Topic
72 replies Latest Post - ‏2013-12-03T18:27:09Z by FSilvaFNC
Federico.Vietti
Federico.Vietti
28 Posts
ACCEPTED ANSWER

Pinned topic S-TAP non visible on console

‏2012-11-27T16:38:34Z |
Hi all,

I've installer a STAP agent on windows, but I cannot see it in the Guardium console.

How can I do to troubleshoot this problem?

regards
Updated on 2013-03-20T09:23:15Z at 2013-03-20T09:23:15Z by SystemAdmin
  • jkoblen
    jkoblen
    4 Posts
    ACCEPTED ANSWER

    Re: S-TAP non visible on console

    ‏2012-11-28T19:24:24Z  in response to Federico.Vietti
    Have you run ' store unit type stap' from the cli ?
    • Federico.Vietti
      Federico.Vietti
      28 Posts
      ACCEPTED ANSWER

      Re: S-TAP non visible on console

      ‏2012-11-29T08:01:01Z  in response to jkoblen
      Yes, this is the result of show unit type:

      guardium > show unit type
      Standalone Netinsp stap
      ok

      any idea?

      thank you
      • SystemAdmin
        SystemAdmin
        483 Posts
        ACCEPTED ANSWER

        Re: S-TAP non visible on console

        ‏2012-11-29T12:03:41Z  in response to Federico.Vietti
        Hi, please also check whether do you turn on the Windows firewall, if yes, please allow the outgoing for TCP 9500 and incoming for UDP 8075. or you can temporary disable the Windows firewall to test.

        You may also verify with ping whether you get response from the Collector. Check also the guard_tap.ini file and determine the SQLGuard IP is correct.
        • SystemAdmin
          SystemAdmin
          483 Posts
          ACCEPTED ANSWER

          Re: S-TAP non visible on console

          ‏2012-11-29T12:10:12Z  in response to SystemAdmin
          Sorry, overlook the comment from Muris, my comment is just an overlap to him.
  • Muris
    Muris
    44 Posts
    ACCEPTED ANSWER

    Re: S-TAP non visible on console

    ‏2012-11-29T09:22:19Z  in response to Federico.Vietti
    Hi,

    What do you mean can't see in Guardium console? Can't see it in Guardium admin console in web gui? Did you check ports on Windows machine? For S-TAP you need to create rule to allow 8075 UDP port. Does ping from Windows machine to collector works?

    REGARDS,
    • Federico.Vietti
      Federico.Vietti
      28 Posts
      ACCEPTED ANSWER

      Re: S-TAP non visible on console

      ‏2012-11-29T14:38:15Z  in response to Muris
      Yes, I cannot see it in admin console.

      The firewall on STAP machine is turned off.
      The ping reply correctly.

      Is there any log in the client machine that could be looked?
      • SystemAdmin
        SystemAdmin
        483 Posts
        ACCEPTED ANSWER

        Re: S-TAP non visible on console

        ‏2012-11-29T14:46:48Z  in response to Federico.Vietti
        Hi, is the collector and the DB in the same network? Any firewall or filtering in between them? You can login to CLI and run iptraf to check whether the DB has establish connection witb collector on port 9500.

        Have you check the guard_tal.ini file that you are the correct IP for the collector?

        Check also the windows services is the Guardium STAP and Guardiun database monitoring both running.
        • Federico.Vietti
          Federico.Vietti
          28 Posts
          ACCEPTED ANSWER

          Re: S-TAP non visible on console

          ‏2012-11-29T15:12:04Z  in response to SystemAdmin
          Collector and STAP are not in the same network, but there are not firewall in the middle.
          EG: if I try to connect SSH from the STAP to the collector I can access.

          I'm using the correct IP in STAP

          The STAP service is running
      • Muris
        Muris
        44 Posts
        ACCEPTED ANSWER

        Re: S-TAP non visible on console

        ‏2012-11-29T14:47:03Z  in response to Federico.Vietti
        Hi,

        Can you enter netstat in cmd: netstat -ano |find "8075" and tell us is there any output? Also, did you use hostname or IP address in STAP configuration?

