Topic
  • 72 replies
  • Latest Post - ‏2013-12-03T18:27:09Z by FSilvaFNC
Federico.Vietti
Federico.Vietti
28 Posts

Pinned topic S-TAP non visible on console

‏2012-11-27T16:38:34Z |
Hi all,

I've installer a STAP agent on windows, but I cannot see it in the Guardium console.

How can I do to troubleshoot this problem?

regards
Updated on 2013-03-20T09:23:15Z at 2013-03-20T09:23:15Z by SystemAdmin
  • jkoblen
    jkoblen
    4 Posts

    Re: S-TAP non visible on console

    ‏2012-11-28T19:24:24Z  
    Have you run ' store unit type stap' from the cli ?
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T08:01:01Z  
    • jkoblen
    • ‏2012-11-28T19:24:24Z
    Have you run ' store unit type stap' from the cli ?
    Yes, this is the result of show unit type:

    guardium > show unit type
    Standalone Netinsp stap
    ok

    any idea?

    thank you
  • Muris
    Muris
    45 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T09:22:19Z  
    Hi,

    What do you mean can't see in Guardium console? Can't see it in Guardium admin console in web gui? Did you check ports on Windows machine? For S-TAP you need to create rule to allow 8075 UDP port. Does ping from Windows machine to collector works?

    REGARDS,
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T12:03:41Z  
    Yes, this is the result of show unit type:

    guardium > show unit type
    Standalone Netinsp stap
    ok

    any idea?

    thank you
    Hi, please also check whether do you turn on the Windows firewall, if yes, please allow the outgoing for TCP 9500 and incoming for UDP 8075. or you can temporary disable the Windows firewall to test.

    You may also verify with ping whether you get response from the Collector. Check also the guard_tap.ini file and determine the SQLGuard IP is correct.
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T12:10:12Z  
    Hi, please also check whether do you turn on the Windows firewall, if yes, please allow the outgoing for TCP 9500 and incoming for UDP 8075. or you can temporary disable the Windows firewall to test.

    You may also verify with ping whether you get response from the Collector. Check also the guard_tap.ini file and determine the SQLGuard IP is correct.
    Sorry, overlook the comment from Muris, my comment is just an overlap to him.
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T14:38:15Z  
    • Muris
    • ‏2012-11-29T09:22:19Z
    Hi,

    What do you mean can't see in Guardium console? Can't see it in Guardium admin console in web gui? Did you check ports on Windows machine? For S-TAP you need to create rule to allow 8075 UDP port. Does ping from Windows machine to collector works?

    REGARDS,
    Yes, I cannot see it in admin console.

    The firewall on STAP machine is turned off.
    The ping reply correctly.

    Is there any log in the client machine that could be looked?
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T14:46:48Z  
    Yes, I cannot see it in admin console.

    The firewall on STAP machine is turned off.
    The ping reply correctly.

    Is there any log in the client machine that could be looked?
    Hi, is the collector and the DB in the same network? Any firewall or filtering in between them? You can login to CLI and run iptraf to check whether the DB has establish connection witb collector on port 9500.

    Have you check the guard_tal.ini file that you are the correct IP for the collector?

    Check also the windows services is the Guardium STAP and Guardiun database monitoring both running.
  • Muris
    Muris
    45 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T14:47:03Z  
    Yes, I cannot see it in admin console.

    The firewall on STAP machine is turned off.
    The ping reply correctly.

    Is there any log in the client machine that could be looked?
    Hi,

    Can you enter netstat in cmd: netstat -ano |find "8075" and tell us is there any output? Also, did you use hostname or IP address in STAP configuration?

    Regards,
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T15:04:48Z  
    • Muris
    • ‏2012-11-29T14:47:03Z
    Hi,

    Can you enter netstat in cmd: netstat -ano |find "8075" and tell us is there any output? Also, did you use hostname or IP address in STAP configuration?

