Real-time TCP/IP network monitoring NMI
Network management applications can use the z/OS® Communications
Server real-time
TCP/IP network monitoring NMI to programmatically obtain data in real
time. The network management applications obtain the data by performing
the following steps:
- Connect to one of the real-time NMI interfaces. Use the NETMONITOR profile statement to enable these interfaces in the TCP/IP stack.
- Invoke the TMI copy buffer interface to copy the real-time data to application storage.
Table 1 shows the real-time
NMI interfaces that are described in this topic.
Interface name | Description |
---|---|
SYSTCPDA | Real-time TCP/IP packet and data trace NMI |
SYSTCPCN | Real-time TCP connection SMF NMI |
SYSTCPOT | Real-time OSAENTA packet trace NMI |
SYSTCPSM | Real-time SMF NMI |
SYSTCPER | Real-time zERT Detail SMF NMI |
SYSTCPES | Real-time zERT Summary SMF NMI |
Each of the interfaces described in this section provides a unique type of data to be processed by the end user, but the general interface by which the data is obtained is essentially the same. The records are retrieved using a common data layout, although the records themselves might differ in format depending on the interface.
Tip: New SMF 119 records might be added with
new releases. If you write an application that processes the SMF 119
records from these NMIs, design the application to receive SMF 119
records that it might not recognize.
The information provided by each interface is as follows.
Interface | Description |
---|---|
Real-time TCP/IP packet and data trace NMI (SYSTCPDA) | Using this interface, applications can obtain a copy of network packets (for example, packet trace records) or data trace records that are buffered by the TCP⁄IP stack's packet or data trace functions. The packet trace function, data trace function, or both must be enabled with the VARY TCPIP,,PKTTRACE command or VARY TCPIP,,DATTRACE command. See z/OS Communications Server: IP System Administrator's Commands for more information about using the Vary command. |
Real-time TCP connection SMF NMI (SYSTCPCN) | Using this interface, applications can be notified when TCP connections are established or terminated in a near real-time fashion. SYSTCPCN provides applications with a copy of records indicating a TCP connection initiation or termination. These records are presented in the same format as SMF type 119 TCP connection initiation and termination records (for example, subtype 1 and 2 records). The interface can also be used to provide records describing existing TCP connections. This interface does not require TCP⁄IP SMF recording to be active. |
Real-time TCP/IP OSAENTA trace NMI (SYSTCPOT) | Using this interface, applications can obtain copies of network packets and records that are buffered by the TCP/IP OSAENTA trace functions. The OSAENTA Trace function must be enabled using the VARY TCPIP,,OSAENTA command. See z/OS Communications Server: IP System Administrator's Commands for more information about using the Vary command. |
Real-time SMF NMI (SYSTCPSM) | The records provided through the interface are type 119 SMF records. The
specific subtypes that are provided are:
Except for the MVS™ SMF header, these records are identical in format to SMF records created by TCP⁄IP. Some fields in the MVS SMF header are not set. These records offer several key advantages over SMF records:
In addition to these records, more records are available across this interface that are not
currently available from TCP⁄IP SMF records
processing:
See Real-time SMF NMI: FTP SMF type 119 subtypes 100-104 record formats for more information about these records. |
Real-time zERT Detail SMF NMI (SYSTCPER) | Using this interface, applications can be notified when z/OS Encryption Readiness Technology (zERT) connection detail records are generated in a near real-time fashion. SYSTCPER provides applications with a copy of records that describe the cryptographic protection attributes at TCP and Enterprise Extender (EE) connection initiation or termination, or whenever the cryptographic protection attributes change during the lifetime of the connection. Records are only reported for those TCP and EE connections that terminate at the local TCP/IP stack. These records are presented in the same format as SMF type 119 zERT connection detail records (subtype 11) . The interface can also be used to provide records describing the cryptographic protection attributes for existing TCP and EE connections. This interface does not require TCP/IP SMF recording to be active. |
Real-time zERT Summary SMF NMI (SYSTCPES) | Using this interface, applications can be notified when z/OS Encryption Readiness Technology (zERT) summary records are generated in a near real-time fashion. SYSTCPES provides applications with a copy of records that describe the cryptographic protection attributes and usage statistics of security sessions used by TCP and EE connections that terminate at the local TCP/IP stack. These records are presented in the same format as SMF type 119 zERT summary records (subtype 12). These records are provided at regular SMF intervals. This interface does not require TCP/IP SMF recording to be active. |