Work with Event Sources panel

The Work with Event Sources panel allows you to define and work with Event Sources.

An Event Source is a location from which IBM i events are extracted. Currently, journals and message queues are supported as Event Sources. Common event sources are QAUDJRN (journal) and QSYSOPR (message queue). You may define your own journals and message queues as Event Sources.

How to Get There

On the Main Menu, choose option 1. Work with Event Sources.

Options

Opt

Enter a valid option from the list of options provided on the list panel.

2=Change

Opens the Change Event Source panel, which allows you to modify the properties of an existing Event Source.

3=Copy

Opens the Copy Event Source panel, which allows you to create a new Event Source by copying the properties and content of an existing Event Source.

4=Delete

Deletes the Event Source. You are prompted to confirm.

5=Display

Opens the Display Event Source panel, which displays Event Source properties but does not allow them to be changed.

9=Event Description

Opens the Work with Event Descriptions panel, which allows you to define and work with Event Descriptions.

Facility

The name you use to refer to this Event Source within Powertech SIEM Agent. It does not need to match the name of any object on the system; it is a name you invent for your reference.

This name is required to be a valid OS name.

Type

The type of object from which IBM i events will be extracted. Journals and message queues are supported as Event Sources. Common event sources are QAUDJRN (journal) and QSYSOPR (message queue).

*AUDIT

Defines the IBM Security Audit Journal, QAUDJRN, to be monitored. This type includes some pre-configured definitions of the journal codes and entry types for the security-related journal entries.

*SYSMSG

Defines the IBM System Messages in QSYSOPR or QSYSMSG to be monitored. This type includes some pre-configured definitions of system management messages.

*EPM

Defines the Powertech Exit Point Manager Journal to be monitored. This type includes pre-configured definitions of the journal codes and entry types for Exit Point Manager entries.

*AB

Defines the Powertech Authority Broker Journal to be monitored. This type includes pre-configured definitions of the journal codes and entry types for Authority Broker.

*CMDSEC

Defines the Powertech Command Security Journal to be monitored. This type includes pre-configured definitions of the journal codes and entry types for Command Security.

*ANTIVIRUS

Defines the Powertech Antivirus Messages in AVMSGQ to be monitored. This type includes pre-configured, important messages, generated by Antivirus.

*MSGQ

Defines a user-defined message queue to be monitored. You define the messages you would like monitored.

*JRN

Defines a user-defined journal to be monitored. You define the journal codes and entry types you would like monitored.

Default Output

Indicates that there is, or is not, a set of Outputs attached to the Event Source that act as Default Outputs.

Names the default Output(s) to which syslog events will be sent for this Event Source. These Outputs will be used when a Rule specifies *SOURCE for a target Output.

Command Keys

F3=Exit

Exit the program.

F5=Refresh

Refreshes the panel with the most current data.

F6=Create

Creates a new item.

F12=Retrieve

Discards changes and returns to the prior panel.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.9 | 202602021032 | February 2026