    Regards,
    This is my stap config:
    VERSION
    STAP_CLIENT_BUILD=9.0.43443
    PROTOCOL_VERSION=7.0.0

    TAP
    FIREWALL_INSTALLED=0
    FIREWALL_TIMEOUT=10
    FIREWALL_FAIL_CLOSE=0
    FIREWALL_DEFAULT_STATE=0
    DB2_EXIT_DRIVER_INSTALLED=0
    HIGH_RESOLUTION_TIMER=0
    LHMON_FOR_NETWORK=1
    NETWORK_NAMEDPIPES=0
    DUMP_FILE_MODE=0
    STACK_TRACE_FILE_MODE=0
    BUFFER_FILE_SIZE=50
    TAP_TYPE=WTAP
    ORA_DRIVER_INSTALLED=1
    KRB_MSSQL_DRIVER_INSTALLED=2
    USE_TLS=0
    FAILOVER_TLS=0
    cas_task_baseline=task_baseline
    cas_task_checkpoint=task_checkpoint
    cas_client_baseline=client_baseline
    cas_client_checkpoint=client_checkpoint
    cas_checkpoint_period=60
    cas_fail_over_file=fail_over_file
    cas_fail_over_file_size_limit=50000
    cas_max_reconnect_attempts=5000
    cas_reconnect_interval=60
    cas_raw_data_limit=1000
    cas_md5_size_limit=1000
    cas_command_wait=300
    cas_server_failover_delay=60
    LHMON_DRIVER_INSTALLED=1
    NAMED_PIPES_DRIVER_INSTALLED=1
    SHARED_MEMORY_DRIVER_INSTALLED=1
    DB2_TAP_INSTALLED=0
    SOFTWARE_TAP_HOST=HOST94
    TAP_IP=HOST94
    TAP_VERSION=9.0.43443
    NUMBER_OF_PROCESSORS=4

    http://SQLGUARD_10.16.66.176
    sqlguard_ip=10.16.66.176
    primary=1
    this is the result of netmap:

    C:\Documents and Settings\Administrator>netstat -ano |find "8075"
    UDP 0.0.0.0:8075 : 4440
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T15:12:04Z  
    Hi, is the collector and the DB in the same network? Any firewall or filtering in between them? You can login to CLI and run iptraf to check whether the DB has establish connection witb collector on port 9500.

    Have you check the guard_tal.ini file that you are the correct IP for the collector?

    Check also the windows services is the Guardium STAP and Guardiun database monitoring both running.
    Collector and STAP are not in the same network, but there are not firewall in the middle.
    EG: if I try to connect SSH from the STAP to the collector I can access.

    I'm using the correct IP in STAP

    The STAP service is running
  • Muris
    Muris
    45 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T15:43:16Z  
    This is my stap config:
    VERSION
    STAP_CLIENT_BUILD=9.0.43443
    PROTOCOL_VERSION=7.0.0

    TAP
    FIREWALL_INSTALLED=0
    FIREWALL_TIMEOUT=10
    FIREWALL_FAIL_CLOSE=0
    FIREWALL_DEFAULT_STATE=0
    DB2_EXIT_DRIVER_INSTALLED=0
    HIGH_RESOLUTION_TIMER=0
    LHMON_FOR_NETWORK=1
    NETWORK_NAMEDPIPES=0
    DUMP_FILE_MODE=0
    STACK_TRACE_FILE_MODE=0
    BUFFER_FILE_SIZE=50
    TAP_TYPE=WTAP
    ORA_DRIVER_INSTALLED=1
    KRB_MSSQL_DRIVER_INSTALLED=2
    USE_TLS=0
    FAILOVER_TLS=0
    cas_task_baseline=task_baseline
    cas_task_checkpoint=task_checkpoint
    cas_client_baseline=client_baseline
    cas_client_checkpoint=client_checkpoint
    cas_checkpoint_period=60
    cas_fail_over_file=fail_over_file
    cas_fail_over_file_size_limit=50000
    cas_max_reconnect_attempts=5000
    cas_reconnect_interval=60
    cas_raw_data_limit=1000
    cas_md5_size_limit=1000
    cas_command_wait=300
    cas_server_failover_delay=60
    LHMON_DRIVER_INSTALLED=1
    NAMED_PIPES_DRIVER_INSTALLED=1
    SHARED_MEMORY_DRIVER_INSTALLED=1
    DB2_TAP_INSTALLED=0
    SOFTWARE_TAP_HOST=HOST94
    TAP_IP=HOST94
    TAP_VERSION=9.0.43443
    NUMBER_OF_PROCESSORS=4

