Explanation
A defensive filter is deleted from the TCP/IP
stack.
In the message text:
- timestamp
- The stack timestamp that indicates the time at which the defensive
filter was deleted from the stack. This time is retrieved from the
system time-of-day clock, which usually reflects coordinated universal
time (UTC). This timestamp might be different than the syslogd message
timestamp.
- rulename
- The defensive filter rule name as specified on the -N option when
the defensive filter was added with the z/OS® UNIX ipsec command.
- instance
- The rule name extension.
- reason
- The reason that the defensive filter was deleted from the TCP/IP
stack. Possible reason values are:
- expire
- The defensive filter lifetime expired and the filter was deleted
from the stack.
- delete_specific
- The defensive filter was deleted because a z/OS UNIX ipsec command
was issued to delete this filter by name.
- delete_all
- The defensive filter was deleted because a z/OS UNIX ipsec command
was issued to delete all the defensive filters on this stack.
- defensive_mode_inactive
- The defensive filter was deleted because the user changed the
defensive filter mode to inactive. The defensive filter mode can
be set to inactive by editing the Defense Manager daemon (DMD) configuration
file or by issuing the MODIFY procname,FORCE_INACTIVE
command.
- userid
- The user ID of the user who deleted the defensive filter. If
the reason value is expire or defensive_mode_inactive,
the userid value is N/A.
System action
TCP/IP processing continues.
Operator response
System programmer response
User response
Problem determination
Source
z/OS Communications
Server TCP/IP: TRMD
Module
Routing code
Not applicable for syslog message.
Descriptor code
Not applicable for syslog message.
Automation
Example
EZD1724I Defensive filter deleted: 07/11/2007 23:40:08.78 filter rule= Block_192.30.30.0/24
ext= 1 reason= delete_specific userid= USER2