If filter logging is enabled for the selected filter rule, the log indicates whether a packet has been permitted with IPSec processing applied. Among the information available for a typical filter log entry are the rule name, the action, and the tunnel ID:
Feb 13 18:09:11 MVS175/TRMD TRMD1 TRMD.TCPCS2[28]: EZD0814I Packet
permitted: 02/13/2010 18:09:05.96 filter rule= Rule2Admin ext= 1 sipaddr=
9.1.1.2 dipaddr= 9.1.1.1 proto= tcp(6) sport= 3755 dport= 21 -=
Interface= 9.1.1.1 (I) secclass= 255 dest= local len= 52 vpnaction=
Silver-TransportMode tunnelID= Y58 ifcname= MPC4142L fragment= NThe ipsec -y display command also outputs a field with the number of bytes of traffic that have been protected by a particular Security Association.
For detailed information about the use of the ipsec command, see z/OS Communications Server: IP System Administrator's Commands.