Troubleshooting
Problem | Resolution |
|---|---|
BMC AMI Datastream fails to start. | The problem is probably caused by a JCL error in the cataloged procedure. Check the syslog console or server log and SDSF for the error. |
BMC AMI Datastream fails with abend U4093 and reason code 90. | Check the CZAPRINT data set for errors. In the Messages Library, look for messages with identifiers that end in E, S or C (for example, CZA0207S). |
BMC AMI Datastream fails with message CZA0045C | Check the CZAPRINT data set for errors. |
BMC AMI Datastream fails with message CZA0276C and reason code 4. | Check the CZAPRINT data set for errors. |
BMC AMI Datastream runs but IBM Security Information and Event Management (SIEM) receives no messages. | Check message CZA0274I in CZAPRINT to ensure that BMC AMI Datastream for Db2 is using the intended parameter file. If not, try to resolve any configuration issues. |
BMC AMI Datastream runs but SIEM receives message CZA0028E in CZAPRINT. | One of the following issues exists:
|
BMC AMI Datastream runs, SIEM receives no messages, and the SERVER statement in the parameter file specifies TRANSport(Udp) or has no TRANSPort parameter. | The problem is probably caused by an incorrect IP address or port, or a firewall is blocking connectivity. If the IP address is incorrect or unreachable, no error appears on the LPAR. |
BMC AMI Datastream runs, SIEM receives no messages, the SERVER statement specifies TRANSport(TCP), and there are no CZA0028E messages in CZAPRINT | Syslog messages are probably reaching some destination. Ensure that:
|
SIEM receives some messages, but other expected messages are missing. | Stop BMC AMI Datastream and look at the CZAPRINT listing. If message CZA0217W appears mentioning IEFU83 driven, IEFU84 driven or IEFU85_driven? If so, it probably indicates that the specified exit is not enabled in SYS1.PARMLIB. Refer to EXIT parameters under Checking the Configuration of SMF. Consider the effect of SELECT statements. See Customizing-required-events-with-SELECT. |
SIEM receives some messages, but other expected messages are missing. One of the following messages appears in CZAPRINT:
| The specified SMF record types are not being produced. For more information, see TYPE parameters. |
SIEM receives some messages, but other expected messages are missing. In CZAPRINT, message CZA0217W appears referring to IEFU83-, IEFU84-, or IEFU85-driven. | The specified exit is probably not enabled in SYS1.PARMLIB. For more information, see EXIT parameters. Also consider the effect of SELECT statements. For more information, see Customizing-required-events-with-SELECT. |
BMC AMI Datastream is sending too much data to the SIEM | See SELECT-and-DESELECT-statements and the EVENTs, IFCID or SUBTypes parameter of the various SMF statements in Parameter-file-statements. To determine the events, IFCIDs, or subtypes that are contributing to the problem, see the documentation for CZA0323I and related messages in Messages CZA0300 through CZA0399. See also Filtering-in-and-filtering-out-events. |
You receive unexpected timestamps (for example, GMT instead of the local time) | See Time-settings. |