Important Updates to Cybersecurity Software

HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.

See the new names here > New, Clearer Names for HelpSystems Security Software.


Before starting your upgrade

System Values

It is HelpSystems’ goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the SIEM Agent IBM agent upgrade process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.

While upgrading the SIEM Agent IBM i agent on your system, the following system values that control object restores must be configured as shown:

  • Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.)
  • QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the SIEM Agent install library (PTSALIB) for the product to function properly.
  • Set QVFYOBJRST to 1, 2, or 3. This allows SIEM Agent to restore all objects regardless of their signature. (Note: If you normally check signatures, remember to check this system value after the SIEM Agent install process completes.)
  • Set QFRCCVNRST (Force conversion on restore) to 0, Do not convert anything.

System Requirements

The following requirements are necessary in order to install and run SIEM Agent.

  • IBM i 7.2 or higher
  • 7.2: PTF SI62949
  • 7.3: PTF SI62950

Note: During installation an FTP connection is initiated. The FTP server responds with messages that prompt for FTP login credentials. The standard port reserved to establish an FTP connection to the IBM i is port 21. Consequently, it is required that this port is open and ‘listening’ on the server in order to establish a connection with the Installation Wizard and facilitate a successful installation. Any firewall or exit program technology on the PC or the IBM i system could potentially block the FTP file upload and remote commands running the installation. Ensure any such firewall or program is configured to permit an FTP connection on port 21. If standard FTP is not permitted, contact Technical Support for instructions on how to manually install the product without the installation wizard.

Upgrading to Version 4 of SIEM Agent for IBM i

Ensure the following servers are available and running prior to upgrading:

  • FTP Server
  • Remote Command Server 

The upgrade process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the SIEM Agent for IBM i upgrade.

Do the following to upgrade SIEM Agent for IBM i:

  1. Download the SIEM Agent for IBM i Upgrade Installer from the SIEM Agent for IBM i Download page.
  2. Double-click the .exe file to start the Installation Wizard.
  3. On the Choose Components panel, select which components you want to install. You can choose to install the Manuals and the Software for IBM i. Click Next.
  4. If you are installing the Manuals only, the process completes and the installer closes. The Manuals have been installed. You can skip the rest of these steps. Note: The manuals are installed to the following location: C:\Program Files\PowerTech\SIEM Agent for IBM i\manuals
  5.  On the IBM i Details panel:

    1. Select or enter the IBM i system.
    2. Enter a user profile and password that is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.
    3. (Optional) In the Advanced Settings section:
      • Enter a port number or use the arrows if you want to change the FTP port number to something other than the default of 21.

      • Select Secure File Transfer if you want to use FTPS during the file transfer. The default FTPS secure port is 990, but it can be changed to the required secure port for your environment.

      • In the Timeout (seconds) field, enter the number of seconds the session should be kept active during an FTP transfer. You can choose anywhere between 25 and 1800 seconds (30 minutes). Note: If the transfer takes longer than the amount of time specified, the session will expire.

    4. Click Next.
  6. You have two options on the Product Load Options panel:

    1. Click Immediate Load if you’d like to load the product on the IBM i now.
    2. Click Staged Load if you’d like to transfer the objects now and load them on the IBM i at a later time. Note: See "Loading Staged Objects on the IBM i" (below) for instructions on how to load the staged objects on your selected IBM i system.
  7. The Product Load Progress panel for SIEM Agent launches.

    If the Product Load Progress panel ends with an overall Failed message, the product upload could not complete properly. To find the reason the upload failed, click View Logs and review your logs. You can also use Download at the top of the logs to save the information for future review.

    When the processing is complete, you have two choices:

    If this is the only installation or update of SIEM Agent that you're doing, click Finish.
    If you have installs or updates to do on other IBM i systems, click Restart. Then, return to step 4.
    The upgrade process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the SIEM Agent for IBM i upgrade.

Loading staged objects on the IBM i

If you chose to stage your objects during step 6b of the installation or update process, do the following to manually load them on the IBM i you identified above.

  1. On the IBM i, execute the following command to display the Work with Loads panel:
  2. Enter option 1, Load, next to the Load Name for SIEM Agent and press Enter.
    The installation program installs SIEM Agent, including the required user profiles and libraries (see table below for details).

The installation process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the SIEM Agent install.

After You Upgrade

To convert and import version 3 settings to SIEM Agent 4:

  1. Prompt (F4) the following command: 


  2. Set Processing Option to *CONVERT to convert the existing data on your system to SIEM Agent 4. Note that you can also choose *RPTONLY to create a report instead if, for example, you would like to test the conversion. 
  3. Press Enter. A log file is created for review after the conversion: PTSALIB/ PSACVTLOG. 

After conversion has completed, if you wish to continue to use the prior version, be sure to start the SIEM Agent 3/Interact monitor jobs by submitting the command:


If you run the prior version and new version concurrently with the same configuration, the same event transmissions to your SYSLOG server will be duplicated. Once you are content the new version is fully operational, the old version is no longer necessary and can be shut down.   

Note: In SIEM Agent 4, the app-name value included in syslog messages has been changed from "Interact" to "SIEM Agent", to reflect the product name (updated in 2018). If you have created rules in your SIEM that use the app-name value as a condition, you will need to update those rules to check for app-name = "SIEM Agent" instead of app-name="Interact".

For more information, see the Powertech SIEM Agent for IBM i User Guide.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: December 23, 2019