IDS overall summary (-I) report option

This report is displayed when the -I option is specified with the trmdstat command or when no report option is provided on the trmdstat command invocation. It displays the summary of all the IDS information present in the log. Using this report enables you to get an idea of the overall effect of the IDS policies installed in the system.

> trmdstat  -I /tmp/tstlog.log
trmdstat for z/OS CS V2R1  Fri Nov 25 11:30:11 2011

Command Entered     : trmdstat -I /tmp/tstlog.log
Log Time Interval   : Jul 19 10:41:39  - Nov 23 14:52:52
Stack Time Interval : Jul 19 10:41:39  - Nov 23 14:52:31
TRM Records Scanned : 227

TCP - Traffic Regulation
------------------------------------------------
Connections would have been refused :          3
Connections refused                 :         19

Constrained entry logged            :          1
Constrained exit logged             :          1
Constrained entry                   :          5
Constrained exit                    :          5

QOS exceptions logged               :          1
QOS exceptions made                 :          5

UDP - Traffic Regulation
------------------------------------------------
Constrained entry logged            :          1
Constrained exit logged             :          1
Constrained entry                   :          4
Constrained exit                    :          4

SCAN Detection
------------------------------------------------
Threshold exceeded                  :         11
Detection delayed                   :          0
Storage constrained entry           :          0
Storage constrained exit            :          0

ATTACK Detection
------------------------------------------------
Packet would have been discarded    :         10
Packet discarded                    :         12

FLOOD Detection
------------------------------------------------
Accept queue expanded               :          2
SYN flood start                     :          5
SYN flood end                       :          5
Interface flood start               :          3
Interface flood end                 :          3
EE XID flood start                  :          2
EE XID flood end                    :          2

Global TCP Stall Detection
------------------------------------------------
Global TCP stall entry              :          1
Global TCP stall exit               :          1
Connections would have been reset   :          6
Connections reset                   :          6

