Skip to Content

Monitoring zERT encryption data

The zERT encryption views provide real-time encryption data for all connections on your system. zERT encryption data includes cryptographic security information for TLS, SSL, SSH, and IPSec protocols. BMC AMI Ops Monitor for IP collects zERT encryption data for every connection that starts or summarizes data for a client/server connection over an SMF interval. 

Related topics

Using views

The zERT data collection parameter supports the following values:

  • DETAIL—Collects real-time encryption data for every connection that starts
Warning

Important

The DETAIL parameter collects and generates large volumes of zERT records that might increase the workload on the IBM NMI interface, especially when many short‑lived connections occur.

  • SUMMARY—Collects only one record for each client/server pair at every SMF interval
  • ALL—Collects both detail and summary data

For more information, see Managing the IBM zERT NMI

zERT connections overview

The zERT view displays an overview of the zERT connections for the TCP/IP stack. The zERT connections are organized by security protocol and version. You can view detailed information for each connection by linking to the detail views for each connection type.

zERT detail views

The zERT detail views display the following encryption data for each connection:

  • Local and remote port
  • Local and remote IP address
  • Start/end time
  • Connection state
  • Protocol attributes (TLS, SSH, IPSec), if encrypted
  • Client/server certificate information
  • IP filtering rules

You can issue commands on the zERT detail views to accomplish the following tasks:

  • TraceRoute the remote IP address (TR)
  • Ping the remote IP address (P)
  • Drop the connection (DR)
  • Packet trace the connection (PKT)
  • Data trace the connection (DAT)

The ZRTDJOBZ and ZRTDPRTZ views summarize the zERT detail connection data by job name and port number. To display detailed information for each zERT connection, use the hyperlinks available in the Job Name and Local Port fields. 

The following views provide detailed zERT encryption data: 

View

Display

ZERTDALL

All detail zERT connections

ZTLSDET 

TLS-encrypted connections (including AT-TLS)

ZSSHDET

SSH-encrypted connections

ZIPSDET 

IPSec-encrypted connections

ZTTLSDET 

AT‑TLS-encrypted connections

ZCLRDET 

ClearText connections (no encryption)

ZRTDJOBZ

Summary of detail zERT data by job name

ZRTDPRTZ

Summary of detail zERT data by local port

Summary of detail zERT data by IP address

Expiring TLS certificates

To set the threshold for expiring certificates, see Managing the IBM zERT NMI.

Real‑time TLS handshake failures

Real‑time SSH handshake failures

zERT summary views

The zERT summary views display the following encryption data for each connection:

  • Client and server IP address
  • Server-port range
  • Total/active connection information
  • Byte counts (interval and total)
  • Segments (interval and total)
  • Protocol attributes (TLS, SSH, IPSec), if encrypted
  • Client/server certificate information

The following views provide summary zERT encryption data: 

View

Display

ZERTSALL

All summary zERT connections

ZTLSSUM 

TLS-encrypted connection summary data

ZSSHSUM 

SSH-encrypted connection summary data

ZIPSSUM 

IPSec-encrypted connection summary data

ZCLRSUM 

ClearText connection summary data (no encryption)

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Ops Monitor for IP 3.9