These instructions guide you through the process of installing Powertech SIEM Agent for IBM i.

Before You Install

If you are installing in an HA environment, please review Replication of Identity Manager, Exit Point Manager, SIEM Agent, and Central Administration in a High Availability Environment before installing Powertech SIEM Agent for IBM i.

Licensing

SIEM Agent for IBM i requires that you enter a valid license key. Contact [email protected] if you need to request a new license key.

System Requirements

The following requirements are necessary in order to install and run Powertech SIEM Agent.

  • IBM i 7.2 or higher
  • 7.2: PTF SI62949
  • 7.3: PTF SI62950
During installation an FTP connection is initiated. The FTP server responds with messages that prompt for FTP login credentials. The standard port reserved to establish an FTP connection to the IBM i is port 21. Consequently, it is required that this port is open and ‘listening’ on the server in order to establish a connection with the Installation Wizard and facilitate a successful installation. Any firewall or exit program technology on the PC or the IBM i system could potentially block the FTP file upload and remote commands running the installation. Ensure any such firewall or program is configured to permit an FTP connection on port 21. If standard FTP is not permitted, contact Technical Support for instructions on how to manually install the product without the installation wizard.

System Values

It is HelpSystems' goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the SIEM Agent installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.

To install SIEM Agent on your system, the following system values that control object restores must be configured as shown.

  • Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.)
  • QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the SIEM Agent install library (PTSALIB) for the product to function properly.
  • Set QVFYOBJRST to 1, 2, or 3. This allows SIEM Agent to restore all objects regardless of their signature. (Note: If you normally check signatures, remember to check this system value after the SIEM Agent install process completes.)
  • Set QFRCCVNRST (Force conversion on restore) to 0, Do not convert anything.

Installing Powertech SIEM Agent

The following servers must be available and running prior to installation:

  • FTP Server
  • Remote Command Server

Do the following to perform the installation or update:

  1. Download the SIEM Agent installer (setupSIEMAgent.exe) to your PC from the SIEM Agent download page.
  2. Double-click the .exe file to start the Installation Wizard.
  3. On the Choose Components panel, select which components you want to install. You can choose to install the Manuals and the Software for IBM i. Click Next.
  4. If you are installing the Manuals only, the process completes and the installer closes. The Manuals have been installed. You can skip the rest of these steps.
    The manuals are installed to the following location:
    C:\Program Files\PowerTech\SIEM Agent for IBM i\manuals
  5. On the IBM i Details panel:

    1. Select or enter the IBM i system.
    2. Enter a user profile and password that is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, *SERVICE, *SPLCTL, and *AUDIT. The user profile should have Limit capabilities set to *NO.
    3. (Optional) In the Advanced Settings section:
      • Enter a port number or use the arrows if you want to change the FTP port number to something other than the default of 21.
      • Select Secure File Transfer if you want to use FTPS during the file transfer. The default FTPS secure port is 990, but it can be changed to the required secure port for your environment.
      • In the Timeout (seconds) field, enter the number of seconds the session should be kept active during an FTP transfer. You can choose anywhere between 25 and 1800 seconds (30 minutes).
        If the transfer takes longer than the amount of time specified, the session will expire.
    4. Click Next.

  6. You have two options on the Product Load Options panel:

    1. Click Immediate Load if you’d like to load the product on the IBM i now.

      If you're doing an update, this ends SIEM Agent until the product load completes. After you are done, we’ll restart the product.
    2. Click Staged Load if you’d like to transfer the objects now and load them on the IBM i at a later time.

      See "Loading Staged Objects on the IBM i" (below) for instructions on how to load the staged objects on your selected IBM i system.
  7. The Product Load Progress panel for SIEM Agent launches.

    If the Product Load Progress panel ends with an overall Failed message, the product upload could not complete properly. To find the reason the upload failed, click View Logs and review your logs. You can also use Download at the top of the logs to save the information for future review.

    When the processing is complete, you have two choices:

    • If this is the only installation or update of SIEM Agent that you're doing, click Finish.

    • If you have installs or updates to do on other IBM i systems, click Restart. Then, return to step 4.

Loading staged objects on the IBM i

If you chose to stage your objects during step 5b of the installation or update process, do the following to manually load them on the IBM i you identified above.

  1. On the IBM i, execute the following command to display the Work with Loads panel:

    HSLOADMGR/HSWRKLOAD

  2. Enter option 1, Load, next to the Load Name for SIEM Agent and press Enter.

    The installation program installs SIEM Agent, including the required user profiles and libraries (see table below for details).

The installation process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the SIEM Agent install.

See Implementing SIEM Agent for information on starting and using the product.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: August 24, 2020