IP Services: Check code that automates on IKE daemon syslogd messages
Description
Scalability enhancements in z/OS V2R2 Communications
Server introduce a new internal thread pool to the Internet Key Exchange
(IKE) daemon. As part of this change, all of the IKED messages that
are written through syslogd will contain the thread identifier in
the syslogd header, which precedes the message identifier. In addition,
messages from different IKED threads might be interleaved. These
changes might affect the automation code that parses these IKED messages:
- If the automation code parses individual IKED messages in syslogd destinations based on any sort of position-based logic (for example, counting blanks delimiters, relying on a specific column), you need to update to account for the new thread id field.
- If the automation code parses individual IKED messages based on message content (for example, searching the string for specific message identifiers), no change is needed.
- If the automation code depends on the order of the IKED messages, you might need to update to take the thread id field into account so that the code ignores messages from other threads that are interleaved with the messages of interest.
IKED messages are those in the ranges EZD0902I - EZD1160I, EZD1751I - EZD1800I, and EZD1901I - EZD1925I as well as EZD2017I, EZD2019I, EZD2025I and EZD2027I.
The following example shows
a small excerpt of messages from z/OS V2R1 and the equivalent messages
from z/OS V2R2 with the imbedded thread identifiers:
V2R1:
Jul 28 11:39:26 mvs046 IKE: EZD1061I IKE connecting to PAGENT
Jul 28 11:39:26 mvs046 IKE: EZD1062A IKE retrying connection to PAGENT
Jul 28 11:39:34 mvs046 IKE: EZD0923I IKE has received the STOP command
Jul 28 11:39:34 mvs046 IKE: Message instance 0: EZD0967I IKE release
CS V2R1 Service Level CS130924 Created on Sep 24 2013
Jul 28 11:39:34 mvs046 IKE: Message instance 14: EZD1116I IKE detected
an NAPT in front of the remote security endpoint while initiating a new
phase 1 tunnel
V2R2:
Jul 28 15:10:47 mvs046 IKE: (00000001) EZD1061I IKE connecting to PAGENT
Jul 28 15:10:47 mvs046 IKE: (00000001) EZD1062A IKE retrying connection
to PAGENT
Jul 28 15:11:06 mvs046 IKE: (00000003) EZD0923I IKE has received the STOP command
Jul 28 15:11:06 mvs046 IKE: Message instance 0: (00000001) EZD0967I IKE release
CS V2R2 Service Level CS140728 Created on Jul 28 2014
Jul 28 15:11:06 mvs046 IKE: Message instance 14: (00000007) EZD1116I IKE detected
an NAPT in front of the remote security endpoint while initiating a new
phase 1 tunnelTable 1 provides more details about this migration action. Use this information to plan your changes to the system.
| Element or feature: | z/OS Communications Server. |
|---|---|
| When change was introduced: | z/OS V2R2. |
| Applies to migration from: | z/OS V2R1 and z/OS V1R13. |
| Timing: | Before the first IPL of z/OS V2R2. |
| Is the migration action required? | Yes, if you use the z/OS IKE daemon and you have code that automates on IKED messages written through syslogd. |
| Target system hardware requirements: | None. |
| Target system software requirements: | None. |
| Other system (coexistence or fallback) requirements: | None. |
| Restrictions: | None. |
| System impacts: | None. |
| Related IBM® Health Checker for z/OS® check: | None. |
Steps to take
Change the code that automates on IKED messages written through syslogd to account for the thread identifier that is added to the header area preceding the IKED message number.
Reference information
None.