Explanation
One or more values have been updated for a defensive
filter in the TCP/IP stack. These updates were made using the z/OS® UNIX ipsec command.
In
the message text:
- date
- The date on which the defensive filter was updated in the stack.
This date is retrieved from the system time-of-day clock, which usually
reflects coordinated universal time (UTC). This timestamp might be
different than the syslogd message timestamp.
- time
- The time at which the defensive filter was updated in the stack.
This time is retrieved from the system time-of-day clock, which usually
reflects coordinated universal time (UTC). This timestamp might be
different than the syslogd message timestamp.
- rulename
- The defensive filter rule name as specified on the -N option when
the defensive filter was added with the z/OS UNIX ipsec command.
- instance
- The rule name extension.
- mode
- The defensive filtering mode specification for the defensive filter.
If the defensive filtering mode was updated with the z/OS UNIX ipsec command,
the mode value is block or simulate.
If the defensive filtering mode was not updated, the mode value
is N/A.
- log
- The log specification for the defensive filter. If the log setting
was updated with the z/OS UNIX ipsec command,
the log value is yes or no.
If the log setting was not updated, the log value
is N/A.
- lifetime
- The lifetime of the defensive filter in minutes. If the lifetime
was updated with the z/OS UNIX ipsec command,
the lifetime value is the new lifetime value.
If the lifetime was not updated, the value is N/A.
- userid
- The user ID of the user who updated the defensive filter.
- loglimit
- The limit on the number of filter-match messages generated for
this filter in a 5-minute interval. A value of 0 indicates that there
is no limit. If the log limit was not updated, the value is N/A.
System action
TCP/IP processing continues.
Operator response
System programmer response
User response
Problem determination
Source
z/OS Communications
Server TCP/IP: TRMD
Module
Routing code
Not applicable for syslog message.
Descriptor code
Not applicable for syslog message.
Automation
Example
EZD1725I Defensive filter updated: 07/11/2012 23:40:08.78 filter rule= Block_192.30.30.0/24 ext= 1 mode=
simulate log= N/A lifetime= N/A userid= USER1 loglimit= 100