The following parameters can be used to filter the output
of the specified report.
- -i initial_time
- The time of the first record to be considered. If this option
is not specified, the first available record in the file is selected.
The time is specified in the format MMDDHHMMSS.
- MM
- Month
- DD
- Date
- HH
- Hours
- MM
- Minutes
- SS
- Seconds
For example, 1021143030 is Oct 21
14:30:30. Trailing zeros are not required (1021 for
Oct 21 00:00:00). For records generated by the TCP stack, the
time the event actually occurred (the stack time) is used for the
time filtering.
TRMD can also write syslog messages, for example,
the EZZ8495I TRMD STARTED and the EZZ8501I TRMD ENDED messages. These
messages contain only the syslog timestamp, which is used to filter
these messages. The offset from the Coordinated Universal Time (UTC)
of the syslog time is determined by the TZ environment variable when
TRMD is started. For more information about setting the UTC offset,
see the TRMD section in Intrusion Detection Services inz/OS Communications Server: IP Configuration
Guide.
- -f final_time
- The time of the last record to be considered. If this option is
not specified, the last record time available in the file is used.
The format of the time is the same as in initial_time.
- -p port_range
- The port range to be considered. If this is not specified, all
the ports are considered. The port_range value
can be specified as follows:
- A single port: -p 21
- A range of ports: -p 21-220
Valid only when -A/-C/-F/-G/-Q/-T/-U option is used except
when the -A -S, or -F -S options are specified.
- For the attack summary (-A) and attack detail (-AD), the port_range
filter value will be matched to the destination port in the messages.
- For the connection summary (-C) and connection detail (-CD), the
port_range filter value will be matched to the local port in the messages.
- For the flood summary (-F) and flood detail (-FD), the port_range
filter value will be matched to the bound port in the SYN flood messages.
- For the global TCP stall summary (-G) and global TCP stall detail
(-GD), the port_range filter will be matched to the local port in
the messages.
- For the TCP queue size summary (-Q) and TCP queue size detail
(-QD), the port_range filter will be matched to the local port in
the messages.
- For the TCP TR summary (-T), TCP TR extended summary (-TE), TCP
TR detail (-TD), and TCP TR statistic (-TS), the port_range filter
value will be matched to the local port in the messages.
- For the UDP TR summary (-U), UDP TR detail (-UD), and UDP TR statistic
(-US), the port_range filter value will be matched to the local port
in the messages.
- -h ip_address
- Displays information about that particular IP address. Valid only
when the -A/-C/-F/-G/-N/-Q/-U option is used except when the -A -S
options are specified.
- For the attack summary (-A) and attack detail (-AD), the ip_address
filter value will be matched to the destination address in the messages.
- For the connection summary (-C) and connection detail (-CD), the
ip_address filter value will be matched to the source address in the
messages.
- For the flood summary (-F) and flood detail (-FD), the ip_address
filter value will be matched to the bound address in the SYN flood
messages, the destination address in the Interface flood messages,
and the destination address in the EE XID flood messages.
- For the global TCP stall summary (-G) and global TCP stall detail
(-GD), the ip_address filter value will be matched to the remote host
address in the messages.
- For the scan summary (-N) and scan detail (-ND) reports, the ip_address
filter value will be matched to the source address in the messages.
- For the TCP queue size summary (-Q) and TCP queue size detail
(-QD), the ip_address filter value will be matched to the remote host
address in the messages.
- For the UDP TR summary (-U), UDP TR detail (-UD), and UDP TR statistic
(-US), the ip_address filter value will be matched to the local IP
address in the messages.
- -j stack_name
- Only messages containing the specified stack name are included
in the report. The stack name is limited to eight characters.
- -k ip_address
- Specifies that information is to be gathered about the peak ip_address.
Valid only when the -T and -S options
are specified together.
- -s ip_address
- Specifies that information is to be gathered about the source ip_address.
Valid only when the -A/-G/-Q/-T option is used except when the -A
-S, or -T -S options are specified.
- For the attack summary (-A) and attack detail (-AD), the ip_address
filter value will be matched to the source address in the messages.
- For the global TCP stall summary (-G) and global TCP stall detail
(-GD), the ip_address filter value will be matched to the remote host
address in the messages.
- For the TCP queue size summary (-Q) and TCP queue size detail
(-QD), the ip_address filter value will be matched to the remote host
address in the messages.
- For the TCP TR summary (-T), TCP TR extended summary (-TE), and
TCP TR detail (-TD), the ip_address filter value will be matched to
the source host address in the messages.
- -t ip_address
- Specifies that information is to be gathered about the destination ip_address.
Valid only when the -A/-G/-Q/-T option is used except when the -A
-S option is specified.
- For the attack summary (-A) and attack detail (-AD), the ip_address
filter value will be matched to the destination address in the messages.
- For the global TCP stall summary (-G) and global TCP stall detail
(-GD), the ip_address filter value will be matched to the local host
address in the messages.
- For the TCP queue size summary (-Q) and TCP queue size detail
(-QD), the ip_address filter value will be matched to the local host
address in the messages.
- For the TCP TR summary (-T), TCP TR extended summary (-TE), TCP
TR detail (-TD), and TCP TR statistic (-TS), the ip_address filter
value will be matched to the local host address in the messages.
- -c correlator
- Specifies that information is to be gathered for records with
the specified correlator. Not valid with -S or -I.
- -n interface_name
- Specifies that information is to be gathered about the interface
(or Link). Valid only when -F is specified.
If interface name is not applicable, such as in overall flood data,
the record is not selected. The interface name is case sensitive
and must be specified as shown in the report.