Monitoring network events is an important aspect of network security. Logs can be used to verify that policies have been correctly configured and enforced, or to gather statistics on any traffic of interest. For instance, traffic that is persistently denied might be suspect. With IP filter logging, you can inspect any traffic on the system and even fine tune the configuration to show only those entries of interest. Logging can be controlled at the global level or at the individual rule level, including the ability to specify whether to log permitted traffic, denied traffic, or both. The IP filter log entries provide detailed information about each packet, including the rule that the packet matched and any pertinent IPSec information.
TRMD and syslogd provide the logging service for IP security. If running in the common INET environment, you must configure one instance of TRMD for each stack on a z/OS® system.