Local JOBLOG statement
Enabling Local JOBLOG
To enable Local JOBLOG, set the JOBLOG and LOCALJL switches to On in the $$$CONFG member located in the amihlq.PARM data set. You can find a sample of the switches in amihlq.PARM(CZDCONFG), which you can copy into $$$CONFIG and customize as required. For more information about the $$$CONFG member, see Customizing-for-a-proprietary-syslog-extension.
Using Local JOBLOG
You can define from 1 through 255 Local JOBLOG statements.
You can use JOBLOG statements to scan for overlapping criteria. In this sample, the JOBLOG statements are all selecting the same jobs and scanning the same SYSOUT records, but each is looking for a different message string. Using these sample JOBLOG statements, BMC AMI Datastream for z/OS selects the following records and passes them to the SIEM:
DFS058I 00:29:49 NRESTART COMMAND IN PROGRESS I156
Statement parameters
Local JOBLOG uses the following parameters. The capitalized letters in the parameter names indicate the minimum number of characters required for the command.
Parameter | Description |
|---|---|
NAME(joblogName) | Name of the JOBLOG statement From 1 to 20 characters, the name must be unique and cannot contain embedded spaces or parentheses. This parameter is required. |
JOBName(nameOfJob) | Name of the job that you want to locate Use this selection mask to scan for active jobs by name. Try to be as specific as possible. The mask accepts from 1 to 8 charracters. You can use an asterisk (*) in conjunction with another character, but you cannot use a single, lone asterisk, as that would select every active job on the system. This parameter is required. |
STEPName(nameOfStep) | Name of a step in the job that you want to locate Use this selection mask to scan for a particular step within the active jobs. This mask accepts from 1 to 8 characters. You can also use a single asterisk (*) for a generic scan. |
DDName(ddName) | Name of a DDname in the job that you want to locate Use this selection mask to scan for a particular DDname within the active jobs. This mask accepts from 1 to 8 characters. You can also use a single asterisk (*) for a generic scan. |
MSGString(searchString) | Text contained in the SYSOUT record Use this selection mask to scan for a specific message ID or string of characters contained within the SYSOUT record for the active jobs. This mask accepts from 1 to 20 characters. |
JESName(secondaryJES2) | Name of the secondary JES2 system Specify the secondary JES2 (poly-JES) system under which the job you want to locate is running. JESNAME does not apply to JES3 installations. BMC AMI Datastream scans only a single JES subsystem. If you omit JESNAME, the default primary JES system is used. |
SEVerity(severityCode) | Syslog severity code for the job that you want to locate For information about severity codes, see Syslog-facilities-and-severities and Determining-the-QUEUE64-size. If you omit SEVERITY, the default severity code from the TYPE statement is used. For more information, see TYPE-and-RETYPE-statements. |
SUBType(subtype) | BMC AMI Datastreamsubtype for the job that you want to locate Specify a value from 1 to 32767. Subtypes might be formatted with the SIEM message. For more information, see Event_SubType in Universal-fields. For information about the validity and formatting fo specific fields, see CSubTp in Condition-specifications. If you omit SUBTYPE, the default 0 is used. |
DATADelay(numberOfSeconds) | Number of seconds that BMC AMI Datastream should wait before checking if the job has spooled more data Specify a value from 1 to 600 (10 minutes). BMC AMI Datastream performs this check iteratively to capture any SYSOUT data generated since the previous check. If you omit DATADELAY, the default 15 seconds is used. |
JOBDelay(numberOfSeconds) | Number of seconds that BMC AMI Datastream should wait before checking if a job is active on the system. Specify a value from 1 to 600 (10 minutes). If you have multiple JOBLOG statements with varying JOBDELAY values, BMC AMI Datastream uses the shortest interval (smallest value) for all the JOBLOG statements. If you omit JOBDELAY, the default 15 seconds is used. |
Sample $$$JOBLG
;**********************************************************************;
; $$$JOBLG: User agent parameter member for BMC AMI Datastream ;
; This is a copy of CZAJOBLG and made available for ;
; user modification. It will be included in CZAPARMS ;
; SIEMTYPE-independent ;
; Copyright (c) 2020-2025 BMC Software, Inc. ;
;**********************************************************************;
;**********************************************************************;
SAY "v7.1.03 Updated 29 October 2023"
; ---------------------------------------------------------------------
; JOBLOG statements to select Jes2/Jes3 sysout to be captured and
; passed to the remote SIEM.
