Protocols 7 and 8 Inspection engine parameters

These parameters affect the behavior of the inspection engine that the S-TAP® uses to monitor a data repository on a Windows server.

Attention: If a parameter is available through both the Guardium installation manager (GIM) and the command line interface (CLI), then the GIM parameter, including any defaults, always overwrites any value that is available from WINSTAP_CMD_LINE.
These parameters are stored in the individual [DB_<name>] inspection engine section of the S-TAP properties file, guard_tap.ini, with the name of a data repository. There can be multiple sections in a properties file, each describing one inspection engine used by this S-TAP.
GUI guard_tap.ini Default value Description
Protocol DB_TYPE   Required. The type of data repository that is monitored.
ASTER, Cassandra, CouchDB, DB2®, Db2 Exit, exclude IE, FTP, GreenplumDB, HIVE, HTTP, HUE, IMPALA, Informix®, Informix Exit, MariaDB, MongoDB, MSSQL, Mysql, Oracle, PostgreSQL, Sybase, Teradata, WebHDFS, Windows File Share.
Instance Name INSTANCE_NAME   The name of the database instance on this server. Required for MS SQL Server that uses encryption; MS SQL Server that uses Kerberos Authentication; Db2® Exit traffic collection; Db2 SHM traffic. (Default is MSSQLSERVER.)
Port range PORT_RANGE_START   For monitoring network traffic only, the lowest numbered port on which to listen for database traffic. Together with TAP_DB_PORT_MAX this parameter defines the range of ports that are monitored for this database instance. Usually the range contains only a single port. For a Kerberos inspection engine, set the start and end values to 88-88. If a range is used, do not include extra ports in the range. Extra ports might result in excessive resource consumption while the S-TAP attempts to analyze unwanted traffic.
Examples:
To monitor range 1521-1525 (five ports) with no port forwarding:
Port range PORT_RANGE_END   For monitoring network traffic only, the highest numbered port on which to listen for database traffic.
Named Pipe NAMED_PIPE sql\query,sqllocal,\MSSQLSERVER Specifies the named pipe that is used by MS SQL Server local access. If a named pipe is used, but nothing is specified in this parameter, S-TAP attempts to retrieve the named pipe name from the registry.
Client Ip/Mask NETWORKS   Restricts S-TAP to monitor traffic only from the specified sets of IP address and mask pairs, by using a list of addresses in IP address/mask format: n.n.n.n/m.m.m.m. If an improper IP address/mask is entered, the S-TAP does not start. Valid values:
  • User-defined list
  • 0.0.0.0/0.0.0.0,::/0: select all clients.
  • 127.0.0.1/255.255.255.255,::1/0: local traffic only
Client Ip/Mask (networks) and Exclude Client Ip/Mask (exclude networks) cannot be specified simultaneously.
Exclude Client Ip/Mask EXCLUDE_NETWORKS   A list of client IP addresses and corresponding masks that are excluded from monitoring. Use this option to configure the S-TAP to monitor all clients, except for a certain client or subnet (or a collection thereof). Client Ip/Mask (networks) and Exclude Client Ip/Mask (exclude networks) cannot be specified simultaneously.
Process Name TAP_DB_PROCESS_NAMES   Database service executables that are to be monitored. For example, a Db2 IE would be TAP_DB_PROCESS_NAMES=Db2SYSCS.EXE. For Oracle or MS SQL Server only, when named pipes are used. For Oracle, the list usually has two entries: oracle.exe,tnslsnr.exe. For MS SQL Server, the list is usually one entry: sqlservr.exe.
  PRIORITY_COUNT 20 Reduces the instances of a blank DB_USER or ? in the tables. At session creation, the first priority_count packets are marked with a high priority flag and are transferred to a special high priority queue on the collector. Valid values:
  • 0: Disabled
  • Protocol 7: 1-2048: Number of packets
  • Protocol 8: positive integer: Number of packets
Default = 20
Identifier TAP_IDENTIFIER NULL Used to distinguish inspection engines from one another. If unspecified, Guardium® auto-populates the field with a unique name that uses the database type and sequence number.
DB Version DB_VERSION   The database version.

These additional parameters are used with IBM Db2 databases.

Table 1. Additional S-TAP configuration parameters for a Db2 inspection engine
GUI guard_tap.ini Default value Description
DB2 Shared Mem. Adjust. DB2_FIX_PACK_ADJUSTMENT 80 Required when Db2 is selected as the database type, and shared memory connections are monitored. The offset to the server's portion of the shared memory area. Offset to the beginning of the Db2 shared memory packet, depends on the Db2 version: 32 in pre-8.2.1, and 80 in 8.2.1 and higher.
  DB2_LOG_SIZE   Advanced. The maximum file size, in MB, that the functional DLL can keep buffered before it starts discarding log entries.
DB2 Sh. Mem. Client Pos. DB2_CLIENT_OFFSET 61440 The offset to the client's portion of the shared memory area. Required when Db2 is selected as the database type, and shared memory connections are monitored. The offset to the client's portion of the shared memory area. Required when Db2 is selected as the database type, and shared memory connections are monitored. The client offset can be calculated by taking the value of the Db2 parameter ASLHEAPSZ and multiplying by 4096 to get the appropriate offset. The default for this parameter is 61440 decimal. This parameter is calculated by taking the Db2 database configuration value of ASLHEAPSZ and multiplying by 4096. To get the value for ASLHEAPSZ, execute the following Db2 command: db2 get dbm cfg and look for the value of ASLHEAPSZ. This value is typically 15 which yields the 61440 default. If it's not 15, take the value and multiply by 4096 to get the appropriate client offset.
DB2 Shared Mem. Size DB2_SHMEM_SIZE 131072 Db2 shared memory segment size. Required when Db2 is selected as the database type, and shared memory connections are monitored.