managing performance and security with splunk on your ibm mainframe webinar

1

Managing Performance and Security with Splunk® on your IBM Mainframe

Ironstream® -- The Industry Leading Provider of Mainframe Data for Splunk Enterprise

Ed Hallock – Director of Product ManagementOctober 8, 2015

Agenda

2Syncsort Confidential and Proprietary - do not copy or distribute

Why Splunk + Mainframe Data + Syncsort?

Challenges with Getting Mainframe Data into Splunk

Introducing Ironstream®

Sample Ironstream Dashboards

What’s new in Ironstream 1.3

Summary and Q&A

Syncsort Confidential and Proprietary - do not copy or distribute

Splunk: The Industry-Leading Platform For Machine Data

Machine Data: Any Location, Type, Volume

Online Services

Web Services

ServersSecurity GPS

Location

StorageDesktops

NetworksPackaged

Applications

CustomApps

Messaging

TelecomsOnline

Shopping Cart

Web Clickstreams

Databases

Energy Meters

Call Detail Records

Smartphones and Devices

RFID

On-Premises

Private Cloud

Public Cloud

Platform Support (Apps / API / SDKs)

Enterprise Scalability

Universal Indexing

Answer Any Question

DeveloperPlatform

Report &analyze

Custom dashboards

Monitor & alert

Ad hoc search

Mainframe

3

Mainframes Still Host the Most Critical Applications


71%Fortune 500

30 Billion Bus. Transactions / day

23of Top 25 US Retailers

of World’s Top Insurers9Top World

Banks25

Syncsort Heritage

5

• Syncsort provides fast, secure, enterprise-grade software spanning “Big Iron to Big Data”

• 50% of all mainframes run Syncsort software

• Real-time MF Log data to Splunk - Ironstream

• DB2 transparency migration solutions

• Real-time network management and security software

• Fastest sort technology in the marketMost trusted 3rd party mainframe software

• Over 45 years of innovation:25+ issued & pending patents

• Large global customer base12,000+ deployments in 85 countries and

serving 87 of the Fortune 1001,500 mainframe customers

Our customers realize ROI and get the best customer service in the world, every day!

Key Partners


https://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=HiOLHh_n-8VwHM&tbnid=tCm0K2JVomjBPM:&ved=0CAUQjRw&url=https://plus.google.com/+HPVertica&ei=ZtT3UY_8NfO-4AP_5oH4Dg&bvm=bv.49967636,d.dmg&psig=AFQjCNFba4SvMb2Q1lMUqmQ6DSNjIxOrlA&ust=1375282659468464








Challenges with Getting Mainframe Data into Splunk®


• Integration• Data Conversion

EBCDIC to ASCII; Binary to readable• Complex mainframe data structures

e.g. SMF Data• Security

• Hosts mission critical sensitive data• Go beyond regulatory and compliance requirements• Need to move from passive or after the fact monitoring to active

“seek out information” state• Cost

• Processing on the mainframe costs CPU cycles (MIPS) – including data transmission (TCP, FTP, etc.)

• No interference with system throughput• Operational

• Correlating MF events to those from other sources• Log files migration complex• Tracking delta from log files not possible• Real time/near real time complex

Sample Mainframe Data Collected by Ironstream®


Security

Operational

Application Monitoring

Mainframe ApplicationRACF

Intrusion Detection

Related Mainframe DataSMF Type 80

SyslogD

Operator logs for DB2, CICS, IMS, etc

Syslog

DB2 Accounting RecordsCICS Accounting Records

WebSphereJob / Step Accounting Records

SMF Type 101SMF Type 110

Log4jSMF Type 30

Collect critical mainframe log data: SMF records, SYSLOGs, SyslogD, Log4j, mainframe files, and more in real timeTranslate, transform and prepare mainframe machine data for easier analysisSecurely forward into Splunk® Enterprise Splunk Enterprise Security™ and Splunk Cloud for real-time operational intelligence and visualizationScale to billions of SMF records and SYSLOGs per day with minimum impact to your mainframe

Get operational insights from Big Iron!

A Simple, Scalable, Efficient Approach!

