Mainframes power mission-critical applications across the enterprise, processing millions of transactions every day. So it's no surprise the ability to obtain real-time security insights and operational intelligence from z/OS mainframe systems is generating a lot of buzz at the moment – especially among banking, finance and insurance organisations.
The powerful combination of Splunk + Ironstream is the premier solution in this space, but for those who aren't familiar with these two products here's a high-level overview of the what, why and how.
Splunk is an enterprise software platform that collects and indexes log files and machine data from any source (for example, applications, servers, networks, mobile devices and industrial systems). Splunk provides a web-based user interface to allow users to search, monitor and analyse these massive volumes of machine data to quickly diagnose service problems, detect sophisticated security threats, understand the health and performance of remote equipment and demonstrate compliance. Splunk runs on Windows, Unix or Linux, but doesn't include out-of-the-box support for collecting data from z/OS mainframe systems.
Syncsort Ironstream is a mainframe software product that uses standard z/OS interfaces to capture mainframe log data, such as SMF records (over 60 types), Syslog, SyslogD, RACF, Top Secret, Log4j, DB2 and forward this data to Splunk in real time (via a TCP/IP connection). Splunk users can then analyse and monitor mainframe systems and applications without requiring mainframe-specific access or training.
Customers may continue to use legacy mainframe apps, but find that Splunk + Ironstream extends their capabilities in 2 key areas:
Ironstream is a simple install on the mainframe with minimal MIPS impact, and meets all the regular Splunk forwarder requirements for security, load-balancing and error recovery.