Flood statistics (-F -S) report

This report is displayed when both the -F and -S options are specified on the trmdstat command. It displays the contents of attack flood statistics records only. This report only formats an attack flood statistics record. There is no consolidation or sorting of records. An overall flood statistics log record, EZZ8653I with attack type Flood, contains the number of floods detected during a statistics interval regardless of the type of flood.

More detailed statistics information is also kept by interface for interface flood reporting and to provide data to help an installation determine the policy action values for flood percentage and minimum discard that are used for interface flood detection. The interface flood specific statistics information is contained in the EZZ8657I statistics record and is reported in the Interface FLOOD Detailed Statistics section of the report.

More detailed statistics information is also kept by local IP address for EE XID flood reporting. The EE XID flood specific statistics information is contained in the EZZ8676I statistics record and is reported in the XID FLOOD Detailed Statistics section of the report.

>trmdstat -FS /tmp/tstlog.log
trmdstat for z/OS CS V2R1  Fri Nov 25 09:24:56 2011

Command Entered     : trmdstat -FS /tmp/tstlog.log
Log Time Interval   : Nov 11 20:37:31  - Nov 23 15:48:22
Stack Time Interval : Nov 11 20:37:15  - Nov 23 15:48:07
TRM Records Scanned : 227

                  Overall FLOOD Statistics

    Date and Time        Flood Count
----------------------   ----------
11/23/2011 14:46:27.18            7

                  Interface FLOOD Detailed Statistics

    Date and Time         Interface      -----Discard-----     Attacks
                                           Count       Pct
---------------------- ----------------  ----------    ---    ----------
11/23/2011 14:46:27.18 LOSAQDIO4              14943     24             1
11/23/2011 15:48:07.51 LOSAQDIO4              82122     74             1
11/23/2011 14:46:27.18 OSAQDIO46               1756     18             0
11/23/2011 15:48:07.51 OSAQDIO46               8231     26             1

                  XID FLOOD Detailed Statistics

                                                                       -----XID Timeouts-----
     Date and Time                     Local IP Address                 Interval      Peak       Attacks
----------------------  ---------------------------------------------  ----------  ----------  ----------
11/11/2011 20:37:15.56  192.168.104.196                                        20           2           0
11/11/2011 20:37:15.56  192.168.105.53                                         40           4           3
11/11/2011 20:37:15.56  2001:db8::9:42:105:53                                  10           1           0
11/12/2011 03:54:27.58  2001:db8::9:42:105:53                                   4           1           1
11/12/2011 04:04:37.57  2001:db8::9:42:105:53                                  12           4           0

The following information describes the areas of the overall flood statistics report.

Date and Time: Indicates the date and time at which the statistics information was gathered by the TCP/IP stack.
Flood Count: The total number of SYN flood and Interface flood entries detected during the interval.

The following describes the areas of the interface flood detailed statistics report.

Date and Time: Indicates the date and time at which the statistics information was gathered by the TCP/IP stack.
Interface: The name of the interface for which the data is reported.
Discard Count: Number of inbound packets discarded or not processed during the statistics interval.
Discard Pct: Percentage of the total packets received on the interface during the statistics interval that were discarded.
Attacks: Number of Interface flood entries detected on the interface during the statistics interval.

The following list describes the areas of the EE XID FLOOD detailed statistics report.

Date and Time: Indicates the date and time at which the statistics information was gathered by the TCP/IP stack.
Local IP Addres: Destination IP address for which the data is reported.
Timeout Interval: Number of inbound EE XID packets that timed out during the statistics interval.
Timeout Peak: The maximum number of EE XID packets that timed out during a 1-minute interval.
Attacks: Number of EE XID floods starts detected during the statistics interval.