CLIP is a BS2000 software product designed to integrate BS2000-specific messages, security-related information, and events, and to centrally forward them to an external security management system, such as a SIEM system.

In the BS2000 operating system, messages and events from various components such as the Security Audit Trail log (SATLOG file), ACCOUNTING, console logging (CONSLOG file), and software error logging (SERSLOG file), are recorded in separate log files.

CLIP is designed to collect various events within the BS2000 system and convert them into the format defined by the Syslog protocol (RFC 5424). These messages are sent via socket connections to an external server that supports the Syslog format, such as a Linux-based rSyslog server. The external server can collect, filter, and process events from multiple BS2000 systems, which can then be analyzed and visualized by a SIEM system.

CLIP currently supports BS2000 events and messages from the following components:

• Events logged by SAT (Security Audit Trail), which are recorded in the BS2000 SAT log file (SATLOG) and can be analyzed using the SATUT utility.

• ACCOUNTING entries for resource usage billing.