fix(IBM): add section to explain how to enable audit logs

SEKOIA-IO · Jun 19, 2024 · a1a03d7 · a1a03d7
1 parent a84f788
commit a1a03d7
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/docs/xdr/features/collect/integrations/endpoint/ibm_i.md b/docs/xdr/features/collect/integrations/endpoint/ibm_i.md
@@ -21,7 +21,7 @@ This integration supports the following versions:
 
 This integration supports the following events:
 
-- Audit journal 
+- Audit journal (Command entry, Authority failure)
 - Integrated file system monitoring
 - Message queues monitoring
 - Database monitoring
@@ -51,6 +51,15 @@ In this guide, you will configure the gateway to forward events to syslog.
 7. Select the protocol for the log concentrator (`TCP` is recommended)
 8. At the bottom of the screen, press `Enter` to save the changes
 
+### Enable Audit logs (optional)
+
+1. On the SLMON menu, type `CFGSRM`
+2. On the Configure global settings, select Option `10`
+3. Enable the following type:
+	- AF: Authority failures
+	- CD: Command string audit
+4. Press `F3` to save the changes
+
 ## Create the intake
 
 Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format IBM iSeries.