Topic
  • 3 replies
  • Latest Post - ‏2012-04-11T02:20:21Z by SystemAdmin
MadFrog41
MadFrog41
2 Posts

Pinned topic Can't see S-TAP host IP address in GIM--no clients have been registered

‏2012-04-04T22:26:31Z |
Hey guys,

I have been trying to set up the Guardium environment in SUSE 10 linux based on the boot camp lab material. After the initial installation, the communication between the data server and the collector is fine, I can ping both from each other and the web interface can also prompt successfully. Then I executed the script "sudo ./guard-bundle-GIM-v82_r33264_1-suse-10-linuxi686.gim.sh -- --dir /usr/local/guardium --tapip 192.168.30.130 --sqlguardip
192.168.30.108" to extract the GIM client on the data server, the process seems fine since it says "Installation completed successfully". But when I tried to import the modules into the data server via GIM, the system can't see the server's IP address and keeps saying "no clients have been registered". So now I am stucked at here and can't install those modules into the server.

Does anyone have any idea what is the problem? Did I missed or misconfigured something? The version I am using is 8.2.

Thanks.
Updated on 2012-04-11T02:20:21Z at 2012-04-11T02:20:21Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: Can't see S-TAP host IP address in GIM--no clients have been registered

    ‏2012-04-05T01:05:58Z  
    Hi,

    1. May I know you are installing this in a VM environment or physical machine?
    2. I presume the 192.168.30.130 is the data server and 192.168.30.108 is the Guardium appliance or Collector, right?
    3. Can you telnet to Collector at port 8081? (TCP 8081, is used by GIM)
    4. Can you see the GIM is active in Process Monitoring?
    5. If you ps -ef|grep gim, is the GIM process running?
    6. Are you installing directly from root users?
    7. Login as CLI, go "iptraf" and check whether is there any traffic coming from 192.168.30.130.

    regards,
    Teh
  • MadFrog41
    MadFrog41
    2 Posts

    Re: Can't see S-TAP host IP address in GIM--no clients have been registered

    ‏2012-04-10T16:05:24Z  
    Hi,

    1. May I know you are installing this in a VM environment or physical machine?
    2. I presume the 192.168.30.130 is the data server and 192.168.30.108 is the Guardium appliance or Collector, right?
    3. Can you telnet to Collector at port 8081? (TCP 8081, is used by GIM)
    4. Can you see the GIM is active in Process Monitoring?
    5. If you ps -ef|grep gim, is the GIM process running?
    6. Are you installing directly from root users?
    7. Login as CLI, go "iptraf" and check whether is there any traffic coming from 192.168.30.130.

    regards,
    Teh
    Hello Teh,

    Thank you very much for the help.

    1. May I know you are installing this in a VM environment or physical machine?
    Both of the data server and the collector are running in the VM environment.

    2. I presume the 192.168.30.130 is the data server and 192.168.30.108 is the Guardium appliance or Collector, right?
    Yes, that's right.

    3. Can you telnet to Collector at port 8081? (TCP 8081, is used by GIM)
    When I do a "telnet 192.168.30.108 8081", I will get the following error after some seconds pause:
    "Trying 192.168.30.108...
    Connected to 192.168.30.108.
    Escape character is '^]'.
    Connection closed by foreign host."

    4. Can you see the GIM is active in Process Monitoring? & 5. If you ps -ef|grep gim, is the GIM process running?
    This is the place I found something strange. When I ps -ef|grep gim, the response I got is
    "root 3692 1 0 10:07 ? 00:00:07 /usr/bin/perl /usr/local/guardium/modules/*GIM/8.1.00_r24276_1-1305644065/gim_client.pl*
    root 3789 3692 0 10:07 ? 00:00:02 ../../perl ./guard_gimd.pl
    guard 13856 5159 0 11:40 pts/0 00:00:00 grep gim"

    The version I installed there is v8.2 and the folder installed under the path "/usr/local/guardium/GIM" is also 8.2.00_r33264_1-1333576553. Is this strange that the response above has something to do with a version of 8.1.00_r24276_1-1305644065?