        Regards,
        • Federico.Vietti
          Federico.Vietti
          28 Posts
          ACCEPTED ANSWER

          Re: S-TAP non visible on console

          ‏2012-11-29T15:04:48Z  in response to Muris
          This is my stap config:
          VERSION
          STAP_CLIENT_BUILD=9.0.43443
          PROTOCOL_VERSION=7.0.0

          TAP
          FIREWALL_INSTALLED=0
          FIREWALL_TIMEOUT=10
          FIREWALL_FAIL_CLOSE=0
          FIREWALL_DEFAULT_STATE=0
          DB2_EXIT_DRIVER_INSTALLED=0
          HIGH_RESOLUTION_TIMER=0
          LHMON_FOR_NETWORK=1
          NETWORK_NAMEDPIPES=0
          DUMP_FILE_MODE=0
          STACK_TRACE_FILE_MODE=0
          BUFFER_FILE_SIZE=50
          TAP_TYPE=WTAP
          ORA_DRIVER_INSTALLED=1
          KRB_MSSQL_DRIVER_INSTALLED=2
          USE_TLS=0
          FAILOVER_TLS=0
          cas_task_baseline=task_baseline
          cas_task_checkpoint=task_checkpoint
          cas_client_baseline=client_baseline
          cas_client_checkpoint=client_checkpoint
          cas_checkpoint_period=60
          cas_fail_over_file=fail_over_file
          cas_fail_over_file_size_limit=50000
          cas_max_reconnect_attempts=5000
          cas_reconnect_interval=60
          cas_raw_data_limit=1000
          cas_md5_size_limit=1000
          cas_command_wait=300
          cas_server_failover_delay=60
          LHMON_DRIVER_INSTALLED=1
          NAMED_PIPES_DRIVER_INSTALLED=1
          SHARED_MEMORY_DRIVER_INSTALLED=1
          DB2_TAP_INSTALLED=0
          SOFTWARE_TAP_HOST=HOST94
          TAP_IP=HOST94
          TAP_VERSION=9.0.43443
          NUMBER_OF_PROCESSORS=4

          http://SQLGUARD_10.16.66.176
          sqlguard_ip=10.16.66.176
          primary=1
          this is the result of netmap:

          C:\Documents and Settings\Administrator>netstat -ano |find "8075"
          UDP 0.0.0.0:8075 : 4440
          • Muris
            Muris
            44 Posts
            ACCEPTED ANSWER

            Re: S-TAP non visible on console

            ‏2012-11-29T15:43:16Z  in response to Federico.Vietti
            Hi,

            Can you change SOFTWARE_TAP_HOST and TAP_IP to IP addresses instead of hostname? Then restart STAP and check in console...

            Regards,
            Muris
            • Federico.Vietti
              Federico.Vietti
              28 Posts
              ACCEPTED ANSWER

              Re: S-TAP non visible on console

              ‏2012-11-29T16:00:41Z  in response to Muris
              This is the new config file. are SOFTWARE TAP HOST and TAP IP the ip of the client or the ip pf the guardium collector?
              VERSION
              STAP_CLIENT_BUILD=9.0.43443
              PROTOCOL_VERSION=7.0.0

              TAP
              FIREWALL_INSTALLED=0
              FIREWALL_TIMEOUT=10
              FIREWALL_FAIL_CLOSE=0
              FIREWALL_DEFAULT_STATE=0
              DB2_EXIT_DRIVER_INSTALLED=0
              HIGH_RESOLUTION_TIMER=0
              LHMON_FOR_NETWORK=1
              NETWORK_NAMEDPIPES=0
              DUMP_FILE_MODE=0
              STACK_TRACE_FILE_MODE=0
              BUFFER_FILE_SIZE=50
              TAP_TYPE=WTAP
              ORA_DRIVER_INSTALLED=1
              KRB_MSSQL_DRIVER_INSTALLED=2
              USE_TLS=0
              FAILOVER_TLS=0
              cas_task_baseline=task_baseline
              cas_task_checkpoint=task_checkpoint
              cas_client_baseline=client_baseline
              cas_client_checkpoint=client_checkpoint
              cas_checkpoint_period=60
              cas_fail_over_file=fail_over_file
              cas_fail_over_file_size_limit=50000
              cas_max_reconnect_attempts=5000
              cas_reconnect_interval=60
              cas_raw_data_limit=1000
              cas_md5_size_limit=1000
              cas_command_wait=300
              cas_server_failover_delay=60
              LHMON_DRIVER_INSTALLED=1
              NAMED_PIPES_DRIVER_INSTALLED=1
              SHARED_MEMORY_DRIVER_INSTALLED=1
              DB2_TAP_INSTALLED=0
              SOFTWARE_TAP_HOST=10.16.62.195
              TAP_IP=10.16.62.195
              TAP_VERSION=9.0.43443
              NUMBER_OF_PROCESSORS=4

              http://SQLGUARD_10.16.66.176
              sqlguard_ip=10.16.66.176
              primary=1
              • SystemAdmin
                SystemAdmin
                483 Posts
                ACCEPTED ANSWER