    http://SQLGUARD_10.16.66.176
    sqlguard_ip=10.16.66.176
    primary=1
    this is the result of netmap:

    C:\Documents and Settings\Administrator>netstat -ano |find "8075"
    UDP 0.0.0.0:8075 : 4440
    Hi,

    Can you change SOFTWARE_TAP_HOST and TAP_IP to IP addresses instead of hostname? Then restart STAP and check in console...

    Regards,
    Muris
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T16:00:41Z  
    • Muris
    • ‏2012-11-29T15:43:16Z
    Hi,

    Can you change SOFTWARE_TAP_HOST and TAP_IP to IP addresses instead of hostname? Then restart STAP and check in console...

    Regards,
    Muris
    This is the new config file. are SOFTWARE TAP HOST and TAP IP the ip of the client or the ip pf the guardium collector?
    VERSION
    STAP_CLIENT_BUILD=9.0.43443
    PROTOCOL_VERSION=7.0.0

    TAP
    FIREWALL_INSTALLED=0
    FIREWALL_TIMEOUT=10
    FIREWALL_FAIL_CLOSE=0
    FIREWALL_DEFAULT_STATE=0
    DB2_EXIT_DRIVER_INSTALLED=0
    HIGH_RESOLUTION_TIMER=0
    LHMON_FOR_NETWORK=1
    NETWORK_NAMEDPIPES=0
    DUMP_FILE_MODE=0
    STACK_TRACE_FILE_MODE=0
    BUFFER_FILE_SIZE=50
    TAP_TYPE=WTAP
    ORA_DRIVER_INSTALLED=1
    KRB_MSSQL_DRIVER_INSTALLED=2
    USE_TLS=0
    FAILOVER_TLS=0
    cas_task_baseline=task_baseline
    cas_task_checkpoint=task_checkpoint
    cas_client_baseline=client_baseline
    cas_client_checkpoint=client_checkpoint
    cas_checkpoint_period=60
    cas_fail_over_file=fail_over_file
    cas_fail_over_file_size_limit=50000
    cas_max_reconnect_attempts=5000
    cas_reconnect_interval=60
    cas_raw_data_limit=1000
    cas_md5_size_limit=1000
    cas_command_wait=300
    cas_server_failover_delay=60
    LHMON_DRIVER_INSTALLED=1
    NAMED_PIPES_DRIVER_INSTALLED=1
    SHARED_MEMORY_DRIVER_INSTALLED=1
    DB2_TAP_INSTALLED=0
    SOFTWARE_TAP_HOST=10.16.62.195
    TAP_IP=10.16.62.195
    TAP_VERSION=9.0.43443
    NUMBER_OF_PROCESSORS=4

    http://SQLGUARD_10.16.66.176
    sqlguard_ip=10.16.66.176
    primary=1
  • jkoblen
    jkoblen
    4 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T18:33:41Z  
    Yes, I cannot see it in admin console.

    The firewall on STAP machine is turned off.
    The ping reply correctly.

    Is there any log in the client machine that could be looked?
    Hi,
    I believe ping only verifies DNS correctness.

    You should use
    telnet <collector> <port>

    to test connectivity. Looks like for you port 9500.

