IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace z/OS
Categories Communications Server
Created by Guest
Created on Nov 20, 2013

RELATED IDEAS

incoming traffic monitor

i want to monitor all incoming/outgoing tcpip traffic in my z/os system.
I want a light weight (i.e., not a trace) monitor so that it can run all the time.
I imagine it as a monitor that writes details to SMF records.
Then I can post-process the SMF data and get my results.
It does not need to be real time monitoring...altho that would be nice...but only if it is light weight.

Idea priority Medium
  • Guest
    Reply
    |     Nov 19, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - z Systems Software
    Product - z/OS Communications Server

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Enterprise Networking
    Product - z/OS Communications Server

  • Guest
    Reply
    |     Feb 28, 2014

    The z/OS Communications Server product would not provide a monitor to capture unencrypted TCP/IP traffic.  IBM Tivoli and other z/OS systems network management vendors provide products to capture TCP/IP traffic using the Comm Server real-time trace interfaces. It is suggested that you open a requirement with the IBM z/OS Netview product. Would you like assistance with opening this requirement?

    As mentioned, unencrypted data can be captured using the TCP/IP Data Trace command. Refer to the IP Systems Admin Guide. Regarding your question, the command does allow for turning capturing "all" data flowing between TCP/IP and the application.   If we can assist you with more information please let us know; otherwise, this request will be closed.

  • Guest
    Reply
    |     Feb 28, 2014

    Didn't I answer these already in my previous post which was????

    -i want to monitor all incoming/outgoing tcpip traffic in my z/os system.
    -I want a light weight (i.e., not a trace) monitor so that it can run all the time.
    -I imagine it as a monitor that writes details to SMF records.
    -Then I can post-process the SMF data and get my results.
    -It does not need to be real time monitoring...altho that would be nice...but only if it is light weight.
    Use case:
    -I need to determine all unencrypted traffic into/out of my system.

    But let's proceed
    A few questions for you:
    1) We'd like to capture information from you regarding your specification of SMF records. Is SMF a "requirement" in your shop in terms
    of satisfying auditing requirements or just a preferred method of storing?
    SMF is nice because of the post-processing capability but no SMF is not a requirement
    2) Are you asking that thise records be formatted when stored or is the raw trace with formatting headers acceptable?
    Don't care
    3) Do you currently use a network management product like z/OS Netview?
    Yes
    4) What are the reasons that you can't use the continuous tracing available today, store this information, retrieve and process as needed?
    Continuous tracing is heavy in a Production environment. How would I configure continuous tracing for ALL incoming/outgoing traffic? Isn't it targeted point to point?

  • Guest
    Reply
    |     Feb 27, 2014

    Hello and thanks for submitting your requirement.  We'd like to disucss your requirement more, and have some questions that will help to clarify some aspects of your request.

    First, let's level-set on what z/OS Communications Server provides for trace capture. There are two primary methods to capture packet and data traces:
    1) Using operator commands.  These allow for filters.  Traces are captured through a dump or can be targeted to
         datasets using the CTRACE external writer.  IBM provides formatting through IPCS.
    2) Real-time Trace capture through Network Management Interface (NMI). In z/OS V2R1, a new, improved
        programming interface was provided for  capture of packet or data trace.  This does require and application
        to program to the interface and capture the data.  Programming interfaces are provided to format the data.

    The ability to have continous capture of trace (without writing an application) is available with the CTRACE external writer.  Data trace  (vs Packet trace) allows for obtaining data that is unencrypted (unless SSL is performed at the application layer ...i.e. not using AT-TLS).
    Data trace captures the data above the IP layer, actually between the TCP/IP and the application.  Depending upon  your view, there are advantages/disadvantages to using data trace vs packet trace in that the data is fully assembled (no fragments), but information like the protocol headers are removed.  Also, data trace has limitations on the amount of data traced.

    A few questions for you:
    1) We'd like to capture information from you regarding your specification of SMF records. Is SMF a "requirement" in your shop in terms
         of satisfying auditing requirements or just a preferred method of storing?
    2) Are you asking that thise records be formatted when stored or is the raw trace with formatting headers acceptable?
    3) Do you currently use a network management product like z/OS Netview?
    4) What are the reasons that you can't use the continuous tracing available today, store this information, retrieve and process as needed? 

    At this point, zOS Communications Server would not provide formatted SMF records for trace. This type of function more appropriate for a systems
    management application, like Netview.  Many of these types of products interface with the real-time tracing and are able to capture, and
    optimize the saving and formatting of captured data more efficiently. 

     It would help to get your feedback to the above questions, so that we can work with you more.

     Thanks again and we look forward to hearing from you.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.