Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support. BMC recommends upgrading to the latest version of the product.

BACKLOG statement

The BACKLOG statement specifies the interval on which BMC AMI Datastream for z/OS checks for and notify the SIEM of certain queue backlogs. 


image2019-3-25_12-13-32.png

If BACKLOG is SELECTed and specified, then every purge_check seconds BMC AMI Datastream checks queue utilization and sends a BACKLOG event message to the SIEM if:

  • The count of events purged has increased during the purge_check interval. The SIEM message is sent with a syslog severity of Critical.
  • The queue utilization is more than danger percent and is increased during the purge_check interval. The SIEM message is sent with a syslog severity of Warning.
  • Optionally, at the last purge_check queue utilization is more than danger percent and is now decreased by decrease percent or more. The SIEM message is sent with a syslog severity of Notice.
  • Routine_status seconds have elapsed since the last BACKLOG message is sent to the SIEM. The SIEM message is sent with a syslog severity of Informational.

A BACKLOG message (CZA0386) is also printed on CZAPRINT.

You can also send a BACKLOG message on demand with the MODIFY command BACKLOG(SEND). For more information, see MODIFY-command.

Parameter

Description

BACKLOG

Must be specified as shown.

FACILITY(facility-name)

Specifies the RFC 3164 facility that is to be indicated as the origin of the syslog messages. If you omit this parameter it defaults to SYSLOGD.

FIELDs(fieldname …)

Specifies the names of the BACKLOG fields that are to be transmitted to the BMC AMI Command Center for Security or other syslog console, and the order in that they are to appear in the message. Specify one or more of the fields as described in BACKLOG-fields.

Filter-specification

INTERVal(purge_check routine_status)

Specifies the interval on which BMC AMI Datastream is to check for a queue backlog, and optionally how often BMC AMI Datastream is to report queue status to the SIEM if there is no queue backlog. INTERVal is optional; if omitted it defaults to INTERVal(60 3600); in other words BMC AMI Datastream checks for a queue backlog every 60 seconds, and reports routine queue status every hour. For purge_check specify a number of seconds from 5 to 3600 (one hour). Purge_check is optional unless you want to specify routine_status. For routine_status specify a number of seconds between purge_check and 86400 (twenty-four hours). Routine_status is effectively rounded up to an integral multiple of purge_check.

PROCess(‘process-tag’)

Specifies the tag that appears at the start of the syslog messages for BACKLOG events, following the priority, timestamp and hostname, and preceding the formatted fields. Specify the exact process tag that you want to include in syslog messages including any spaces and punctuation. Process-tag might be any length from the null string (‘’) to 32 characters. If PROCess is omitted it defaults to BACKLOG followed by the leading delimiter from OPTIONS DELIM.

QPERCents(danger decrease)

Specifies the minimum percentage of queue utilization that BMC AMI Datastream is to consider a queue backlog and optionally the minimum percentage utilization decrease that BMC AMI Datastream is to report to the SIEM. QPERCents is optional; if omitted it defaults to QPERCents(50 10); in other words BMC AMI Datastream considers queue utilization of fifty percent or more to be a queue backlog; and queue utilization decreases of ten percent to represent the amelioration of a queue backlog. For danger, specify a percentage between 2 and 90. Danger is optional unless you want to specify decrease. For decrease, specify a percentage between 1 and 50; or 0 to disable utilization decrease messages.

Related topic

Parameter-file-statements

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*