Definition
SIEM platforms such as IBM QRadar and Splunk pull event and audit data from across an environment into one place so security teams can correlate activity and respond to threats faster. IBM i environments generate this data through the security audit journal (QAUDJRN) and message queues like QHST, but that data does not reach a SIEM automatically.
Getting IBM i into a SIEM usually requires a log forwarding tool that converts audit journal entries into a format the SIEM understands, commonly syslog, CEF, or LEEF, and sends it in near real time or on a scheduled interval.