This report is displayed when the -N option is specified on the trmdstat command. It displays the summary of scan events. The information presented in this report is derived from EZZ8643I type syslog messages. The information is sorted by source IP address.
> trmdstat -N /tmp/tstlog.log
trmdstat for z/OS CS V2R1 Fri Nov 25 08:34:49 2011
Command Entered : trmdstat -N /tmp/tstlog.log
Log Time Interval : Jul 19 10:41:39 - Jul 23 12:54:15
Stack Time Interval : Jul 19 10:41:39 - Jul 23 16:54:06
TRM Records Scanned : 128
SCAN Summary
Source IP Address Scans Suspicion Level
Fast Slow Very Possibly Normal
--------------------------------------------- ---------- ---------- ---------- ---------- ----------
192.168.16.48 1 1 8 10 22
2001:db8:0:a:209:6bff:fee9:65dd 3 2 6 11 6
2001:db8:11:16::44 1 1 10 35 19
2001:db8:11:16:202:55ff:fe31:148c 1 1 15 0 11 Restriction: When a scan is detected for a source IP address, additional suspicious packets from that source IP that are received during the current fast scan interval are not reflected in these suspicious counts.