SMF 119-2

Updated on 19 Mar 2024
3 Minutes to read
Contributors

Print
Share
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

Introduction

Fields

Stored in tcpIpConnData

SMF Field	DB Column name	Description
	recordType	Value is always TCP2
	sid
	startTime
	endTime
	systemName	System name from SYSNAME in IEASYSxx
	sysplex	Sysplex name from SYSPLEX in COUPLExx
	stackName	TCP/IP stack name
	releaseId	z/OS Communications Server TCP/IP release identifier
	subComponent	TCP/IP subcomponent
	asName	Started task qualifier or address space name of address space
	userId	User id of security context under which this SMF record is
	asId	ASID of address space that writes this SMF record
	reasonWrite	Reason for writing this SMF record
	nextRecordId	Value used by the following SMF 119 records
SMF119AP_TTRName	socketResourceName	TCP socket resource name (Address space name of address space that closed this TCP connection)
SMF119AP_TTConnID	socketResourceId	TCP socket resource ID (connection ID)
SMF119AP_TTTTLSCS	tlsConnStatus	AT-TLS connection status Connection is not secure Connection handshake in progress Connection is secure
SMF119AP_TTTTLSPS	tlsPolicyStatus	AT-TLS Policy Status Policy status is not known AT-TLS function off No policy defined for connection Policy defined for connection; AT-TLS not enabled Policy defined for connection; AT-TLS enabled Policy defined for connection; AT-TLS enabled and Application Controlled
SMF119AP_TTTermCode	reasonCode	Reason code for connection termination Error occurred during a send using FRCA(AFPA), possibly because the stack is terminating. A persistent socket used by FRCA (AFPA) was closed by a FIN. The connection was terminated because the stack was terminating. Last stack that can own the dynamic VIPA bound to the socket is terminating Intrusion detection found the connection to be malicious and closed the connection. Connection was denied because of a NetAccess rule. ACK received in lastack state. The connection was terminated because of an administrator action (for example, using Netstat DRop/-D command or the NMI API). The connection was terminated because the local IP address bound by the application has been deleted from the stack. The connection from a client was terminated because the application closed the socket before performing an accept(). The application using the socket, closed the connection using a close(). A pascal routine issued an orderly close request. A pascal routine issued a disconnect. An error occurred during a pascal accept. The connection was terminated because the client sent a reset. The connection was closed because the same packet was being re-transmitted multiple times. The connection was closed because the TCP window was reduced to 0 and multiple window probes were not acknowledged. The connection was closed because multiple keepalive probes were not acknowledged. The connection was terminated because the stack timed out waiting for a fin in the finwait-2 state. The connection was terminated because a global TCP stall attack was detected. The connection was terminated because a TCP queue size attack was detected.
SMF119AP_TTSubtask	subTaskName	Subtask Name (Address of MVS™ TCB for the task that owns this connection. This is not the subtask value specified on an INITAPI call.)
SMF119AP_TTSDate	dateConnEstbl	Date of connection establishment (GMT)
SMF119AP_TTETime	dateConnTimeWait	Date connection entered TIMEWAIT or LASTACK state (GMT)
SMF119AP_TTRIP	remoteIpAddrConnClose	Remote IP address at time of connection close
SMF119AP_TTLIP	localIpAddrConnClose	Local IP address at time of connection close
SMF119AP_TTRPort	remotePortNumConnClose	Remote port number at time of connection close
SMF119AP_TTLPort	localPortNumConnClose	Local port number at time of connection close
SMF119AP_TTInBytes	inboundByteCount	Inbound byte count
SMF119AP_TTOutBytes	outboundByteCount	Outbound byte count
SMF119AP_TTTOS	typeOfService	Type of Service (ToS) used by this connection
SMF119AP_TTTelLUName	luName	LU name
SMF119AP_TTTelAppl	targetApplName	Target application name
SMF119AP_TTTelLogmode	logmodeName	Logmode name
SMF119AP_TTTelStatus	statusWord	Status word
SMF119AP_TTTelTermCode	reasonConnClose	Reason code for closing connection. The socket must be accessible to the TN3270 server to record a reason
SMF119AP_TTTTLSSP	tlsProtocol	AT-TLS SSL /TLS Protocol SSL Version 2 SSL Version 3 TLS Version 1.0 TLS Version 1.1 TLS Version 1.2
SMF119AP_TTTTLSNC	tlsNegotCipher	AT-TLS Negotiated Cipher. If the value is 4X, the cipher must be obtained from SMF119AP_TTTTLSNC4
SMF119AP_TTTTLSST	tlsSecurityType	AT-TLS Security Type Client Server Server with client authentication, ClientAuthType = PassThru Server with client authentication, ClientAuthType = Full Server with client authentication, ClientAuthType = Required Server with client authentication, ClientAuthType = SAFCheck
SMF119AP_TTTTLSFP	fips	FIPS 140 status
SMF119AP_TTTTLSSESSIDLEN	tlsSessionIdLen	Length of the AT-TLS session ID
SMF119AP_TTTTLSUID	tlsPartnerUserid	AT-TLS Partner UserID
SMF119AP_TTTTLSNC4	tlsNegotCipher4B	AT-TLS Negotiated Four Byte Cipher
SMF119AP_TTTTLSSESSID	tlsSessionId	AT-TLS session ID
SMF119AP_TTTTLSSRU	sslSessionReuse	SSL session reuse
SMF119AP_TTTTLSNKS	tlsNegotKeyShare	AT-TLS Negotiated Key Share (present when protocol is TLS Version 1.3)
	actionId
	cec_name
	cec_model
	cec_type
	lpar_name

What's Next

SMF 119-8

Table of contents

Introduction
Fields