z/OS Communications Server: IP Programmer's Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


FTP server logon failure record (subtype 72)

z/OS Communications Server: IP Programmer's Guide and Reference
SC27-3659-02

The FTP server login failure record is collected when an attempt to log in to the z/OS® FTP server completes unsuccessfully. A return code within the SMF record provides information as to the cause of the login failure.

The Type 119 FTP server login failure record is collected at the same point in FTP login processing as the equivalent Type 118 FTP server (subtype X'72') SMF record.

See Table 1 for the contents of the TCP/IP stack identification section. For the FTP server logon failure record, the TCP/IP stack identification section indicates FTPS as the subcomponent and X'08' (event record) as the record reason.

Table 1 shows the FTP server logon failure record self-defining section:
Table 1. FTP server logon failure record self-defining section
Offset Name Length Format Description
0(X'0') Standard SMF Header 24   Standard SMF header; subtype is 72(X'48')
Self-defining section
24(X'18') SMF119SD_TRN 2 Binary Number of triplets in this record (3)
26(X'1A')   2 Binary Reserved
28(X'1C') SMF119IDOff 4 Binary Offset to TCP/IP identification section
32(X'20') SMF119IDLen 2 Binary Length of TCP/IP identification section
34(X'22') SMF119IDNum 2 Binary Number of TCP/IP identification sections
36(X'24') SMF119S1Off 4 Binary Offset to FTP server logon failure section
40(X'28') SMF119S1Len 2 Binary Length of FTP server logon failure section
42(X'2A') SMF119S1Num 2 Binary Number of FTP server logon failure sections
44 (X'2C') SMF119S2Off 4 Binary Offset to FTP server logon failure Security section
48 (X'30') SMF119S2Len 2 Binary Length of FTP server logon failure Security section
50 (X'32') SMF119S2Num 2 Binary Number of FTP server logon failure Security sections

Table 2 shows the FTP server logon failure specific section of this SMF record.

Table 2. FTP server logon failure record: logon failure section
Offset Name Length Format Description
0(X'0') SMF119FT_FFRIP 16 Binary Remote IP address
16(X'10') SMF119FT_FFLIP 16 Binary Local IP address
32(X'20') SMF119FT_FFRPort 2 Binary Remote port number (Client)
34(X'22') SMF119FT_FFLPort 2 Binary Local port number (Server)
36(X'24') SMF119FT_FFUserID 8 EBCDIC Client User ID received by server
44(X'2C') SMF119FT_FFReason 1 Binary Login failure reason:
  • X'00': FTP session terminated after USERID was processed, but before PASSWORD was entered.
  • X'01': Password is not valid.
  • X'02': Password has expired.
  • X'03': User ID has been revoked.
  • X'04': User does not have server access.
  • X'05': FTCHKPWD User exit reject login.
  • X'06': Excessive bad passwords.
  • X'07': Group ID process failed.
  • X'08': User ID is unknown.
  • X'09': Certificate is not valid
  • X'0A': Client name associated with certificate or ticket does not match user name.
45(X'2D')   3 Binary Reserved
48 (X'30') SMF119FT_FFCConnID 4 Binary TCP connection ID of FTP control connection
52 (X'34') SMF119FT_FFSessionID 15 EBCDIC FTP activity logging session ID. The activity logging session ID uniquely identifies the FTP session between a client and a server. The identifier is created by combining the job name of the FTP daemon with a 5-digit number in the range 00000 - 99999.
67 (X'49')   1 Binary Reserved
Table 3 shows the FTP server login failure security section:
Table 3. FTP server login failure security section
Offset Name Length Format Description
0 (X'0') SMF119FT_FFMechanism 1 EBCDIC Protection Mechanism:
  • N: None
  • T: TLS
  • G: GSSAPI
  • A: AT-TLS
1 (X'1') SMF119FT_FFCProtect 1 EBCDIC Control Connection Protection Level:
  • N: None
  • C: Clear
  • S: Safe
  • P: Private
2 (X'2') SMF119FT_FFDProtect 1 EBCDIC Data connection protection level:
  • N: None
  • C: Clear
  • S: Safe
  • P: Private
3 (X'3') SMF119FT_FFLoginMech 1 EBCDIC Login Method:
  • P: Password
  • C: Certificate
  • ' ': Login failure occurred before login method was determined.
  • T: Kerberos ticket
4 (X'4') SMF119FT_FFProtoLevel 8 EBCDIC Protocol level (present only if Protocol Mechanism is TLS or AT-TLS)
Possible values are:
  • SSLV2
  • SSLV3
  • TLSV1
  • TLSV1.1
  • TLSV1.2
12 (X'C') SMF119FT_FFCipherSpec 20 EBCDIC Cipher specification (present only if protocol mechanism is TLS or AT-TLS)
Possible values when protocol level is SSLV2:
  • RC4 US
  • RC4 Export
  • RC2 US
  • RC2 Export
  • DES 56-Bit
  • Triple DES US
Possible values when protocol level is SSLV3, TLSV1, TLSV1.1, or TLSV1.2:
  • SSL_NULL_MD5
  • SSL_NULL_SHA
  • SSL_RC4_MD5_EX
  • SSL_RC4_MD5
  • SSL_RC4_SHA
  • SSL_RC2_MD5_EX
  • SSL_DES_SHA
  • SSL_3DES_SHA
  • SSL_AES_128_SHA
  • SSL_AES_256_SHA
32 (X'20') SMF119FT_FFProtBuffSize 4 Binary Negotiated protection buffer size
36(X'24') SMF119FT_FFCipher 2 EBCDIC Hexadecimal value of cipher specification (present only if protocol mechanism is TLS or AT-TLS). If the value is 4X, the Cipher Specification must be obtained from the SMF119FT_FFCipher4 field.
38(X'26') SMF119FT_FFFips140 1 Binary FIPS 140 status
  • X'00': FIPS 140 off
  • X'01': FIPS 140 on
39(X'27') SMF119FT_FFCipher4 4 EBCDIC Four byte hexadecimal value of Cipher Specification (present only if Protocol Mechanism is TLS or AT-TLS).
Parent topic: Type 119 SMF records

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014