; NAME(...) - 20 byte description of the report
; Defaults to spaces
; JOBNAME(...) - 8 byte Jobname selection mask
; Defaults to asterisk
; STEPNAME(...) - 8 byte Stepname selection mask
; Defaults to asterisk
; DDNAME(...) - 8 byte DDName selection mask
; Defaults to asterisk
; MSGSTRING(...) - 20 byte Message selection mask
; Defaults to asterisk
; JESNAME(...) - 4 byte Jes Subsystem Name
; Defaults to the primary Jes subsystem
; SEVERITY(...) - Desired Syslog Output severity passed to SIEM
; Defaults to value in EVENT specification
; SUBTYPE(...) - Event subtype
; Defaults to zero (0)
; DATADELAY(...) - Delay between Jes Sysout Read Cycles
; Defaults to 15 seconds. Must be 1 - 600
; JOBDELAY(...) - Delay between scans looking for selected jobs
; Defaults to 15 seconds. Must be 1 - 600
;
; Selection masks use a question mark (?) to represent a single
; wild character and an asterisk (*) to match any remaining
; characters
;
; Jobname selection mask cannot specify unqualified selection
; criteria. There must be at least 1 character besides a question
; mark and/or asterisk.
;
; ---------------------------------------------------------------------
JOBLOG +
NAME(WIDGET_STATUS) + ;JOBLOG statement identifier
; MSGSTRING(CZA*) + ;Message filtering criteria
; JESNAME(JEST) + ;Jes Subsystem Name
; SEVERITY(0) + ;SYSLOG message severity
; SUBTYPE(1) + ;SYSLOG message subtype
DATADELAY(15) + ;Seconds between Jes Sysout Reads
JOBDELAY(15) + ;Seconds between Active Job Scans
DDNAME(SYSPRINT) + ;DDName selection mask
STEPNAME(*) + ;Step Name selection mask
JOBNAME(PROD*) ;Job Name selection mask
JOBLOG +
NAME(OTHER_STATUS) + ;JOBLOG statement identifier
; MSGSTRING(ABC*) + ;Message filtering criteria
; JESNAME(JESP) + ;Jes Subsystem Name
; SEVERITY(0) + ;SYSLOG message severity
; SUBTYPE(1) + ;SYSLOG message subtype
DATADELAY(15) + ;Seconds between Jes Sysout Reads
JOBDELAY(15) + ;Seconds between Active Job Scans
DDNAME(SYSPRINT) + ;DDName selection mask
STEPNAME(*) + ;Step Name selection mask
JOBNAME(T???1*) ;Job Name selection mask
Example using $$$JOBLG
NAME(IMS_READY) + ;JOBLOG statement identifier
MSGSTRING(DFS810A) + ;IMS Ready for restart command
DDNAME(JESMSGLG) + ;DDName selection mask
JOBNAME(IMS*) ;Any IMS job, start task
JOBLOG +
NAME(IMS_COMMAND_ISSUED) + ;JOBLOG statement identifier
MSGSTRING(DFS058I) + ;IMS command issued
DDNAME(JESMSGLG) + ;DDName selection mask
SEVERITY(1) + ;May be critical
JOBNAME(IMS*) ;Any IMS job, start task
JOBLOG +
NAME(IMS_COMMAND_ISSUED) + ;JOBLOG statement identifier
MSGSTRING('COMMAND IN PROGRESS') + ;IMS command issued
DDNAME(JESMSGLG) + ;DDName selection mask
SEVERITY(1) + ;May be critical
JOBNAME(IMS*) ;Any IMS job
Working with selection masks
Consider the following information when using selection masks in the Local JOBLOG statement:
- You can use wild card characters, such as an asterisk (*) and question mark (?).
- A question mark anywhere in the string indicates that any character in that position is valid.
- An asterisk anywhere in the string indicates that any remaining characters in the string are valid.
- When using a wild card for MSGSTRING, the selection mask includes all characters between the parentheses. Leading, trailing, and embedded spaces in the string are included in the search criteria.