                Re: S-TAP non visible on console

                ‏2012-11-29T22:31:04Z  in response to Federico.Vietti
                Hi, Software Tap and Tap IP is the IP of the DB server you installed the STAP. Look like your DB and collector have two different subnet , try the telnet command as duggested by our friend. Issue telnet from your DB server 'telnet 10.16.66.176 9500', if you can get response mean the communication with collector is working, if it is no response mean something is blocking the communication.
                • Federico.Vietti
                  Federico.Vietti
                  28 Posts
                  ACCEPTED ANSWER

                  Re: S-TAP non visible on console

                  ‏2012-11-30T10:00:36Z  in response to SystemAdmin
                  The telnet command fails.

                  But I believe that the problem is on the collector that it is not exposing the 9500 port.
                  I said this because:
                  • I've tried to telnet also from a host in the same network
                  • I've tried to telnet form the STAP to the collector on prot 22 and it works

                  How can I check if collector exposes 9500 port?
                  • SystemAdmin
                    SystemAdmin
                    483 Posts
                    ACCEPTED ANSWER

                    Re: S-TAP non visible on console

                    ‏2012-11-30T10:06:50Z  in response to Federico.Vietti
                    Hi, you login to CLI and try this command 'restart inspection-core'.
                    • Federico.Vietti
                      Federico.Vietti
                      28 Posts
                      ACCEPTED ANSWER

                      Re: S-TAP non visible on console

                      ‏2012-11-30T10:22:33Z  in response to SystemAdmin
                      Ok, this should be the problem:

                      guardium> restart inspection-core
                      Restarting inspection-core
                      There were problems restarting the inspection core.
                      Please address these before doing anything.
                      err

                      How can I check it?
                      • SystemAdmin
                        SystemAdmin
                        483 Posts
                        ACCEPTED ANSWER

                        Re: S-TAP non visible on console

                        ‏2012-11-30T10:33:41Z  in response to Federico.Vietti
                        Well, we do not have the privilege as we do not have root access. I suggest you try restart the system and try again. Or you can also do this 'restart stopped_service' and 'restart gui' than 'restart inspection-core' again.
                        • Federico.Vietti
                          Federico.Vietti
                          28 Posts
                          ACCEPTED ANSWER

                          Re: S-TAP non visible on console

                          ‏2012-11-30T10:37:32Z  in response to SystemAdmin
                          Nothing to do.

                          guardium> restart stopped_service
                          Restarting stopped services, please wait....
                          There are not stopped services (no 'backup' file). Nothing to do.
                          Restart Services returned an error.
                          err
                          guardium> restart gui
                          Restarting gui
                          Changing to port 8443
                          Stopping....
                          Safekeeping xregs
                          There were problems restarting the inspection core.
                          Please address these before doing anything.
                          ok

                          Is there any log to inspect?
                          • SystemAdmin
                            SystemAdmin
                            483 Posts
                            ACCEPTED ANSWER

                            Re: S-TAP non visible on console

                            ‏2012-11-30T10:41:31Z  in response to Federico.Vietti
                            Login in as cli, enter command 'fileserver' than don't do anything, open browser and access the url http://(collector ip), look for file something like stderr.log. the last try is restart the system.

