messages
  • VMSECURE—VM security audit messages
  • VMRACF—VM RACF activity messages
  • IMS_1_3—IMS input/output msg 01/03
  • IMS_10—IMS Security violation IMS 10
  • IMS_16—IMS signin/signout IMS 16   
  • IMS_22—IMS Type2 log command   
  • IMS_24—IMS database I/O error           
  • IMS_50—IMS database updates
  • IMS_F8—IMS BMC AMI Defender for IMS
  • IMS_F9—IMS BMC AMI Ops
  • IMS_FA—IMS BMC AMI Ops
  • ICON_01—IMS region initialization mapping
  • ICON_02—IMS region termination mapping
  • ICON_16—IMS datastore becomes available mapping 
  • ICON_17—IMS datastore becomes unavailable mapping
  • ICON_18—IMS TMEMBER joins XCF group mapping
  • ICON_19—IMS TMEMBER leaves XCF group mapping
  • ICON_28—IMS begin SSL open mapping
  • ICON_29—IMS end SSL open mapping  
  • ICON_32—IMS begin SSL close mapping
  • ICON_33—IMS end SSL close mapping  
  • ICON_41—IMS begin ODB registration mapping
  • ICON_42—IMS end ODB registration mapping 
  • ICON_43—IMS begin ODB deregistration mapping
  • ICON_44—IMS end ODB deregistration mapping
  • ICON_63—IMS begin SAF SEC REQ
  • ICON_64—IMS end SAF SEC REQ
  • ICON_69—IMS OTMA timeout
  • ICON_71—IMS session error
  • ICON_91—IMS DRDA command (sec info - IMS)
  • ICON_92—IMS DRDA reply
  • ICON_99—IMS enter security exit
  • ICON_100—IMS return from security exit 
  • ICON_255—IMS icon refresh RACF user ID
  • AO0100—BMC AMI Ops 0100 z/OS data       
  • AO0200—BMC AMI Ops 0200 Automation data
  • AO0009—BMC AMI Ops Monitor for IP
  • AO000A—BMC AMI Ops Monitor for Java Environments

For more information, see Supported-API-event-types-SMF-types-and-associated-process-tags.



Related topics

Parameter-file-statements

API1-common-fields


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*