This report is displayed when both the -N and -D options are specified on the trmdstat command. It displays the contents of individual scan event records. The records are sorted by source IP address. The information in this report is derived from EZZ8643I type syslog messages.
> trmdstat -ND /tmp/tstlog.log
trmdstat for z/OS CS V2R1 Fri Nov 25 08:35:40 2011
Command Entered : trmdstat -ND /tmp/tstlog.log
Log Time Interval : Jul 19 10:41:39 - Jul 23 12:54:15
Stack Time Interval : Jul 19 10:41:39 - Jul 23 16:54:06
TRM Records Scanned : 128
SCAN Events
Date and Time Source IP Address Suspicion Level Type Correlator
Very Possibly Normal
---------------------- --------------------------------------------- ---------- ---------- ---------- ---- ----------
07/22/2011 15:23:22.34 192.168.16.48 8 0 12 S 35
07/22/2011 16:12:27.55 192.168.16.48 0 10 10 F 55
07/19/2011 10:41:39.63 2001:db8:0:a:209:6bff:fee9:65dd 0 1 2 F 2
07/19/2011 15:14:40.96 2001:db8:0:a:209:6bff:fee9:65dd 0 3 0 F 20
07/19/2011 15:36:40.09 2001:db8:0:a:209:6bff:fee9:65dd 3 3 1 S 23
07/19/2011 20:41:39.07 2001:db8:0:a:209:6bff:fee9:65dd 0 1 2 F 32
07/19/2011 25:36:40.09 2001:db8:0:a:209:6bff:fee9:65dd 3 3 1 S 33
07/23/2011 13:16:34.04 2001:db8:11:16::44 0 19 0 F 62
07/23/2011 16:54:06.04 2001:db8:11:16::44 10 16 19 S 65
07/22/2011 15:30:05.34 2001:db8:11:16:202:55ff:fe31:148c 6 0 0 F 38
07/22/2011 16:02:07.53 2001:db8:11:16:202:55ff:fe31:148c 9 0 11 S 42 Restriction: When a scan is detected for a source IP address, additional suspicious packets from that source IP that are received during the current fast scan interval are not reflected in these suspicious counts.