                            May I know you are upgrading the Guardium or fresh install? You are using v9, right?
                            • SystemAdmin
                              SystemAdmin
                              483 Posts
                              ACCEPTED ANSWER

                              Re: S-TAP non visible on console

                              ‏2012-11-30T12:54:00Z  in response to SystemAdmin
                              Hi, when you go into Sqlguard Logs, look for this file snif_stderr.txt, find the latest version. Hope it will give you some hint.
                              • Federico.Vietti
                                Federico.Vietti
                                28 Posts
                                ACCEPTED ANSWER

                                Re: S-TAP non visible on console

                                ‏2012-12-03T12:58:19Z  in response to SystemAdmin
                                I've looked to the snif_stderr.txt files, that is listed as:

                                5969 Mon Dec 3 13:31:19 2012 rw-rw-r-- snif_stderr.txt

                                but, when I try to look at it with fileserver command, the file is blank
                                • SystemAdmin
                                  SystemAdmin
                                  483 Posts
                                  ACCEPTED ANSWER

                                  Re: S-TAP non visible on console

                                  ‏2012-12-03T13:06:51Z  in response to Federico.Vietti
                                  Hi, if the file is blank mean there is no error related to the sniffer engine.
                            • Federico.Vietti
                              Federico.Vietti
                              28 Posts
                              ACCEPTED ANSWER

                              Re: S-TAP non visible on console

                              ‏2012-12-03T12:59:01Z  in response to SystemAdmin
                              This is a fresh guardium installation
                            • Federico.Vietti
                              Federico.Vietti
                              28 Posts
                              ACCEPTED ANSWER

                              Re: S-TAP non visible on console

                              ‏2012-12-03T13:01:57Z  in response to SystemAdmin
                              It is v 9:

                              guardium> show build
                              Build: 9.0
                              Release: 9.0.0_r43079_v90_1-el58-20120802_1648
                              Snif version: GA90-gmachine-v90-r43079-20120802_1648
                              ok

                              These are the module enabled:

                              guardium> show license

                              Number of License: 9999
                              Metering: -1
                              Number of Datasources: -1
                              Host MAC: 00:0C:29:DD:B6:7A
                              Valid Until: 2099-01-01 00:00:00

                              Licensed Applications:
                              Applications User Responsibility Detection
                              Audit Guard (Audit & Privacy Sets)
                              Central Manager
                              Change Audit System
                              Classifier
                              Custom Workflows (Event/Action/Status)
                              DB Auto-discovery
                              Entitlements Reporting
                              File upload/classification
                              Health Guard (Security Assessment & Access Map)
                              Inspect Returned Data
                              Mainframe Support
                              Parser Teradata
                              Parser DB2
                              Parser FTP
                              Parser Hadoop
                              Parser IMS
                              Parser Informix
                              Parser MSS
                              Parser MySql
                              Parser Netezza
                              Parser ORACLE
                              Parser PostgreSQL
                              Parser SQL Server Analysis Services
                              Parser SYBASE
                              Parser Windows File Share
                              Policy Guard (Policy & Baseline)
                              S-TAP Collector
                              STAP Prevention
                              Subscription
                              iSeries Support
                              ok
                      • jkoblen
                        jkoblen
                        4 Posts
                        ACCEPTED ANSWER

                        Re: S-TAP non visible on console

                        ‏2012-11-30T17:12:27Z  in response to Federico.Vietti
                        You could try these instead of the restart.
                        stop inspection-core
                        stop inspection-engines
                        start inspection-core
                        start inspection-engines
                        • Federico.Vietti
                          Federico.Vietti
                          28 Posts
                          ACCEPTED ANSWER

                          Re: S-TAP non visible on console

                          ‏2012-12-03T12:55:35Z  in response to jkoblen
                          I've found this:

                          guardium> show inspection-engine all

                          Configuration: 'Default' (ID=1)
                          -- No inspection-engines are defined.

                          ok
                          How can I define an inspection-engine?

                          regards
                          • SystemAdmin
                            SystemAdmin
                            483 Posts
                            ACCEPTED ANSWER

                            Re: S-TAP non visible on console

                            ‏2012-12-03T13:04:21Z  in response to Federico.Vietti
                            Hi, there are two way you can add the inspection engine. Since you are using the S-TAP, it will be under the S-TAP Control when you login as ADMIN. Go to the S-TAP, and click on the pencil icon to add the inspection engine to the S-TAP to capture and monitor the SQL transactions. Have you able to see the S-TAP on the console or is still not show?
                            • Federico.Vietti
                              Federico.Vietti
                              28 Posts
                              ACCEPTED ANSWER

                              Re: S-TAP non visible on console

                              ‏2012-12-03T13:44:13Z  in response to SystemAdmin
                              Ok,

                              I can now see the STAP on management console.
                              I'm trying now to create an inspection engine for mysql.
                              I can create it, but when the STAP make the reboot/restart the defined inspection engine disappear.

