Customizing required events with SELECT

BMC AMI Defender parameter files are configured, by default, for the following event types: security events, operational events, and file integrity events.


You can control that types of events BMC AMI Defender formats and forwards to your SIEM by commenting or uncommenting the SELECT statements near the top of the parameter file.

Near the top of the parameter file, locate the SELECT statements similar to the following lines:

 SELECT SMF(80 ACF2)              ; Security events
; SELECT SMF(30 119)               ; TSO signon events
; SELECT SMF(15 42 64)             ; File integrity events
  SELECT SMF(14 15 30 42 64)       ; Operational events
; SELECT SMF(110)                  ; CICS events
; SELECT SMF(119)                  ; TCP/IP Events
; SELECT SMF(DB2)                  ; DB2 events

To receive an event, uncomment the relevant SELECT statements by deleting the ; (semicolon) in column 1 of the statements.

Example

To receive CICS events:

  1. Locate the following statement:

    ; SELECT SMF(110)                  ; CICS events

  2. Update it as follows:

     SELECT SMF(110)                  ; CICS events

To avoid receiving an event, comment-out the relevant SELECT statements by inserting ; (a semicolon) in column 1 of the statements.

Example

To avoid receiving operational events:

  1. Locate the following statement:

     SELECT SMF(14 15 30 42 64)

  2. Update it as follows:

    ; SELECT SMF(14 15 30 42 64)

You can fine-tune which events you format by changing the configuration statements for the various SMF record types, such as with the SMF 80 EVENTS parameter.

Related topic

The SELECT or DESELECT Statement


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*