Linux-UNIX: Configuring Teradata exit
The Teradata exit module enables S-TAP to monitor any Teradata database activities, whether encrypted or not and whether local or remote. It does not require A-TAP or K-TAP.
About this task
Teradata Exit embeds a Guardium® library into the Teradata database and communicates with the S-TAP through a Guardium shared library.
By default, Guardium supports up to 10 total Exit inspection engines (combined total of all Exit types). If you use more than one type of Exit, the combined maximum is 10. For more information, see the exit_libs_num_threads parameter in Linux-UNIX: General parameters.
Teradata Exit shared libraries are part of the Guardium
UNIX
S-TAP
installation. The S-TAP includes 64-bit
Exit libraries for 64-bit OS version and 32-bit Exit libraries for 32-bit OS version:
- libguard_teradata_exit_64.so
- libguard_teradata_exit_32.so (available for RHEL6 on the i686 CPU only)
When you install the S-TAP:
- It copies libraries in the standard library paths:
- Shell and RPM installation: <guardium_installation_directory>/guard_stap
- GIM installation:<guardium_installation_directory>/modules/STAP/current/files
- It creates links, for example:
- /usr/lib64/libguard_teradata_exit_64.so -> libguard_teradata_exit_64.so.<release number>
- /usr/lib/libguard_teradata_exit_32.so -> libguard_teradata_exit_32.so.<release number>
.so
reflect the release number. These digits were introduced
in V10.6. (In previous releases, Lib files do not include release numbers.)Guardium support matrix details exactly what can be monitored by Teradata Exit.
- Teradata configuration
- The gtwcontrol option -u SendConnectRespNoSecurity specifies whether the
gateway sends connection responses encrypted or cleartext. Valid values are:
- YES: The logon response is in cleartext (unencrypted plain text).
- NO: The logon response is encrypted. This is the default setting.
- K-TAP considerations
- If there is no other database to monitor, then K-TAP is not required. Set ktap_installed=0 in guard_tap.ini, or with GIM: set ktap_enabled to no. You can upgrade the Linux® OS and the S-TAP without being concerned about K-TAP module compatibility. However, if there is another database that needs monitoring by S-TAP, and K-TAP is required you must ensure that a compatible K-TAP module is available when you upgrade your Linux version.
- Upgrade
- When you upgrade S-TAP from v10.6.0.0 and higher, database restart is not required. You can upgrade S-TAP while the database is running. The Exit library from the previous version is used until you restart the database. When you restart the database, it starts using the updated exit library. If there are any issues that are addressed in the new library that you are waiting for, this is only resolved when you restart the database.