                              How can I check why?
                              • SystemAdmin
                                SystemAdmin
                                483 Posts
                                ACCEPTED ANSWER

                                Re: S-TAP non visible on console

                                ‏2012-12-03T13:48:24Z  in response to Federico.Vietti
                                It could be due to some parameter is wrong. For MySQL, you only need to specify the Process Name if I'm not mistaken. You try configure the Process Name = Mysql.

                                What did you do that the STAP appear on the console?
                                • Federico.Vietti
                                  Federico.Vietti
                                  28 Posts
                                  ACCEPTED ANSWER

                                  Re: S-TAP non visible on console

                                  ‏2012-12-03T14:01:37Z  in response to SystemAdmin
                                  When you configure Mysql inspector the following parameters are required (and the parameters value that I've set):
                                  • Protocol: Mysql
                                  • Port Rang: 3306-3306
                                  • Client IP/Mask: -
                                  • Exclude Client Ip/Mask: -
                                  • Process Names: mysqld.exe
                                  • Named Pipe: -

                                  Any suggestions?
                                  • Muris
                                    Muris
                                    44 Posts
                                    ACCEPTED ANSWER

                                    Re: S-TAP non visible on console

                                    ‏2012-12-03T14:14:51Z  in response to Federico.Vietti
                                    Hi,

                                    I have these setting (with IP and mask) and everything works.

                                    Regards,
                                    • SystemAdmin
                                      SystemAdmin
                                      483 Posts
                                      ACCEPTED ANSWER

                                      Re: S-TAP non visible on console

                                      ‏2012-12-03T14:24:26Z  in response to Muris
                                      Hi, just MYSQL will do for the Process Name without .exe and also delete the instance name.
                                      • SystemAdmin
                                        SystemAdmin
                                        483 Posts
                                        ACCEPTED ANSWER

                                        Re: S-TAP non visible on console

                                        ‏2012-12-03T14:25:36Z  in response to SystemAdmin
                                        Sorry, I mean the named pipe leave it blank.
                                        • Federico.Vietti
                                          Federico.Vietti
                                          28 Posts
                                          ACCEPTED ANSWER

                                          Re: S-TAP non visible on console

                                          ‏2012-12-03T14:39:19Z  in response to SystemAdmin
                                          Also with the following configuration I obtain the same results:

                                          Protocol: Mysql
                                          Port Rang: 3306-3306
                                          Client IP/Mask: -
                                          Exclude Client Ip/Mask: -
                                          Process Names: mysqld
                                          Named Pipe: -
                                          • SystemAdmin
                                            SystemAdmin
                                            483 Posts
                                            ACCEPTED ANSWER

                                            Re: S-TAP non visible on console

                                            ‏2012-12-03T14:59:22Z  in response to Federico.Vietti
                                            is mysql not mysqld.
                                            • Federico.Vietti
                                              Federico.Vietti
                                              28 Posts
                                              ACCEPTED ANSWER

                                              Re: S-TAP non visible on console

                                              ‏2012-12-03T15:03:45Z  in response to SystemAdmin
                                              Also with mysql is the same.

                                              The process is running the machine (windows machine) as "mysqld.exe"
                                              • Federico.Vietti
                                                Federico.Vietti
                                                28 Posts
                                                ACCEPTED ANSWER

                                                Re: S-TAP non visible on console

                                                ‏2012-12-03T15:04:18Z  in response to Federico.Vietti
                                                is there any log to see?
                                                • SystemAdmin
                                                  SystemAdmin
                                                  483 Posts
                                                  ACCEPTED ANSWER

                                                  Re: S-TAP non visible on console

                                                  ‏2012-12-03T15:56:25Z  in response to Federico.Vietti
                                                  Hi, sorry you also require to provide the client ip, use 1.1.1.1 / 0.0.0.0 for any. No worry if it change to 0.0.0.0 / 0.0.0.0. There is but I can't remember where it jeep in windows. The filename is the same that contain something lile xxstderr.xxx.
                                                  • Federico.Vietti
                                                    Federico.Vietti
                                                    28 Posts
                                                    ACCEPTED ANSWER

                                                    Re: S-TAP non visible on console

                                                    ‏2012-12-04T10:00:23Z  in response to SystemAdmin
                                                    Nothing to do.

