Compuware’s integrations with Syncsort Ironstream® enable IT to more quickly discover and take action on security issues and application faults.

  • Compuware Application Audit’s rich user behavior data can combine with operational data collected by Ironstream to empower Splunk® users to analyze and detect potential mainframe cybersecurity breaches.
  • Compuware Abend-AID’s integration with Ironstream enables IT to more quickly discover and take action on correlations between application faults and broader conditions in the mainframe environment.


Problem Solved

Most enterprises still rely on disparate logs and SMF data from security products such as RACF®, CA ACF2TM and CA Top Secret® to piece together user behavior, but the information captured by log files is often incomplete or vague, leading to numerous false positives. Some IT security organizations may even apply advanced analytics to deduce who accessed what, when, but even this isn’t enough to meet the relentlessly escalating demands of cross-platform enterprise cybersecurity and increasingly burdensome global compliance mandates.

Application Audit captures rich start-to-finish user session activity data in real time—including all successful logins, session keyboard commands and menu selections, specific data browsed, and more. Syncsort Ironstream users can receive Application Audit data and then use Ironstream to store, transport, format and correlate the data before sending it to Splunk for further analysis.

How the Application Audit Integration Works

  • Application Audit fully captures start-to-finish mainframe application user behavior in real time.
  • The data can be sent to Ironstream, which stores, transports, formats and correlates the data for secure delivery into Splunk and adds additional z/OS mainframe log data.
  • Cybersecurity teams can take the mainframe data and combine it with equivalent information from other platforms within Splunk, where it can be analyzed together and correlated for security and compliance.

Application Faults and Abends

Problems Solved

In complex enterprise environments, correlations between application behaviors and underlying infrastructure can be both subtle and critical. What appear to be platform issues may turn out to be software faults—and vice versa. As platform responsibilities shift to personnel with limited experience on z/OS, it’s imperative that staff of all experience levels have access to comprehensive insight into the issues that affect service delivery without having to understand the inner workings of the mainframe.

How the Abend-AID Integration Works

Ironstream provides access to and automatic forwarding of z/OS mainframe operational data to distributed/open systems environments. In addition to capturing SMF records and Syslog data, Ironstream also captures UNIX Systems Services (USS) files, which can contain critical system log information including Log4j, security data, IBM® MQ and other web-based application log data, providing deeper visibility into application availability and performance. Ironstream also provides useful platform metrics such as threshold monitoring for Open Systems Adapter (OSA) channels, ports and interfaces—as well as data gathered from the monitoring of open-system channels, ports, interfaces, LPARs and TCP/IP.

Abend-AID complements this operational data with rich information about application faults that includes programs involved, date/time of last change and supporting z/OS, DB2, MQ and IMS information. By providing comprehensive information on the programs and data involved in a problem, Abend-AID greatly reduces mean time to resolution, often recommending possible resolutions.

By connecting these two important categories of data together in an organization’s analytic environment of choice, the Abend-AID/Ironstream integration helps IT staffs get richer, more complete insight into mainframe issues that threaten the availability and performance of critical mainframe apps.

More mature enterprise IT organizations can further leverage the Abend-AID/Ironstream integration to feed rich platform- and application-related mainframe data into an analytic environment that also includes data from other enterprise platforms to better support, monitor and secure the multi-tier web and mobile services commonly found in today’s large enterprises.