    6. Are you installing directly from root users?
    I first logged in as "guard" and used sudo to install the package. Is it the same thing with installing directly from root?(Sorry I am not a linux expert).

    7. Login as CLI, go "iptraf" and check whether is there any traffic coming from 192.168.30.130.
    No. I can't see any traffic come from the data server. Since I have not installed those modules such as STAP yet, the collector is not supposed to get traffic from the data server, right?

    Thanks,
    MadFrog
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: Can't see S-TAP host IP address in GIM--no clients have been registered

    ‏2012-04-11T02:20:21Z  
    • MadFrog41
    • ‏2012-04-10T16:05:24Z
    Hello Teh,

    Thank you very much for the help.

    1. May I know you are installing this in a VM environment or physical machine?
    Both of the data server and the collector are running in the VM environment.

    2. I presume the 192.168.30.130 is the data server and 192.168.30.108 is the Guardium appliance or Collector, right?
    Yes, that's right.

    3. Can you telnet to Collector at port 8081? (TCP 8081, is used by GIM)
    When I do a "telnet 192.168.30.108 8081", I will get the following error after some seconds pause:
    "Trying 192.168.30.108...
    Connected to 192.168.30.108.
    Escape character is '^]'.
    Connection closed by foreign host."

    4. Can you see the GIM is active in Process Monitoring? & 5. If you ps -ef|grep gim, is the GIM process running?
    This is the place I found something strange. When I ps -ef|grep gim, the response I got is
    "root 3692 1 0 10:07 ? 00:00:07 /usr/bin/perl /usr/local/guardium/modules/*GIM/8.1.00_r24276_1-1305644065/gim_client.pl*
    root 3789 3692 0 10:07 ? 00:00:02 ../../perl ./guard_gimd.pl
    guard 13856 5159 0 11:40 pts/0 00:00:00 grep gim"

    The version I installed there is v8.2 and the folder installed under the path "/usr/local/guardium/GIM" is also 8.2.00_r33264_1-1333576553. Is this strange that the response above has something to do with a version of 8.1.00_r24276_1-1305644065?

    6. Are you installing directly from root users?
    I first logged in as "guard" and used sudo to install the package. Is it the same thing with installing directly from root?(Sorry I am not a linux expert).

    7. Login as CLI, go "iptraf" and check whether is there any traffic coming from 192.168.30.130.
    No. I can't see any traffic come from the data server. Since I have not installed those modules such as STAP yet, the collector is not supposed to get traffic from the data server, right?

    Thanks,
    MadFrog
    Hi, I'm neither Linux expert but if I'm not mistaken, Guardium always recommended the installation to done through root directly instead of sudo.

    1. May I know is the GIM a fresh installation or you upgrade from the previous version?

    2. For Q3, I presume it should be normal that the connection will closed by peer mean the Collector. As, the TCP 8081 is used by GIM to sync with Collector if there is any changes. Once you have successfully connected the GIM to Collector, you can monitor from iptraf, the connection will be closed automatically.

    3. For Q4, by right you should see the directory as "/usr/local/guardium/modules/GIM/". Anyway, does it show in Process Monitoring under the Administration Console/Modules Upload?

    4. For Q7, whether the GIM or STAP has installed, if GIM has installed, you should at least see the connection from data server to Collector at TCP 8081, if STAP has installed than you will see TCP 16016 (for Unix/Linux).

    5. Check the /etc/inittab, do you see the following lines:
    gim:2345:respawn:<perl dir>/perl <modules install
    dir>/GIM/<ver>/gim_client.pl
    gsvr:2345:respawn:<modules install dir>/perl <modules install
    dir>/SUPERVISOR/<ver>/guard_supervisor

    • Where <modules install dir> is the directory where all GIM modules are installed
    (e.g. /usr/local/guardium/modules)

    5. Did you try restart the GIM or server? Maybe you can try restart the GIM by killing the gim_client.pl process?

    Last, my personal opinion, to cut short your time and I believe you setup this environment is for testing purpose, right? Uninstall everything and reboot the server. Than login as root to start a fresh installation.

    To uninstall, run "./usr/local/guardium/GIM/current/uninstall.pl".

    This is just my opinion. :)