                                                    neither with mysql,mysqld,mysql.exe,mysqld.exe, 1.1.1.1 / 0.0.0.0 etc etc.

                                                    Always the same behaviour.

                                                    Is there any log to see?
                                                    • SystemAdmin
                                                      SystemAdmin
                                                      483 Posts
                                                      ACCEPTED ANSWER

                                                      Re: S-TAP non visible on console

                                                      ‏2012-12-05T02:23:43Z  in response to Federico.Vietti
                                                      Hi, according to the user guide, if the STAP encounter any problem it will write the reason on the Windows event logs. Perhaps, you can have a look at the Windows Event logs. As, for the configuration, you have almost done everything. Is the MySQL up and running on the Windows machine, sorry I may sound silly. :-)

                                                      Can you telnet to MySQL port 3306 from other machine in the network?
                                                    • SystemAdmin
                                                      SystemAdmin
                                                      483 Posts
                                                      ACCEPTED ANSWER

                                                      Re: S-TAP non visible on console

                                                      ‏2012-12-06T13:07:14Z  in response to Federico.Vietti
                                                      Hi, I was able to install the inspection engine on S-TAP for MySQL installed on Windows Server 2008R2 but I'm running on Guardium v8.2.

                                                      Please refer to the screenshot.
      • jkoblen
        jkoblen
        4 Posts
        ACCEPTED ANSWER

        Re: S-TAP non visible on console

        ‏2012-11-29T18:33:41Z  in response to Federico.Vietti
        Hi,
        I believe ping only verifies DNS correctness.

        You should use
        telnet <collector> <port>

        to test connectivity. Looks like for you port 9500.

        Here is a tech doc, incase you haven't seen this on what ports and firewall.

        http://www-01.ibm.com/support/docview.wss?uid=swg21569674
  • SystemAdmin
    SystemAdmin
    483 Posts
    ACCEPTED ANSWER

    Re: S-TAP non visible on console

    ‏2013-03-20T09:23:15Z  in response to Federico.Vietti
    can you tell me what solut this case?
    i have happen no console for configure stap.
    • jadtabet
      jadtabet
      8 Posts
      ACCEPTED ANSWER

      Re: S-TAP non visible on console

      ‏2013-05-28T14:23:22Z  in response to SystemAdmin

      Maybe the thread is no longer active. But I happen to have the same problem, where inspection engine deletes after I create it.

      Did you happen to losve the issue?

      Thank you!

      Jad.

       

      • 1XWY_TS_Teh
        1XWY_TS_Teh
        168 Posts
        ACCEPTED ANSWER

        Re: S-TAP non visible on console

        ‏2013-06-02T14:30:30Z  in response to jadtabet

        Hi, is your mysql DB active and the services is running? What is your OS? Mind to share your guard_tap.ini?

  • FSilvaFNC
    FSilvaFNC
    27 Posts
    ACCEPTED ANSWER

    Re: S-TAP non visible on console

    ‏2013-11-29T10:43:35Z  in response to Federico.Vietti

    Hi, I have the same problem (S-TAP control non visible )but i can´t fix.

     

    How do you fix this problem?

     

    Regards

     

     

    Attachments

    • 1XWY_TS_Teh
      1XWY_TS_Teh
      168 Posts
      ACCEPTED ANSWER

      Re: S-TAP non visible on console

      ‏2013-12-02T05:22:36Z  in response to FSilvaFNC

      Mind to share your guard_tap.ini. What is the OS for your DB? If it is Windows, can you telnet to Collector IP at 9500? If it is Unix/Linux, can you telnet to Collector IP at 16016?

      What Guardium version you are using?

      Did you successfully installed the STAP?

      You are using GIM or native STAP?

      If using GIM, go to Administration Console --> Module Upload --> Process Monitoring

      If you are running Unix/Linux, at the DB, run "ps -ef|grep stap" to check whether STAP process is running? If it is Windows, go to Services and check.

      • FSilvaFNC
        FSilvaFNC
        27 Posts
        ACCEPTED ANSWER

        Re: S-TAP non visible on console

        ‏2013-12-02T12:56:00Z  in response to 1XWY_TS_Teh

        Hi, follow my guard.ini. 

        No have firewall between Collector and S-Tap Host. I can´t connect in port 9500 for Telnet(putty).

