MODIFY command: Policy Agent
You can use the operator console and the MODIFY command to control the Policy Agent functions.
Parameters:
- procname
- The member name of the cataloged procedure used to start the Policy Agent.
- LOGLEVEL,LEVEL=n
- Changes the Policy Agent LogLevel. The required log level is n. If n is not specified, then the current LogLevel remains the same. See LogLevel statement information in the z/OS Communications Server: IP Configuration Reference for details on how to define the Policy Agent LogLevel.
- TRACE,LEVEL=t
- Changes the Policy Agent start option trace level. The required
trace level is t. If t is not specified, then the current trace level remains the
same. See the Starting Policy Agent from the z/OS® shell information in
the z/OS Communications Server: IP Configuration Reference for details on valid Policy Agent trace levels. Note: If Policy Agent was started with the trace option disabled, then the output destination of stderr will be closed. This option cannot later be enabled by using the MODIFY command.
- DEBUG,LEVEL=d
- Changes the Policy Agent start option debug level. The required debug level is d. If d is not specified, then the current debug level remains the same. See the Starting Policy Agent from the z/OS shell information in the z/OS Communications Server: IP Configuration Reference for details on valid Policy Agent debug levels.
- MEMTRC
- Causes the Policy Agent to dump the contents of the memory request buffer to the log file. This buffer is used when the -m startup option is specified, so if this option is not specified, the MEMTRC parameter has no effect.
- QUERY
- Displays the current LogLevel, debug level, and trace level in effect for the Policy Agent.
- REFRESH
- Triggers the Policy Agent to reread the configuration files, and,
if requested, download objects from the LDAP server. Basically you
download objects from the LDAP server only if a ReadFromDirectory
statement is included in the configuration file. Note that policies
are also refreshed if the SIGHUP signal is received by the Policy
Agent. This signal can be sent using the UNIX
kill
command. If the FLUSH parameter was specified on the TcpImage or discipline configuration statement, the REFRESH command triggers FLUSH processing. One consequence of this is that policy statistics being collected in the TCPIP stack are reset, because FLUSH deletes and reinstalls all policies.See FLUSH and PURGE considerations details in z/OS Communications Server: IP Configuration Guide for more information concerning the FLUSH/NOFLUSH and PURGE/NOPURGE parameters.
Tip: If you specify the Security Secure value on the ServicesConnection statement and the generated AT-TLS policy is installed successfully, then the MODIFY REFRESH command removes all AT-TLS policies, including the generated AT-TLS policy, if FLUSH is specified for AT-TLS. The AT-TLS policies, including the generated AT-TLS policy, are then reinstalled. The services connection might be unavailable until the generated AT-TLS policy is reinstalled.
- SRVLSTN
- Triggers the Policy Agent to restart the listen for services requestor
connections and if required, to reinstall the generated AT-TLS policy.
See ServicesConnection statement
information in z/OS Communications Server: IP Configuration Reference for more details about
configuring the ServicesConnection statement. Tips:
- If you specify the Security Secure value on the ServicesConnection statement and the generated AT-TLS policy is installed successfully, use the MODIFY command with the SRVLSTN parameter to trigger the Policy Agent to reinstall the generated AT-TLS policy. Use this command when the contents of the key ring have changed, but the key ring name is unchanged.
- If you specify the Security Secure value on the ServicesConnection statement and the configured local or remote AT-TLS policies did not install successfully, use the MODIFY command with the SRVLSTN parameter to force the generated AT-TLS policy to be installed before the local or remote AT-TLS policies are installed. See the AT-TLS TCP/IP stack initialization access control information in z/OS Communications Server: IP Configuration Guide for more details about stack initialization access control.
- If the ImageName value that is configured on the ServicesConnection statement is not active when the ServicesConnection statement is processed, issue the MODIFY command with the SRVLSTN parameter after the TCP/IP image becomes active.
- UPDATE
- Triggers the Policy Agent to reread configuration files and, if
requested, download objects from the LDAP server. Basically you download
objects from the LDAP server only if a ReadFromDirectory statement
is included in the configuration file. This command is different
from the REFRESH command because Pagent only installs or removes from
the stack as appropriate any new, changed, or deleted policies.
See FLUSH and PURGE considerations information in the in the z/OS Communications Server: IP Configuration Guide for more information concerning the FLUSH/NOFLUSH and PURGE/NOPURGE parameters.
- MON
- Send a command to an application that is being monitored by the
Policy Agent.
- DISPLAY
- Display information about the set of applications, including whether or not they are being monitored, their status, and the associated TCP/IP stack name, if any.
- START
- Start a specified application or start all applications that are
configured on the AutoMonitorApps statement to be started and stopped.
Policy Agent starts the applications using the cataloged procedure
and other parameters that are configured on the AutoMonitorApps statement.
Result: If the Policy Agent has stopped monitoring the applications because the applications failed to successfully start within the retry period that was specified on the AutoMonitorParms statement, Policy Agent resumes monitoring the running status of the applications.
- ALL
- Start all applications that are configured on the AutoMonitorApps statement.
- DMD
- Start the Defense Manager daemon (DMD).
- IKED
- Start the IKE daemon (IKED).
- NSSD
- Start the network security services daemon (NSSD).
- SYSLOGD
- Start the syslog daemon (syslogd).
- TRMD
- Start the traffic regulation management daemon (TRMD).
- P=image
- Specifies the name of the TCP/IP stack on which the TRMD application is running. If only one instance of TRMD is configured on the AutoMonitorApps statement, this parameter is optional.
- RESTART
- Stop and restart a specified application or stop and restart all
applications that are configured on the AutoMonitorApps statement
to be started and stopped. Policy Agent restarts the applications
using the cataloged procedure and other parameters that are configured
on the AutoMonitorApps statement.
- ALL
- Restart all applications that are configured on the AutoMonitorApps statement.
- DMD
- Restart the Defense Manager daemon (DMD).
- IKED
- Restart the IKE daemon (IKED).
- NSSD
- Restart the network security services daemon (NSSD).
- SYSLOGD
- Restart the syslog daemon (syslogd).
- TRMD
- Restart the traffic regulation management daemon (TRMD).
- P=image
- Specifies the name of the TCP/IP stack on which the TRMD application is running. If only one instance of TRMD is configured on the AutoMonitorApps statement, this parameter is optional.
- STOP
- Stop a specified application or stop all applications that are
configured on the AutoMonitorApps statement to be started and stopped.
Result: Policy Agent stops monitoring the running status of the applications.
- ALL
- Stop all applications that are configured on the AutoMonitorApps statement.
- DMD
- Stop the Defense Manager daemon (DMD).
- IKED
- Stop the IKE daemon (IKED).
- NSSD
- Stop the network security services daemon (NSSD).
- SYSLOGD
- Stop the syslog daemon (SYSLOGD).
- TRMD
- Stop the traffic regulation management daemon (TRMD).
- P=image
- Specifies the name of the TCP/IP stack on which the TRMD application is running. If only one instance of TRMD is configured on the AutoMonitorApps statement, this parameter is optional.
Examples:
F PAGENT,MON,DISPLAY
EZD1587I PAGENT MONITOR INFORMATION
APPLICATION MONITORED JOBNAME STATUS TCP/IP STACK
DMD NO N/A N/A N/A
IKED YES IKED ACTIVE N/A
NSSD YES NSSD RESTARTING N/A
SYSLOGD YES SYSLOGD ACTIVE N/A
TRMD YES TRMD2 ACTIVE TCPIP2
TRMD YES TRMD3 INACTIVE TCPIP3