    Here is a tech doc, incase you haven't seen this on what ports and firewall.

    http://www-01.ibm.com/support/docview.wss?uid=swg21569674
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: S-TAP non visible on console

    ‏2012-11-29T22:31:04Z  
    This is the new config file. are SOFTWARE TAP HOST and TAP IP the ip of the client or the ip pf the guardium collector?
    VERSION
    STAP_CLIENT_BUILD=9.0.43443
    PROTOCOL_VERSION=7.0.0

    TAP
    FIREWALL_INSTALLED=0
    FIREWALL_TIMEOUT=10
    FIREWALL_FAIL_CLOSE=0
    FIREWALL_DEFAULT_STATE=0
    DB2_EXIT_DRIVER_INSTALLED=0
    HIGH_RESOLUTION_TIMER=0
    LHMON_FOR_NETWORK=1
    NETWORK_NAMEDPIPES=0
    DUMP_FILE_MODE=0
    STACK_TRACE_FILE_MODE=0
    BUFFER_FILE_SIZE=50
    TAP_TYPE=WTAP
    ORA_DRIVER_INSTALLED=1
    KRB_MSSQL_DRIVER_INSTALLED=2
    USE_TLS=0
    FAILOVER_TLS=0
    cas_task_baseline=task_baseline
    cas_task_checkpoint=task_checkpoint
    cas_client_baseline=client_baseline
    cas_client_checkpoint=client_checkpoint
    cas_checkpoint_period=60
    cas_fail_over_file=fail_over_file
    cas_fail_over_file_size_limit=50000
    cas_max_reconnect_attempts=5000
    cas_reconnect_interval=60
    cas_raw_data_limit=1000
    cas_md5_size_limit=1000
    cas_command_wait=300
    cas_server_failover_delay=60
    LHMON_DRIVER_INSTALLED=1
    NAMED_PIPES_DRIVER_INSTALLED=1
    SHARED_MEMORY_DRIVER_INSTALLED=1
    DB2_TAP_INSTALLED=0
    SOFTWARE_TAP_HOST=10.16.62.195
    TAP_IP=10.16.62.195
    TAP_VERSION=9.0.43443
    NUMBER_OF_PROCESSORS=4

    http://SQLGUARD_10.16.66.176
    sqlguard_ip=10.16.66.176
    primary=1
    Hi, Software Tap and Tap IP is the IP of the DB server you installed the STAP. Look like your DB and collector have two different subnet , try the telnet command as duggested by our friend. Issue telnet from your DB server 'telnet 10.16.66.176 9500', if you can get response mean the communication with collector is working, if it is no response mean something is blocking the communication.
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-11-30T10:00:36Z  
    Hi, Software Tap and Tap IP is the IP of the DB server you installed the STAP. Look like your DB and collector have two different subnet , try the telnet command as duggested by our friend. Issue telnet from your DB server 'telnet 10.16.66.176 9500', if you can get response mean the communication with collector is working, if it is no response mean something is blocking the communication.
    The telnet command fails.

    But I believe that the problem is on the collector that it is not exposing the 9500 port.
    I said this because:
    • I've tried to telnet also from a host in the same network
    • I've tried to telnet form the STAP to the collector on prot 22 and it works

    How can I check if collector exposes 9500 port?
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: S-TAP non visible on console

    ‏2012-11-30T10:06:50Z  
    The telnet command fails.