         
        [VERSION]
        STAP_CLIENT_BUILD=9.0.52570
        PROTOCOL_VERSION=7.0.0
         
        [TAP]
        FIREWALL_INSTALLED=0
        FIREWALL_TIMEOUT=10
        FIREWALL_FAIL_CLOSE=0
        FIREWALL_DEFAULT_STATE=0
        DB2_EXIT_DRIVER_INSTALLED=1
        HIGH_RESOLUTION_TIMER=1
        LHMON_FOR_NETWORK=1
        NETWORK_NAMEDPIPES=0
        TCP_ALIVE_MESSAGE=1
        DUMP_FILE_MODE=0
        STACK_TRACE_FILE_MODE=0
        BUFFER_FILE_SIZE=50
        TAP_TYPE=WTAP
        ORA_DRIVER_INSTALLED=1
        KRB_MSSQL_DRIVER_INSTALLED=2
        USE_TLS=0
        FAILOVER_TLS=1
        cas_task_baseline=task_baseline
        cas_task_checkpoint=task_checkpoint
        cas_client_baseline=client_baseline
        cas_client_checkpoint=client_checkpoint
        cas_checkpoint_period=60
        cas_fail_over_file=fail_over_file
        cas_fail_over_file_size_limit=50000
        cas_max_reconnect_attempts=5000
        cas_reconnect_interval=60
        cas_raw_data_limit=1000
        cas_md5_size_limit=1000
        cas_command_wait=300
        cas_server_failover_delay=60
        LHMON_DRIVER_INSTALLED=1
        NAMED_PIPES_DRIVER_INSTALLED=1
        DB2_TAP_INSTALLED=1
        SOFTWARE_TAP_HOST=192.168.0.132
        TAP_IP=192.168.0.132
        TAP_VERSION=9.0.52570
        NUMBER_OF_PROCESSORS=2
         
        [SQLGUARD_192.168.0.138]
        sqlguard_ip=192.168.0.138
        primary=1
         
        [DB_MSSQL1]
        DB_TYPE=MSSQL
        INSTANCE_NAME=SQLEXPRESS
        TAP_DB_PROCESS_NAMES=SQLSERVR.EXE
        NAMED_PIPE=MSSQL$SQLEXPRESS\sql\query,pipe\sqllocal\SQLEXPRESS
        PORT_RANGE_END=0
        PORT_RANGE_START=0
        NETWORKS=192.168.0.132/255.255.255.0
         

         

        Thanks

        • 1XWY_TS_Teh
          1XWY_TS_Teh
          168 Posts
          ACCEPTED ANSWER

          Re: S-TAP non visible on console

          ‏2013-12-02T13:34:50Z  in response to FSilvaFNC

          I assuming your Collector IP is 192.168.0.138 and DB server is 192.168.0.132.

          Your inspection engine is incorrect, you should specify the Port range, for example, MS SQL is 1433 - 1433.

          When you mean no firewall, do you mean physical/network firewall or Windows firewall? If you can't telnet to 192.168.0.138 9500 mean something is blocking the communication, so it could be the Windows firewall or network firewall. Sometime, it could also due to the network switches that contains the ACL.

          The Named_Pipe, you modified the default?

          The Networks= 192.168.0.132/255.255.255.0 mean you only interested the traffics from Source = 192.168.0.132. If you want to monitor ANY, used 0.0.0.0/0.0.0.0

          • FSilvaFNC
            FSilvaFNC
            27 Posts
            ACCEPTED ANSWER

            Re: S-TAP non visible on console

            ‏2013-12-02T14:10:25Z  in response to 1XWY_TS_Teh
            Yes, you are correct about the IP(Collector e DBServer).
            I change Port Range to 1433-1433 and The Networks to 0.0.0.0/0.0.0.0;

            The firewall is turn off (Windows firewall);

            I can´t connect yet via telnet 192.168.0.138 9500.
            • 1XWY_TS_Teh
              1XWY_TS_Teh
              168 Posts
              ACCEPTED ANSWER

              Re: S-TAP non visible on console

              ‏2013-12-02T14:22:23Z  in response to FSilvaFNC

              Is the Collector and DB server, two physical machines connect to the same physical switch?

              Can you ping to 192.168.0.138 from DB server? If yes, continuous ping it and login to CLI, run iptraf and check whether there is any connection and communication come from 192.168.0.132.

