z/OS® UNIX trmdstat command filter options

The following parameters can be used to filter the output of the specified report.

-i initial_time
The time of the first record to be considered. If this option is not specified, the first available record in the file is selected. The time is specified in the format MMDDHHMMSS.
MM
Month
DD
Date
HH
Hours
MM
Minutes
SS
Seconds
For example, 1021143030 is Oct 21 14:30:30. Trailing zeros are not required (1021 for Oct 21 00:00:00).

For records generated by the TCP stack, the time the event actually occurred (the stack time) is used for the time filtering.

TRMD can also write syslog messages, for example, the EZZ8495I TRMD STARTED and the EZZ8501I TRMD ENDED messages. These messages contain only the syslog timestamp, which is used to filter these messages. The offset from the Coordinated Universal Time (UTC) of the syslog time is determined by the TZ environment variable when TRMD is started. For more information about setting the UTC offset, see the TRMD section in Intrusion Detection Services inz/OS Communications Server: IP Configuration Guide.

-f final_time
The time of the last record to be considered. If this option is not specified, the last record time available in the file is used. The format of the time is the same as in initial_time.
-p port_range
The port range to be considered. If this is not specified, all the ports are considered. The port_range value can be specified as follows:
  • A single port: -p 21
  • A range of ports: -p 21-220

Valid only when -A/-C/-F/-G/-Q/-T/-U option is used except when the -A -S, or -F -S options are specified.

  • For the attack summary (-A) and attack detail (-AD), the port_range filter value will be matched to the destination port in the messages.
  • For the connection summary (-C) and connection detail (-CD), the port_range filter value will be matched to the local port in the messages.
  • For the flood summary (-F) and flood detail (-FD), the port_range filter value will be matched to the bound port in the SYN flood messages.
  • For the global TCP stall summary (-G) and global TCP stall detail (-GD), the port_range filter will be matched to the local port in the messages.
  • For the TCP queue size summary (-Q) and TCP queue size detail (-QD), the port_range filter will be matched to the local port in the messages.
  • For the TCP TR summary (-T), TCP TR extended summary (-TE), TCP TR detail (-TD), and TCP TR statistic (-TS), the port_range filter value will be matched to the local port in the messages.
  • For the UDP TR summary (-U), UDP TR detail (-UD), and UDP TR statistic (-US), the port_range filter value will be matched to the local port in the messages.
-h ip_address
Displays information about that particular IP address. Valid only when the -A/-C/-F/-G/-N/-Q/-U option is used except when the -A -S options are specified.
  • For the attack summary (-A) and attack detail (-AD), the ip_address filter value will be matched to the destination address in the messages.
  • For the connection summary (-C) and connection detail (-CD), the ip_address filter value will be matched to the source address in the messages.
  • For the flood summary (-F) and flood detail (-FD), the ip_address filter value will be matched to the bound address in the SYN flood messages, the destination address in the Interface flood messages, and the destination address in the EE XID flood messages.
  • For the global TCP stall summary (-G) and global TCP stall detail (-GD), the ip_address filter value will be matched to the remote host address in the messages.
  • For the scan summary (-N) and scan detail (-ND) reports, the ip_address filter value will be matched to the source address in the messages.
  • For the TCP queue size summary (-Q) and TCP queue size detail (-QD), the ip_address filter value will be matched to the remote host address in the messages.
  • For the UDP TR summary (-U), UDP TR detail (-UD), and UDP TR statistic (-US), the ip_address filter value will be matched to the local IP address in the messages.
-j stack_name
Only messages containing the specified stack name are included in the report. The stack name is limited to eight characters.
-k ip_address
Specifies that information is to be gathered about the peak ip_address. Valid only when the -T and -S options are specified together.
-s ip_address
Specifies that information is to be gathered about the source ip_address. Valid only when the -A/-G/-Q/-T option is used except when the -A -S, or -T -S options are specified.
  • For the attack summary (-A) and attack detail (-AD), the ip_address filter value will be matched to the source address in the messages.
  • For the global TCP stall summary (-G) and global TCP stall detail (-GD), the ip_address filter value will be matched to the remote host address in the messages.
  • For the TCP queue size summary (-Q) and TCP queue size detail (-QD), the ip_address filter value will be matched to the remote host address in the messages.
  • For the TCP TR summary (-T), TCP TR extended summary (-TE), and TCP TR detail (-TD), the ip_address filter value will be matched to the source host address in the messages.
-t ip_address
Specifies that information is to be gathered about the destination ip_address. Valid only when the -A/-G/-Q/-T option is used except when the -A -S option is specified.
  • For the attack summary (-A) and attack detail (-AD), the ip_address filter value will be matched to the destination address in the messages.
  • For the global TCP stall summary (-G) and global TCP stall detail (-GD), the ip_address filter value will be matched to the local host address in the messages.
  • For the TCP queue size summary (-Q) and TCP queue size detail (-QD), the ip_address filter value will be matched to the local host address in the messages.
  • For the TCP TR summary (-T), TCP TR extended summary (-TE), TCP TR detail (-TD), and TCP TR statistic (-TS), the ip_address filter value will be matched to the local host address in the messages.
-c correlator
Specifies that information is to be gathered for records with the specified correlator. Not valid with -S or -I.
-n interface_name
Specifies that information is to be gathered about the interface (or Link). Valid only when -F is specified. If interface name is not applicable, such as in overall flood data, the record is not selected. The interface name is case sensitive and must be specified as shown in the report.
Parent topic: z/OS UNIX trmdstat command parameter descriptions