Linux-UNIX: Configuring S-TAP in the S-TAP Control page

In the S-TAP Control page you can view all S-TAPs managed by this Guardium system, manage individual S-TAPs, and perform a few operations on all S-TAPs.

Before you begin

You must be logged in to the Guardium system that is the active host for the S-TAP.

About this task

Sometimes a user is unable to decide during the process of installing an S-TAP or can make the wrong decision and it goes undetected until after the installation process is complete. For instance, a user can forget to type in or use the wrong IP address for the SQL Guard IP. These types of mistakes can be remedied by modifying the S-TAP configurations.

Parameters in the GUI can be safely changed. Parameters that are not in the GUI rarely need changing and should normally be left unmodified; they are for use by Guardium Technical Support or advanced users.

All configuration changes require that the S-TAP agent be restarted. If you modify parameters in the GUI or with GIM, the S-TAP is restarted transparently. If you need to restart the S-TAP manually (for example after modifying the configuration by API or directly in the guard_tap.ini), use the Send command or follow the direction in Linux-UNIX: Start and stop S-TAP and GIM processes for various OS types/versions or Linux-UNIX: Using guard-config-update to start, restart, and stop S-TAP, and view status.

If you installed your S-TAP by using the Guardium Installation Manager (GIM), you can update some parameters through the GIM GUI.

S-TAP status can be one of:

Green: Online
Yellow: one of:
- Configuration error: When you modify S-TAP parameters in the GUI or GuardAPI, S-TAP checks the values before saving the parameters. When the S-TAP identifies an erroneous value, it does not save it and it creates an error in the S-TAPevent log. The S-TAP uses default values so that it can keep sending traffic. The S-TAP creates a backup guard_tap.ini.bak under the S-TAP directory when it corrects the configuration.Click to open the S-TAP event log, and evaluate the LOG_CONF_ERR error. Click one of the options:
  - Accept to save the value the S-TAP assigned to the parameter
  - Modify to open the Modify Configuration dialog and change the value.
  - Close to close the window without making any changes or accepting the value.
  (Parameters that do not have defaults, such as DB Install Dir and Process Name, do not have the accept option.) After you either accept or modify to a valid value, the status becomes green and the timestamp is updated. The S-TAP creates a backup guard_tap.ini when it corrects the configuration. It is saved as guard_tap.ini.bak under the S-TAP directory.
- Warning: After an S-TAP restart either db_install_dir or db_exec_file is not accessible during inspection engine validation. Guardium periodically checks for S-TAP status.
Red: Offline

Procedure

Go to Manage > Activity Monitoring > S-TAP Control to open S-TAP Control.
Perform operations on all S-TAPs in the page.
- Refresh: refresh display of S-TAPs.
- Add All to Schedule: add all displayed S-TAPs to the S-TAP verification schedule. See Linux-UNIX: Inspection engine verification.
- Remove All from Schedule: remove all displayed S-TAPs from the S-TAP verification schedule.
- Comments: add comments. See Comments.

Identify the S-TAP to be configured by its IP address or the symbolic hostname of the database server on which it is installed. View and perform operations on individual S-TAPs.

Option	Description
Delete	Click Delete to remove an S-TAP. Delete an S-TAPs if you know that an S-TAP is inactive, or when the Guardium unit is no longer listed as a host in the S-TAPs configuration file. In either of these cases, the S-TAP displays indefinitely with an offline status if you do not delete it. (See also Linux-UNIX: Deleting inactive S-TAPs in a centralized environment.) You cannot delete an active S-TAP from the list.
Refresh	Click Refresh to fetch a copy of the latest S-TAP configuration from the agent. (The S-TAP display does not auto-refresh.)
Send Command	Opens the S-TAP Commands pop-up, where you can run various commands on the S-TAP host. Restart. Action depends on the Restart Mode. Restart. Retsarts the S-TAP in the mode you select. 0: Restarts the S-TAP. Use this mode in environments without enterprise load balancing. 1: Restarts the S-TAP process while preserving the data in the S-TAP buffer. (The S-TAP picks up the new configuration from the enterprise load balancer without flushing the buffers.) Used in the enterprise load balancer environment. S-TAP logging: Starts S-TAP logging for debugging purposes, at the log level you enter in Level and for the duration you enter in Duration Sec. See tap_debug_output_level in Linux-UNIX: Debug parameters. Reinitialize buffer: Reset the K-TAP statistics along with deleting the S-TAP buffer. K-TAP logging: Similar to S-TAP Logging; increases the debug output from K-TAP. Push Guardium Insights Trust: To use an S-TAP to stream data from Guardium® Data Protection to Guardium Insights, you must first make establish trust. Use Push Guardium Insights Trust to paste in a signed, trusted Guardium Insights certificate . The certificate must be in PEM format and include the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` tags. From the CLI, you can use the push_insights_trust API to push the certificate. Run Diagnostics: Run the S-TAP diagnostics script (and upload the results to the Guardium system) Upload Linux Modules: Linux only. Uploads the local custom build module of K-TAP. Store SQL credentials: Saves the username - password pair on the selected S-TAP. (The password is encrypted on the S-TAP.) The S-TAP uses these credentials to access a database. See Linux-UNIX: Configuring S-TAP interception using Oracle Unified Audit. Revoke Ignore: All sessions that are ignored by a revocable ignore policy become unignored, and S-TAP starts capturing the traffic for those sessions. Run Database Instance Discovery: Runs the discovery process once, immediately. (If enabled to run automatically, it runs, by default, every 24 hours.) You can specify rules to manage database instance discovery. To use discovered instance rules, clear the Replace Inspection Engines checkbox. For more information, see Database discovered instances rules.
Edit S-TAP configuration	Opens the S-TAP configuration window. Parameters that do not appear in the GUI are advanced parameters. Do not modify them unless you are an advanced user, or Guardium Technical Support instructs you to modify them. See GUI parameters: Linux-UNIX: S-TAP Control: Details Linux-UNIX: S-TAP Control: Change auditing parameters Linux-UNIX: S-TAP Control: Application server user identification parameters Linux-UNIX: S-TAP Control: Guardium Hosts parameters Linux-UNIX: S-TAP Control: Firewall parameters Linux-UNIX: S-TAP Control: Inspection engine parameters
Show S-TAP Event Log	Click to open the S-TAP event log, where you can see events such as connect, disconnect, GIM server configuration. This log is useful for troubleshooting. As described in S-TAP status, use the event log to identify configuration errors (LOG_CONF_ERR). You can: Accept to save the value the S-TAP assigned to the parameter Modify to open the Modify Configuration dialog and change the value. Close to close the window without making any changes or accepting the value.
Add to Schedule checkbox	Adds the individual S-TAP to the scheduled verification.
Revoke All Ignored Sessions checkbox	A database might be running many sessions, some of which are currently ignored. Clear this option to stop ignoring traffic from ignored sessions.