    But I believe that the problem is on the collector that it is not exposing the 9500 port.
    I said this because:
    • I've tried to telnet also from a host in the same network
    • I've tried to telnet form the STAP to the collector on prot 22 and it works

    How can I check if collector exposes 9500 port?
    Hi, you login to CLI and try this command 'restart inspection-core'.
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-11-30T10:22:33Z  
    Hi, you login to CLI and try this command 'restart inspection-core'.
    Ok, this should be the problem:

    guardium> restart inspection-core
    Restarting inspection-core
    There were problems restarting the inspection core.
    Please address these before doing anything.
    err

    How can I check it?
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: S-TAP non visible on console

    ‏2012-11-30T10:33:41Z  
    Ok, this should be the problem:

    guardium> restart inspection-core
    Restarting inspection-core
    There were problems restarting the inspection core.
    Please address these before doing anything.
    err

    How can I check it?
    Well, we do not have the privilege as we do not have root access. I suggest you try restart the system and try again. Or you can also do this 'restart stopped_service' and 'restart gui' than 'restart inspection-core' again.
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-11-30T10:37:32Z  
    Well, we do not have the privilege as we do not have root access. I suggest you try restart the system and try again. Or you can also do this 'restart stopped_service' and 'restart gui' than 'restart inspection-core' again.
    Nothing to do.

    guardium> restart stopped_service
    Restarting stopped services, please wait....
    There are not stopped services (no 'backup' file). Nothing to do.
    Restart Services returned an error.
    err
    guardium> restart gui
    Restarting gui
    Changing to port 8443
    Stopping....
    Safekeeping xregs
    There were problems restarting the inspection core.
    Please address these before doing anything.
    ok

    Is there any log to inspect?
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: S-TAP non visible on console

    ‏2012-11-30T10:41:31Z  
    Nothing to do.

    guardium> restart stopped_service
    Restarting stopped services, please wait....
    There are not stopped services (no 'backup' file). Nothing to do.
    Restart Services returned an error.
    err
    guardium> restart gui
    Restarting gui
    Changing to port 8443
    Stopping....
    Safekeeping xregs
    There were problems restarting the inspection core.
    Please address these before doing anything.
    ok

    Is there any log to inspect?
    Login in as cli, enter command 'fileserver' than don't do anything, open browser and access the url http://(collector ip), look for file something like stderr.log. the last try is restart the system.

    May I know you are upgrading the Guardium or fresh install? You are using v9, right?
  • SystemAdmin
    SystemAdmin
    483 Posts

    Re: S-TAP non visible on console

    ‏2012-11-30T12:54:00Z  
    Login in as cli, enter command 'fileserver' than don't do anything, open browser and access the url http://(collector ip), look for file something like stderr.log. the last try is restart the system.

    May I know you are upgrading the Guardium or fresh install? You are using v9, right?
    Hi, when you go into Sqlguard Logs, look for this file snif_stderr.txt, find the latest version. Hope it will give you some hint.
  • jkoblen
    jkoblen
    4 Posts

    Re: S-TAP non visible on console

    ‏2012-11-30T17:12:27Z  
    Ok, this should be the problem:

    guardium> restart inspection-core
    Restarting inspection-core
    There were problems restarting the inspection core.
    Please address these before doing anything.
    err

    How can I check it?
    You could try these instead of the restart.
    stop inspection-core
    stop inspection-engines
    start inspection-core
    start inspection-engines
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-12-03T12:55:35Z  
    • jkoblen
    • ‏2012-11-30T17:12:27Z
    You could try these instead of the restart.
    stop inspection-core
    stop inspection-engines
    start inspection-core
    start inspection-engines
    I've found this:

    guardium> show inspection-engine all

    Configuration: 'Default' (ID=1)
    -- No inspection-engines are defined.

    ok
    How can I define an inspection-engine?

    regards
  • Federico.Vietti
    Federico.Vietti
    28 Posts

    Re: S-TAP non visible on console

    ‏2012-12-03T12:58:19Z  
    Hi, when you go into Sqlguard Logs, look for this file snif_stderr.txt, find the latest version. Hope it will give you some hint.
    I've looked to the snif_stderr.txt files, that is listed as:

    5969 Mon Dec 3 13:31:19 2012 rw-rw-r-- snif_stderr.txt

    but, when I try to look at it with fileserver command, the file is blank