Customizing for a BMC AMI Ops extension
The CZAPAO member in the partitioned data set (PDS) amihlq.CZAMIOPS.PARM enables you to customize BMC AMI Datastream for Ops to work with Splunk.
Use the CZAPAO member to configure the SIEM type, the server type (TRANS), and the maximum message length (MAXMSG).
You can enable only one SIEM type. If your organization requires more than one, use the sample CZAPAO member to create additional configuration members. For information about how to use the CZAPAO member, see the section To configure the selection parameters in Installing-and-configuring-BMC-AMI-Datastream-for-Ops.
The following is an example of the CZAPAO member:
;**********************************************************************;
;**********************************************************************;
; CZAPAO: Fields Definitions for the BMC AMI Agent for AMI Ops ;
; Copyright 2021-2021, BMC Software, Inc ;
;**********************************************************************;
SAY "v6.1.00 Updated 13 August 2021"
;OPTIONS INSTNAME(AMI.Ops.Agent) SIEM(SPLUNK) ; Splunk
OPTIONS INSTNAME(AMI.Ops.Agent) SIEM(BMCADE) ; BMCADE
OPTIONS NONCANCELABLE ; Allow force but not cancel
OPTIONS SWAP(NO) ; Recommended default is NO
OPTIONS QUEUE64(1024) ; 1GB default
OPTIONS CLOCKMSG(COMMAND) ; No time sync message
OPTIONS NOSTATUSTOSIEM ; No agent status messages
OPTIONS FORMAT(ALL '" "') ; Pass null and blank fields
OPTIONS NOAPFENRich ; Do not add APF enrichment
OPTIONS NOSAFENRich ; Do not add SAF enrichment
OPTIONS NOSYSLIBENRich ; Do not add SYSLIB enrichment
OPTIONS NOENCRYPTENRich ; Do not add Encrypt. File enrichment
OPTIONS NOSIVSCANNER ; No System Integrity Violation reporting
OPTIONS FRAMING(LF) ; Framing (LF,CR,CRLF,NULL,OCTETCOUNT)
SERVER ip.addr.example +
TRANS(TCP) MAXMSG(32768)
SELECT EVENT(AO0100) ; BMC AMI Ops Statistics
SELECT EVENT(AO0200) ; BMC AMI Ops Statistics
%INCLUDE CZPAO
;**********************************************************************;
; CZAPAO: Fields Definitions for the BMC AMI Agent for AMI Ops ;
; Copyright 2021-2021, BMC Software, Inc ;
;**********************************************************************;
SAY "v6.1.00 Updated 13 August 2021"
;OPTIONS INSTNAME(AMI.Ops.Agent) SIEM(SPLUNK) ; Splunk
OPTIONS INSTNAME(AMI.Ops.Agent) SIEM(BMCADE) ; BMCADE
OPTIONS NONCANCELABLE ; Allow force but not cancel
OPTIONS SWAP(NO) ; Recommended default is NO
OPTIONS QUEUE64(1024) ; 1GB default
OPTIONS CLOCKMSG(COMMAND) ; No time sync message
OPTIONS NOSTATUSTOSIEM ; No agent status messages
OPTIONS FORMAT(ALL '" "') ; Pass null and blank fields
OPTIONS NOAPFENRich ; Do not add APF enrichment
OPTIONS NOSAFENRich ; Do not add SAF enrichment
OPTIONS NOSYSLIBENRich ; Do not add SYSLIB enrichment
OPTIONS NOENCRYPTENRich ; Do not add Encrypt. File enrichment
OPTIONS NOSIVSCANNER ; No System Integrity Violation reporting
OPTIONS FRAMING(LF) ; Framing (LF,CR,CRLF,NULL,OCTETCOUNT)
SERVER ip.addr.example +
TRANS(TCP) MAXMSG(32768)
SELECT EVENT(AO0100) ; BMC AMI Ops Statistics
SELECT EVENT(AO0200) ; BMC AMI Ops Statistics
%INCLUDE CZPAO
Related topic
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*