              If you can't ping mean something is not right on your network configuration or infrastructure. Network configuration could be due to default route parameter.

              Login to CLI, try run "start inspection-core"

              • FSilvaFNC
                FSilvaFNC
                27 Posts
                ACCEPTED ANSWER

                Re: S-TAP non visible on console

                ‏2013-12-02T14:35:18Z  in response to 1XWY_TS_Teh

                The DB Server stay on Local Machine and the Collector is a VM. Both are connect in the same switch.

                Yes, I can ping to the DB Server 192.168.0.138. When I use the "Iptraf" I can see the other computer (IP). In the screen of Iptraf there is a collumn named "Flags" and the connection to DB Server show "RESET" what it mean?

                Attachments

                • 1XWY_TS_Teh
                  1XWY_TS_Teh
                  168 Posts
                  ACCEPTED ANSWER

                  Re: S-TAP non visible on console

                  ‏2013-12-02T14:44:00Z  in response to FSilvaFNC

                  OK, now start to get clearer picture. So, Collector is on VM with IP 192.168.0.138, is on NAT?

                  DB server is on local machine and when it communicate with Collector, it actually used 192.168.0.119 instead of 192.168.0.132

                  RESET mean the connection is being disconnected.

                  I suspect that the Collector do not know where is 192.168.0.132. Lets try this, from CLI, ping to 192.168.0.132 and 192.168.0.119. What is the results?

                  • FSilvaFNC
                    FSilvaFNC
                    27 Posts
                    ACCEPTED ANSWER

                    Re: S-TAP non visible on console

                    ‏2013-12-02T14:53:04Z  in response to 1XWY_TS_Teh

                    No, the VM there is a Bridged Mode.

                    The ping result follow in Attach.

                    Attachments

                    • 1XWY_TS_Teh
                      1XWY_TS_Teh
                      168 Posts
                      ACCEPTED ANSWER

                      Re: S-TAP non visible on console

                      ‏2013-12-02T15:01:09Z  in response to FSilvaFNC

                      OK. Who is 192.168.0.119?

                      First, we must figure out why you can't connect to port 9500 from DB server to Collector.

                      What is the default route of Collector and DB server?

                       

                      • FSilvaFNC
                        FSilvaFNC
                        27 Posts
                        ACCEPTED ANSWER

                        Re: S-TAP non visible on console

                        ‏2013-12-02T16:00:11Z  in response to 1XWY_TS_Teh

                        So, there are two S-taps host (192.168.0.119 and 192.168.0.139) trying connecto to Collector (192.168.0.138).

                        The default route is 192.168.0.1

                        DNS Server 192.168.0.14

                         

                         

                        Updated on 2013-12-02T16:19:41Z at 2013-12-02T16:19:41Z by FSilvaFNC
                        • 1XWY_TS_Teh
                          1XWY_TS_Teh
                          168 Posts
                          ACCEPTED ANSWER

                          Re: S-TAP non visible on console

                          ‏2013-12-03T00:54:22Z  in response to FSilvaFNC

                          So, you have two STAP host.

                          May I know is your VMware Workstation running on Windows machine? Have you also disable the Windows firewall? Earlier you was disabled the Windows firewall at DB server, right?

                          Is your DB server running on Windows host that has the VMware Workstation with Collector as Guest?

                          You need to first identify why you can't telnet to port 9500 from DB server to Collector. How about port 16016?

                          Did you run from CLI "stop inspection-core" and "start inspection-core" because if the inspection-core is not running, there is also a reason you can't telnet to 9500 or 16016.

                          16016 is for Unix/Linux DB server. 9500 is for Windows DB server.

                          • FSilvaFNC
                            FSilvaFNC
                            27 Posts
                            ACCEPTED ANSWER

                            Re: S-TAP non visible on console

                            ‏2013-12-03T11:21:13Z  in response to 1XWY_TS_Teh

                            Hello,

                            - My Vmware running on Windows machine.

                            - Yes, I disable my Windows Firewall.

                            - Yes, my DB Server running Windows machine and has the VMware Installed with Collector;

                            - I follow your commands:

                             1) Stop Inspection-core

                             2) Start Inspection-core

                             3) Trying connect to Collector

                             

                            In attachments follow my print screen about the commands

                             

                            Thanks