z/OS Communications Server: IP Messages Volume 4 (EZZ, SNM)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZZ8653I

z/OS Communications Server: IP Messages Volume 4 (EZZ, SNM)
SC27-3657-01

EZZ8653I
TRMD ATTACK statistics:date time,type=type,attacks=attacks,action=action,sensorhostname=sensorhostname

Explanation

Intrusion Detection Services (IDS) ATTACK statistics have been gathered.

In the message text:
date
The date when statistics were gathered.
time
The time when statistics were gathered.
type
The attack event type. Possible values are:
  • Malformed
  • OutboundRaw
  • IPFragment
  • ICMP
  • IPOPT
  • IPPROTO
  • Flood
  • PerpEcho
  • OutboundRaw6
  • IPv6NextHeader
  • IPv6HopOptions
  • IPv6DestOptions
  • TCPQueueSize
  • GlobalTCPStall
  • DataHiding
  • EELDLCCheck
  • EEPortCheck
  • EEMalformed
  • EEXIDFlood
These correspond to the AttackType values specified in IDS policy. See the z/OS Communications Server: IP Configuration Guide for a description of the attack types.
attacks
The number of attacks of type.
action
The Intrusion Detection Services (IDS) policy action for the attack type. Possible values are discard, nodiscard, resetconn, or noresetconn.

Result: For an IDS rule that was configured using LDAP, the value discard indicates that TypeActions LIMIT was specified in the policy. The value nodiscard indicates that TypeActions LIMIT was not specified in the policy.

sensorhostname
The fully qualified host name of the IDS sensor.

System action

Processing continues.

Operator response

None.

System programmer response

None.

Module

EZATRMD

Example

EZZ8653I TRMD ATTACK statistics:07/16/2010 20:20:07.93,type=TCPQueueSize,attacks=5,action=noresetconn,
sensorhostname=HOST1.COMPANYA.COM

Procedure name

WriteStatEntries

Parent topic: EZZ8xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014