FTP client login failure record (subtype 102)
This SMF record is available only from the real-time TCP/IP network monitoring NMI's SMF interface, SYSTCPSM, and is not written to the MVS™ SMF data sets. See Real-time TCP/IP network monitoring NMI for more information about the SYSTCPSM interface.
Table 1 describes
the FTP client login failure self-defining section of the SMF record.
| Offset | Name | Length | Format | Description |
|---|---|---|---|---|
| 0 (X'0') | Standard SMF header | 24 | N/A | Standard SMF header; subtype is 102 (X'66') |
| Self-defining section | ||||
| 24 (X'18') | SMF119SD_TRN | 2 | Binary | Number of triplets in this record  (5) |
| 26 (X'1A') | Reserved | 2 | N/A | Reserved |
| 28 (X'1C') | SMF119IDOff | 4 | Binary | Offset to TCP/IP identification section * |
| 32 (X'20') | SMF119IDLen | 2 | Binary | Length of TCP/IP identification section * |
| 34 (X'22') | SMF119IDNum | 2 | Binary | Number of TCP/IP identification sections * |
| 36 (X'24') | SMF119S1Off | 4 | Binary | Offset to FTP client login failure section |
| 40 (X'28') | SMF119S1Len | 2 | Binary | Length of FTP client login failure section |
| 42 (X'2A') | SMF119S1Num | 2 | Binary | Number of FTP client login failure sections |
| 44 (X'2C') | SMF119S2Off | 4 | Binary | Offset to FTP client SOCKS section |
| 48 (X'30') | SMF119S2Len | 2 | Binary | Length of FTP client SOCKS section |
| 50 (X'32') | SMF119S2Num | 2 | Binary | Number of FTP client SOCKS sections |
| 52 (X'34') | SMF119S3Off | 4 | Binary | Offset to FTP client Security section |
| 56 (X'38') | SMF119S3Len | 2 | Binary | Length of FTP client Security section |
| 58 (X'3A') | SMF119S3Num | 2 | Binary | Number of FTP client Security sections |
| 60 (X'3C') | SMF119S4Off | 4 | Binary | Offset to FTP client user name section (z/OS® version V1R8 and later) |
| 64 (X'40') | SMF119S4Len | 2 | Binary | Length of FTP client user name section (z/OS version V1R8 and later) |
| 66 (X'42') | SMF119S4Num | 2 | Binary | Number of FTP client user name sections (z/OS version V1R8 and later) |
| * See Common TCP/IP identification section for the contents of the TCP/IP identification section. | ||||
Table 2 shows the client login failure session section, which follows the TCP/IP identification section.
| Offset | Name | Length | Format | Description |
|---|---|---|---|---|
| 0(X'0') | SMF119FT_FCLRIP | 16 | Binary | Remote IP address (server) |
| 16(X'10') | SMF119FT_FCLLIP | 16 | Binary | Local IP address (client) |
| 32(X'20') | SMF119FT_FCLRPort | 2 | Binary | Remote port number (server) |
| 34(X'22') | SMF119FT_FCLLPort | 2 | Binary | Local port number (client) |
| 36(X'24') | SMF119FT_FCLUserID | 8 | EBCDIC | Local user ID |
| 44(X'2C') | SMF119FT_FCLReason | 4 | Binary | Login failure reason. The reason is a Client
Error Code as documented in FTP Client Error
Codes in z/OS Communications Server: IP User's Guide and Commands. Following list shows the client error codes
most likely for login failures.
|
| 48 (X'30') | SMF119FT_FCLCConnID | 4 | Binary | TCP connection ID of FTP control connection |
Table 3 describes the FTP client SOCKS section, which is present only if the connection passes through a SOCKS server.
| Offset | Name | Length | Description |
|---|---|---|---|
| 0(X'0') | SMF119FT_FCCIP | 16 | SOCKS server IP address |
| 16(X'10') | SMF119FT_FCCPort | 2 | SOCKS server port number |
| 18(X'12') | SMF119FT_FCCProt | 1 | SOCKS protocol version. Possible values are:
|
Table 4 defines the FTP client login failure security section.
| Offset | Name | Length | Format | Description |
|---|---|---|---|---|
| 0 (X'0') | SMF119FT_FCMechanism | 1 | EBCDIC | Protection mechanism. Possible values are:
|
| 1 (X'1') | SMF119FT_FCCProtect | 1 | EBCDIC | Control connection protection level. Possible
values are:
|
| 2 (X'2') | SMF119FT_FCDProtect | 1 | EBCDIC | Data connection protection level. Possible values
are:
|
| 3 (X'3') | SMF119FT_FCLoginMech | 1 | EBCDIC | Login method. Possible values are:
|
| 4 (X'4') | SMF119FT_FCProtoLevel | 8 | EBCDIC | Protocol level (present only if protection mechanism is TLS or AT-TLS).
Possible values are:
|
| 12 (X'C') | SMF119FT_FCCipherSpec | 20 | EBCDIC | Cipher specification (present only if protection mechanism is TLS or AT-TLS).
Possible values when Protocol Level is SSLV2 are:
|
| 32 (X'20') | SMF119FT_FCProtBuffSize | 4 | Binary | Negotiated protection buffer size |
| 36(xX'24') | SMF119FT_FCCipher | 2 | EBCDIC | Hexadecimal value of Cipher Specification (present only if protection mechanism is TLS or AT-TLS). If the value is 4X, the Cipher Specification must be obtained from the SMF119FT_FCLCipher4 field. |
| 38 (X'26') | SMF119FT_FCFips140 | 1 | Binary | FIPS 140 status
|
| 39 (X'27') | SMF119FT_FCCipher4 | 4 | EBCDIC | Four byte hexadecimal value of Cipher Specification (present only if protection mechanism is TLS or AT-TLS). |
| 43(X'2B') | SMF119FT_FCSessReuse | 1 | EBCDIC | SSL session reuse:
|
| 44(X'2C') | SMF119FT_FCCSSLSessIDLen | 2 | Binary | Length of the SSL session ID of FTP control connection |
| 46(X'2E') | SMF119FT_FCCSSLSessID | 32 | Binary | SSL session ID of FTP control connection |
| 78(X'4E') | SMF119FT_FCDSSLSessIDLen | 2 | Binary | Length of the SSL session ID of FTP data connection |
| 80(X'50') | SMF119FT_FCDSSLSessID | 32 | Binary | SSL session ID of FTP data connection |
| 112(X’70’) |
SMF119FT_FCKeyShare |
4 |
EBCDIC |
AT-TLS Negotiated Key Share (present only if protection mechanism is AT-TLS
and protocol level is TLSV1.3) |
Table 5 shows the FTP client user name section.
| Offset | Name | Length | Format | Description |
|---|---|---|---|---|
| 0(X'0') | SMF119FT_FCLXUserID | n | EBCDIC | User name or user ID used to log on to the FTP server |