SMF 119-2

  • Updated on Mar 19, 2024
  • Published on May 3, 2022
  • 3 minute(s) read
  • Guilhem PREVOT
 Prev Next

Introduction

Fields

Stored in tcpIpConnData

SMF Field DB Column name Description
recordType Value is always TCP2
sid
startTime
endTime
systemName System name from SYSNAME in IEASYSxx
sysplex Sysplex name from SYSPLEX in COUPLExx
stackName TCP/IP stack name
releaseId z/OS Communications Server TCP/IP release identifier
subComponent TCP/IP subcomponent
asName Started task qualifier or address space name of address space
userId User id of security context under which this SMF record is
asId ASID of address space that writes this SMF record
reasonWrite Reason for writing this SMF record
nextRecordId Value used by the following SMF 119 records
SMF119AP_TTRName socketResourceName TCP socket resource name (Address space name of address space that closed this TCP connection)
SMF119AP_TTConnID socketResourceId TCP socket resource ID (connection ID)
SMF119AP_TTTTLSCS tlsConnStatus AT-TLS connection status
  1. Connection is not secure
  2. Connection handshake in progress
  3. Connection is secure
SMF119AP_TTTTLSPS tlsPolicyStatus AT-TLS Policy Status
  1. Policy status is not known
  2. AT-TLS function off
  3. No policy defined for connection
  4. Policy defined for connection; AT-TLS not enabled
  5. Policy defined for connection; AT-TLS enabled
  6. Policy defined for connection; AT-TLS enabled and Application Controlled
SMF119AP_TTTermCode reasonCode Reason code for connection termination
  1. Error occurred during a send using FRCA(AFPA), possibly because the stack is terminating.
  2. A persistent socket used by FRCA (AFPA) was closed by a FIN.
  3. The connection was terminated because the stack was terminating.
  4. Last stack that can own the dynamic VIPA bound to the socket is terminating
  5. Intrusion detection found the connection to be malicious and closed the connection.
  6. Connection was denied because of a NetAccess rule.
  7. ACK received in lastack state.
  8. The connection was terminated because of an administrator action (for example, using Netstat DRop/-D command or the NMI API).
  9. The connection was terminated because the local IP address bound by the application has been deleted from the stack.
  10. The connection from a client was terminated because the application closed the socket before performing an accept().
  11. The application using the socket, closed the connection using a close().
  12. A pascal routine issued an orderly close request.
  13. A pascal routine issued a disconnect.
  14. An error occurred during a pascal accept.
  15. The connection was terminated because the client sent a reset.
  16. The connection was closed because the same packet was being re-transmitted multiple times.
  17. The connection was closed because the TCP window was reduced to 0 and multiple window probes were not acknowledged.
  18. The connection was closed because multiple keepalive probes were not acknowledged.
  19. The connection was terminated because the stack timed out waiting for a fin in the finwait-2 state.
  20. The connection was terminated because a global TCP stall attack was detected.
  21. The connection was terminated because a TCP queue size attack was detected.
SMF119AP_TTSubtask subTaskName Subtask Name (Address of MVS™ TCB for the task that owns this connection. This is not the subtask value specified on an INITAPI call.)
SMF119AP_TTSDate dateConnEstbl Date of connection establishment (GMT)
SMF119AP_TTETime dateConnTimeWait Date connection entered TIMEWAIT or LASTACK state (GMT)
SMF119AP_TTRIP remoteIpAddrConnClose Remote IP address at time of connection close
SMF119AP_TTLIP localIpAddrConnClose Local IP address at time of connection close
SMF119AP_TTRPort remotePortNumConnClose Remote port number at time of connection close
SMF119AP_TTLPort localPortNumConnClose Local port number at time of connection close
SMF119AP_TTInBytes inboundByteCount Inbound byte count
SMF119AP_TTOutBytes outboundByteCount Outbound byte count
SMF119AP_TTTOS typeOfService Type of Service (ToS) used by this connection
SMF119AP_TTTelLUName luName LU name
SMF119AP_TTTelAppl targetApplName Target application name
SMF119AP_TTTelLogmode logmodeName Logmode name
SMF119AP_TTTelStatus statusWord Status word
SMF119AP_TTTelTermCode reasonConnClose Reason code for closing connection. The socket must be accessible to the TN3270 server to record a reason
SMF119AP_TTTTLSSP tlsProtocol AT-TLS SSL /TLS Protocol
  1. SSL Version 2
  2. SSL Version 3
  3. TLS Version 1.0
  4. TLS Version 1.1
  5. TLS Version 1.2
SMF119AP_TTTTLSNC tlsNegotCipher AT-TLS Negotiated Cipher. If the value is 4X, the cipher must be obtained from SMF119AP_TTTTLSNC4
SMF119AP_TTTTLSST tlsSecurityType AT-TLS Security Type
  1. Client
  2. Server
  3. Server with client authentication, ClientAuthType = PassThru
  4. Server with client authentication, ClientAuthType = Full
  5. Server with client authentication, ClientAuthType = Required
  6. Server with client authentication, ClientAuthType = SAFCheck
SMF119AP_TTTTLSFP fips FIPS 140 status
SMF119AP_TTTTLSSESSIDLEN tlsSessionIdLen Length of the AT-TLS session ID
SMF119AP_TTTTLSUID tlsPartnerUserid AT-TLS Partner UserID
SMF119AP_TTTTLSNC4 tlsNegotCipher4B AT-TLS Negotiated Four Byte Cipher
SMF119AP_TTTTLSSESSID tlsSessionId AT-TLS session ID
SMF119AP_TTTTLSSRU sslSessionReuse SSL session reuse
SMF119AP_TTTTLSNKS tlsNegotKeyShare AT-TLS Negotiated Key Share (present when protocol is TLS Version 1.3)
actionId
cec_name
cec_model
cec_type
lpar_name