z/OS SYSLOG Messages to Splunk

ZSS Features

ZSS can send (selected) SYSLOG messages to Splunk. This will enable you to perform an analysis on various aspects of your Mainframe environment using the Splunk infrastructure. Analysis of Syslog messages can be used to look for issues that impact the operating environment of the system as well as to detect security issues and threats. Provide insight into the operational health of the system and applications and visibility into security and compliance issues.

Example Started Task JCL


In the PARM field of ZSSMAIN the IP-address ( and TCPPORT (1108) of the SPLUNK indexer are specified. The thrid parameter (HEN3) configures the ID of the Extended Master Console Session required to grab messages from SYSLOG. This value will also be present in the Splunk data.

With the ZMM#CNTL control statements as defined in this example JCL messages that start with IEF, IEC and $HASP are forwarded to Splunk nd last but not least, every access failure (ICH408I, hackers in the Mainframe!) will also be send to Splunk. Enabling you to build custom dashboards to monitor your precious Mainframe environment.

Splunk Results

You will receive your data in Splunk, allowing you to perform queries and configure dashboards for insights into your Mainframe.

To the right you see the record generated for an erroneous logon attempt.

You can see the LPAR name (S0W1), the SYSPLEX name (ADCDPL), the EMCSID (HEN3) and all related data to this SYSLOG message. The picture below shows an example query and visualisation in Splunk reporting on all access failures.

We don’t want to make Mainframe Software Pricing any more complicated than it needs to be. Hence we will not charge based on number of CPU’s, MSU usage or any other cumbersome method. We do however feel that ‘larger shops’ should be charged more than the smaller ones. That’s why we have a simple 2-tier pricing model depending on the size of your environment. The prices as listed below are based on a single CPC SI. Should you require extra license keys, for instance for multi-box sysplex configurations, feel free to contact us for a quote fitting the size of your environment.

If you just want to take our software for a test-drive, or if you want to run this software on your ZPDT environment, don’t hesitate to request our FREE version.