S-TAP Control: Inspection Engines
Understand the parameters in the Inspection Engines section of the S-TAP Control page.
Parameter | Default value | Description |
---|---|---|
Protocol | The type of data repository being monitored. | |
Instance Name | The name of the database instance on this server. Required when MS SQL Server is using encryption, or MS SQL Server using Kerberos Authentication. (MSSQLSERVER is the default.) | |
Port range | Starting port range specific to the database instance. Together with port_range_end defines the range of ports monitored for this database instance. There is usually only a single port in the range. For a Kerberos inspection engine, set the start and end values to 88-88. If a range is used, do not include extra ports in the range, as this could result in excessive resource consumption while the S-TAP attempts to analyze unwanted traffic. | |
Port range | Ending port range specific to the database instance. | |
Named Pipe | Specifies the named pipe used by MS SQL Server for local access. If a named pipe is used, but nothing is specified in this parameter, S-TAP attempts to retrieve the named pipe name from the registry. | |
KTAP DB Real Port | 4100 | Used only when the K-TAP monitoring mechanism is used. Identifies the database port to be monitored by the K-TAP mechanism. |
Client Ip/Mask | Identifies the clients to be monitored, using a list of addresses in IP
address/mask format: n.n.n.n/m.m.m.m. If an improper IP address/mask is entered, the S-TAP does not
start. Valid values:
If the IP address is the same as the IP address for the database server, and a mask of 255.255.255.255 is used, only local traffic will be monitored. An address/mask value of 1.1.1.1/0.0.0.0 monitors all clients. |
|
Exclude Client Ip/Mask | A list of client IP addresses and corresponding masks that are excluded from monitoring. This option allows you to configure the S-TAP to monitor all clients, except for a certain client or subnet (or a collection of these). networks and exclude networks cannot be specified simultaneously. | |
TEE Listen Port-Real Port | 12344 | Deprecated. Replaced by the parameter real_db_port when
the K-TAP monitoring mechanism is used. Was required when the TEE monitoring mechanism. The Listen Port is the port on which S-TAP listens for and accepts local database traffic. The Real Port is the port to which S-TAP forwards traffic. |
Connect To Ip | 127.0.0.1 | IP address for S-TAP to use to connect to the database. Some databases accept
local connection only on the real IP address of the machine, and not on the default (127.0.0.1).
When K-TAP is enabled, this parameter is used for Solaris zones and AIX WPARs and it should be the
zone IP address in order to capture traffic. When Tee is enabled, this parameter is the IP address for S-TAP to use to connect to the database. Some databases accept local connection on 127.0.0.1, while others accept local connection only on the 'real' IP of the machine and not on the default (127.0.0.1). |
DB User | ||
DB Install Dir | NULL | DB2, Informix, or Oracle: Enter the full path name for the database installation directory. For example: /home/oracle10. All other database types enter: NULL |
Process Name | Database's running executables that are to be monitored. For example, a DB2 IE would be TAP_DB_PROCESS_NAMES=DB2SYSCS.EXE | |
DB2 Shared Mem. Adjust. | 20 | Required when DB2 is selected as the database type, and shared memory connections are monitored. The offset to the server's portion of the shared memory area. Offset to the beginning of the DB2 shared memory packet, depends on DB2 version, 32 in the earlier versions, 80 in 8.2.1 and later. |
DB2 Sh. Mem. Client Pos. | 61440 | The offset to the client's portion of the shared memory area. Required when DB2 is selected as the database type, and shared memory connections are monitored. The client offset can be calculated by taking the value of the DB2 parameter ASLHEAPSZ and multiplying by 4096 to get the appropriate offset. The default for this parameter is 61440 decimal. This parameter is calculated by taking the DB2 database configuration value of ASLHEAPSZ and multiplying by 4096. To get the value for ASLHEAPSZ, execute the following DB2 command: db2 get dbm cfg and look for the value of ASLHEAPSZ. This value is typically 15 which yields the 61440 default. If it's not 15, take the value and multiply by 4096 to get the appropriate client offset. |
DB2 Shared Mem. Size | DB2 shared memory segment size. Required when DB2 is selected as the database type, and shared memory connections are monitored. | |
NULL | For Oracle or MS SQL Server only, when named pipes are
used. For Oracle, the list usually has two entries: oracle.exe,tnslsnr.exe. For MS SQL Server, the
list is usually just one entry: sqlservr.exe.
For a DB2, Oracle, or Informix database, enter the full path name for the
database executable. For example:
|
|
Encryption | 0 |
Activate ASO or SSL encrypted traffic for Oracle (versions 11 and 12) and Sybase on Solaris, HPUX and AIX. For Oracle, specify db_version in the ini file (e.g. db_version=12) For any Oracle requiring instrumentation, if you are using encryption=1 in the guard_tap.ini (which is not supported on Linux), you must instrument prior to setting that parameter. |
1 | 1=database traffic participates in load balancing. 0=database traffic does not participate in load balancing. | |
Intercept Types | NULL |
Protocol types that are intercepted by the IE. Valid values:
|
Identifier | NULL | Optional. Used to distinguish inspection engines from one another. If you do not provide a value for this field, Guardium auto populates the field with a unique name using the database type and GUI display sequence number. |
DB Version | 9 | The database version. Used for capturing A-TAP traffic. |
Unix Socket Marker | Null | Specifies UNIX domain sockets marker for Oracle, MySQL and Postgres. Usually the default value is correct, but when the named pipe or UNIX domain socket traffic does not work then you need to make sure this value is set correctly. For example, for Oracle, unix_domain_socket_marker should be set to the KEY of IPC defined in tnsnames.ora. If it is NULL or not set, the S-TAP uses defined default markers identified as: * MySQL - "mysql.sock" * Oracle - "/.oracle/" * Postgres - ".s.PGSQL.5432" |