Distributed Systems

Ironstream® Data Flow


Mainframe

Generic App

Log Dataset

• Syslog• DB2• CICS• MQ• …

• IMS• Log4j• SMF• User logs• …

Ironstream® Sample Dashboards


Syslog Dashboard: RACF Violations and Message Trends

Syncsort Confidential and Proprietary - do not copy or distribute 11

RACF Violations by type RACF Violations by user

Trend message volumes today vs. same time last week and 2 weeks ago

Syslog Dashboard: Batch Job Activity


Batch JOB activity over time showing peak batch window

Job Monitor for SLA Tracking: SMF 30


Track JOB execution against defined service levels and identify JOBS that are at risk of non-compliance with service level agreement target

Drill down to predecessor JOBS

Mainframe Security Dashboard

Syncsort Confidential and Proprietary - do not copy or distribute14

Invalid LOGON attempts Rate of Invalid LOGONs

Job Initiations Track Authentication Successes and Failures

DB2 Performance Monitoring

Syncsort Confidential and Proprietary - do not copy or distribute15

Logging Rate Uncommitted Records by Plan Lock State Escalations

Lock ContentionUnavailable

Resources


CICS Transaction Monitoring

16

Transaction Rates CPU Usage by Transaction

Transaction Response Time Transaction Failures

What’s New in Ironstream® 1.3


• New release -- general availability announced on September 23rd

• New network security information provided via Zen technology– Designed to provide real-time, mainframe security and network

insights through Splunk Enterprise and Splunk App for Enterprise Security

• Enhanced SMF and log collection providing additional insight into IT operations and security

– Users can easily search, analyze and visualize data end-to-end to gain valuable operational information

– IT operational insight gives users the ability to find and fix problems faster

0 - IPL Header4 - Step Termination

14-15 - Data Set Activity16 - DFSORT Statistics17 - Scratch Data Set Status19 - Direct Access Volume30 - Common Address Workspace

37-39 - Netview40 - Dynamic DD41 - DIV Objects & VLF Statistics42 - DFSMS Statistics and Configuration50 - VTAM Tuning Statistics57 - JES2 Network SYSOUT Transmission

60-62 - VSAM64-66 - VSAM70-79 - RMF Processor Activity

80-81, 83 - Security Package (RACF)90 - System Status92 - File System Activity99 - SRM

100-102 - DB2110 (sub 1,2) - CICS Performance & Exception Data

113 - Hardware Capacity115-117 - WebSphere118-119 - TCP/IP

120 - WebSphere Application Server Activity208 - Syncsort SMF241 - DFSMShsm Statistics

Ironstream®: Continued Growth in Supported Data Sources


ExpectedGA 4Q14 1Q15 2Q15 2H15 Roadmap

SMF 30 SMF 14 SMF 0 SMF 4 SMF 37-39 SMF 5-9SMF 80 SMF 15 SMF 19 SMF 16-17 SMF 81 SMF 11

SMF 110 SMF 42 SMF 57 SMF 40-41 SMF 83 SMF 21-24Log4j 1 SMF 70 SMF 60-62 SMF 50 SMF 99 SMF 28SYSLOG SMF 100-102 SMF 64-66 SMF 90 ACF 2 SMF 82-83

SMF 120 SMF 71-79 SMF 92 Log4J 2 SMF 87-88Batch Files SMF 115-119 SMF 113 Network Data SMF 94

DB2 Triggers SMF 208 RMF III SMF 103SMF 241 SyslogD DB2 CDCSYSOUT User API Flat Files

Top Secret USS MQ Data

New Network Monitoring and Security with Ironstream® 1.3


Intrusion Detection– SyslogD

Alerts– IP Monitor– Enterprise Extender Monitor– FTP Control– OSA Monitor– Linux Monitor

Speed detection and triage of security events/attacksStreamline investigation of security incidentsReduce and prevent fraudMitigate the risk of data breachAvoid IP theftStreamline compliance activitiesAutomate routine tasksConsolidate security tools

Why It Matters with Splunk:

Get The 360-degree View of Your Entire IT Systems


Less Complexity– Easy to collect mainframe data and correlate with data from other platforms– Don’t need mainframe access or mainframe expertise in using mainframe tools

Clearer Security Information– Easier to identify unauthorized mainframe access or other security risks

Healthier IT Operations– Real-time alerts to identify problems in all key environments like CICS, DB2, IMS, MQ– View latency, transactions per second, exceptions and other valuable data

More Effective Problem-Resolution Management– Real-time views of mainframe SMF data to identify real or potential failures earlier– View related 'surrounding' information to support triage repair or prevention

Higher Operational Efficiency– Augment legacy silo monitors with enhanced event correlation across systems– Enable staff to resolve problems faster and “do more with less”

21

What Now?

Test drive Ironstream® for free now!syncsort.com/testdriveironstream

Request an Ironstream demo:syncsort.com/en/Products/Mainframe/Ironstream

More information on Ironstream:syncsort.com/ironstream

Contact us: [email protected]

mailto:[email protected]

Ironstream® Apps Are Now On Splunk App Store (SplunkBase)


https://splunkbase.splunk.com/

Search Syncsort

Q&A



To Watch This Webcast On-Demand, Please Visit: http://bit.ly/1P13YU2

http://bit.ly/1P13YU2

managing performance and security with splunk on your ibm mainframe webinar

Software