Explanation
Intrusion Detection Services (IDS) ATTACK statistics
have been gathered.
In the message text:
- date
- The date when statistics were gathered.
- time
- The time when statistics were gathered.
- type
- The attack event type. Possible values are:
- Malformed
- OutboundRaw
- IPFragment
- ICMP
- IPOPT
- IPPROTO
- Flood
- PerpEcho
- OutboundRaw6
- IPv6NextHeader
- IPv6HopOptions
- IPv6DestOptions
- TCPQueueSize
- GlobalTCPStall
- DataHiding
- EELDLCCheck
- EEPortCheck
- EEMalformed
- EEXIDFlood
These correspond to the AttackType values specified in IDS policy.
See the z/OS Communications Server: IP Configuration
Guide for a description of the attack types.
- attacks
- The number of attacks of type.
- action
- The Intrusion Detection Services (IDS) policy action for the attack
type. Possible values are discard, nodiscard, resetconn, or noresetconn.
Result: For
an IDS rule that was configured using LDAP, the value discard indicates
that TypeActions LIMIT was specified in the policy. The value nodiscard
indicates that TypeActions LIMIT was not specified in the policy.
- sensorhostname
- The fully qualified host name of the IDS sensor.
System action
Operator response
System programmer response
Module
Example
EZZ8653I TRMD ATTACK statistics:07/16/2010 20:20:07.93,type=TCPQueueSize,attacks=5,action=noresetconn,
sensorhostname=HOST1.COMPANYA.COM
Procedure name
WriteStatEntries