Steps for reviewing data on the queue if you are not using IDS

Before you begin, you need to have issued the D TCPIP,,STOR and D Net,CSM,Ownerid=All commands to track storage use.

Depending on your configuration, take the following actions to determine whether data is accumulated on the queue:

If . . . Then . . . And take the following actions...
TCP QUEUE Size attack detection is not configured to log to syslogd Issue the Netstat ALL/-A command to determine whether a lot of application data has accumulated on the queues for TCP connections.
  • If no data, or an insignificant amount of data, has accumulated on the queue, go to Step 3 in Steps for reviewing a storage problem.
  • If data has accumulated on the queue, then resolve the problem that is causing the data to not be processed, or reset those connections to release the storage.
TCP QUEUE Size attack detection is configured to log to syslogd Look in the syslogd output for messages EZZ8621I, EZZ86641I, or EZZ8666I. These messages indicate that excessive or old data is accumulating on the receive, send, or out-of-order queue for a TCP connection.
  • If these messages do not appear in syslogd, go to Step 3 in Steps for reviewing a storage problem
  • If one or more of these messages do appear in syslogd, determine whether there is a corresponding message (EZZ863I, EZZ8665I, or EZZ8667I) that indicates that the accumulated data has been processed. If no corresponding message appears, resolve the problem that is causing the data to not be processed, or reset those connections to release the storage.

You can now perform the steps for the decision you have made.

Parent topic: Diagnosing a storage problem