IDS packet trace output

Use the following references or guidelines for IDS packet trace output:

  • See Intrusion Detection Services trace (SYSTCPIS) if message EZZ4210I CTRACE DEFINE FAILED FOR CTIIDS00 is issued at stack initialization.
  • Consider starting the MVS™ external writer. See Formatting packet traces using IPCS for information about formatting the IDS packet trace in a dump.
  • For IDS attack policy, packets associated with attack events can be traced. For most attack types, a single packet triggers an event and the packet is traced. To prevent trace flooding, a maximum of 100 attack packets per attack type are traced within a 5-minute interval. For the flood attack type, the first 100 packets that are discarded during the flood are traced. For the TCP queue size, global TCP stall, and EE XID flood attack types, no IDS tracing is done.
Parent topic: Diagnosing IDS output problems