TCP Queue Size Detection
------------------------------------------------
Send queue
  Constrained entry                 :          2
  Constrained exit                  :          2
  Connections reset                 :          2
Receive queue
  Constrained entry                 :          2
  Constrained exit                  :          2
  Connections reset                 :          2
Out-of-order queue
  Constrained entry                 :          2
  Constrained exit                  :          2
  Connections reset                 :          1
The following information describes the areas of the IDS summary report.
TCP - Traffic regulation
Connections would have been refused
Specifies the number of connections that would have been refused if policy action LIMIT had been specified in the TR policy. This count indicates the total number of EZZ9319I messages present in the log.
Connections refused
Indicates the number of connections refused by the system. This count indicates the total number of EZZ9324I messages present in the log.
Constrained entry logged
Specifies the number of times that a TCP listener would have entered a constrained state if policy action LIMIT had been specified in the TR policy. This count indicates the total number of EZZ9320I messages present in the log.
Constrained exit logged
Specifies the number of times that a TCP listener would have exited a constrained state if policy action LIMIT had been specified in the TR policy. This count indicates the total number of EZZ9322I messages present in the log.
Constrained entry
Specifies the number of times that a TCP listener entered a constrained state. This count indicates the total number of EZZ9321I messages present in the log.
Constrained exit
Specifies the number of times that a TCP listener exited a constrained state. This count indicates the total number of EZZ9323I messages present in the log.
QOS exceptions logged
Specifies the number of times a QoS exception was logged because the QOS policy guarantees a higher number of connections to this port than would be allowed by the TCP TR policy. This count indicates the total number of EZZ9318I messages present in the log.
QOS exceptions made
Specifies the number of times a QoS exception was made because the QOS policy guarantees a higher number of connections to this port than would be allowed by the TCP TR policy. This count indicates the total number of EZZ9317II messages present in the log.
UDP - Traffic regulation
Constrained entry logged
Specifies the number of times that a UDP socket would have entered a constrained state if policy action LIMIT had been specified in the TR policy. This count indicates the total number of EZZ8638I messages present in the log.
Constrained exit logged
Specifies the number of times that a UDP socket would have exited a constrained state if policy action LIMIT had been specified in the TR policy. This count indicates the total number of EZZ8640I messages present in the log.
Constrained entry
Specifies the number of times that a UDP socket entered a constrained state. This count indicates the total number of EZZ8639I messages present in the log.
Constrained exit
Specifies the number of times that a UDP socket exited a constrained state. This count indicates the total number of EZZ8641I messages present in the log.
Scan detection
Threshold exceeded
Specifies the number of scan events detected. This count indicates the total number of EZZ8643I messages present in the log.
Detection delayed
Specifies the number of scan interval overrun events detected. This count indicates the total number of EZZ8645I messages present in the log.
Storage constrained entry
Specifies the number of times scan storage constraint entry was detected. This count indicates the total number of EZZ8646I messages present in the log.
Storage constrained exit
Specifies the number of times scan storage constraint exit was detected. This count indicates the total number of EZZ8647I messages present in the log.
Attack detection
Packet would have been discarded
Specifies the total number of attack packets that would have been discarded if policy action Discard had been specified in the attack policy. This count indicates the total number of EZZ8649I messages present in the log.
Packet discarded
Specifies the total number of attack packets discarded. This count indicates the total number of EZZ8648I messages present in the log.
Flood detection
Accept queue expanded
Specifies the number of accept queue expansions. This count indicates the total number of EZZ8652I messages present in the log.
SYN flood start
Specifies the number of SYN flood starts detected. This count indicates the total number of EZZ8650I messages present in the log.
SYN flood end
Specifies the number of SYN flood ends detected. This count indicates the total number of EZZ8651I messages present in the log.
Interface flood start
Specifies the number of interface flood starts detected. This count indicates the total number of EZZ8654I messages present in the log.
Interface flood end
Specifies the number of interface flood ends detected. This count indicates the total number of EZZ8655I messages present in the log.
EE XID flood start
Specifies the number of EE XID flood starts detected. This count indicates the total number of EZZ8677I messages present in the log.
EE XID flood end
Specifies the number of EE XID flood ends detected. This count indicates the total number of EZZ8678I messages present in the log.
Global TCP stall detection
Global TCP stall entered
Specifies the number of global TCP stall enter conditions that have been detected. This count indicates the number of EZZ8671I messages present in the log.
Global TCP stall exited
Specifies the number of global TCP stall exit conditions that have been detected. This count indicates the number of EZZ8672I messages present in the log.
Connections would have been reset
Specifies the number of stalled TCP connections that contributed to a global TCP stall condition. These stalled TCP connections were not reset because Intrusion Detection Services (IDS) policy for the global TCP stall attack type specified that connections should not be reset. This count indicates the number of EZZ8674I messages present in the log.
Connections reset
Specifies the number of stalled TCP connections that contributed to a global TCP stall condition. These stalled TCP connections were reset because Intrusion Detection Services (IDS) policy for the global TCP stall attack type specified that connections should be reset. This count indicates the number of EZZ8673I messages present in the log.
TCP Queue size detection
Send queue
Constrained entered
Specifies the number of times a TCP connection's send queue entered a constrained state. This count indicates the total number of EZZ8664I messages present in the log.
Constrained exited
Specifies the number of times a TCP connection's send queue exited a constrained state. This count indicates the total number of EZZ86651I messages present in the log.
Connections reset
Specifies the number of TCP connections that were reset because the connections' send queues were constrained. This count indicates the number of EZZ8669I messages present in the log.
Receive queue
Constrained entered
Specifies the number of times a TCP connection's receive queue entered a constrained state. This count indicates the total number of EZZ8662I messages present in the log.
Constrained exited
Specifies the number of times a TCP connection's receive queue exited a constrained state. This count indicates the total number of EZZ86631I messages present in the log.
Connections reset
Specifies the number of TCP connections that were reset because the connections' receive queues were constrained. This count indicates the number of EZZ8668I messages present in the log.
Out-of-order queue
Constrained entered
Specifies the number of times a TCP connection's out-of-order queue entered a constrained state. This count indicates the total number of EZZ8666I messages present in the log.
Constrained exited
Specifies the number of times a TCP connection's out-of-order exited a constrained state. This count indicates the total number of EZZ86671I messages present in the log.
Connections reset
Specifies the number of TCP connections that were reset because the connections' out-of-order queues were constrained. This count indicates the number of EZZ8670I messages present in the log.
messages suppressed
Specifies the number of messages suppressed with date and time. This data comes from an EZZ8660I, EZZ8661I, or EZZ9327I message. See in The trmdstat report general concept for a detailed description.
Parent topic: z/OS UNIX trmdstat command report details and examples