Using Mainframe Log Data for Operational Efficiency & Enhanced Security Across the Enterprise

Key log data sources in z/OS and how to connect them to Splunk®

Since the introduction of the IBM System/360 in the mid-1960s, mainframes have played an important role in information processing in many global organizations. As IBM evolved the technology with the introduction of System/370 in 1970, along with operating systems that provided for virtual storage and
higher levels of multi-tasking, the need arose to be able to see “inside the black box” to detect anomalies and issues that were impacting the system and applications running. Out of this need, performance monitoring technologies like Candle Corporation’s OMEGAMON emerged along with monitoring
facilities from other vendors. Eventually these led to a need for historical monitoring capabilities and capacity planning tools to ensure organizations were getting maximum utilization and performance for these expensive IBM mainframes.

By the 1990s, during the era of the System/390, client-server technologies emerged and the proliferation of UNIX, Windows, and Linux servers exploded in many organizations. These platforms were perceived to be cheaper and easier to deploy and maintain, leading to many false predictions of the “death of the mainframe.” However, these platforms came with their own set of challenges, many of which were similar to those experienced in the mainframe world – What is the health of my IT infrastructure? How well are my applications performing? What problems are impacting availability? When do I need to plan for additional capacity? This led to a whole new set of monitoring technologies for those platforms, some of which were provided by the traditional mainframe suppliers in the hopes of providing multi-platform performance and availability monitoring.

This whitepaper discusses the key sources of operational and security data in z/OS and how that data can be sent via Ironstream to the Splunk data-integration platform. It discusses use cases such as:

• Reducing mean-time-to resolution of system problems.
• Monitoring of security and regulatory compliance.
• Compliance auditing of personal health information.
• Monitoring SLAs for execution of all batch job workloads.
• Monitoring security exposures within z/OS from the non-mainframe environment.