Windows: Log and debug files

The S-TAP can create log and debug files. The files are located in the logs directory under the installation directory.

Protocol 8

Debug files

Debug is disabled by default. The guard_tap.ini parameter DEBUGLEVEL enables debug and controls the level. See Protocol 8 Debug parameters.

The debug log is STAP.CTL and is located in the logs directory, under the installation directory.

The debug log is exclusively for logging all telemetry and status information. You can view these files using Notepad.

The following guard_tap.ini parameters control what gets logged to the STAP.CTL log file and how verbose it is.
  • LOG_WFP_CONNECTIONS: the particular protocol's status information. The default is 0, which means that is not logged to the STAP.CTL file. A value of 1 logs things like connection establishment, connection termination, and a few others for the protocol in question.
  • LOG_NMP_CONNECTIONS: same as LOG_WFP_CONNECTIONS
  • LOG_DB2_CONNECTIONS: same as LOG_WFP_CONNECTIONS
  • LOG_INFORMIX_CONNECTIONS: same as LOG_WFP_CONNECTIONS
  • LOG_ORA_CONNECTIONS: same as LOG_WFP_CONNECTIONS
  • LOG_LEVEL: The verbosity of the overall logging of the S-TAP output to the Stap.ctl circular text log file. The default is 4, and it ranges from 0 to 10. The higher the number, the more verbose the logging.
  • KERNEL_DEBUG_LEVEL: The verbosity of the overall logging for the driver-based .CTL files.
Auto discover debug messages are also logged in stap.ctl. Each [AD<dbtype>] has logs of the indicated DB type. Logs include step-by-step success or failure discovery of instance names, process names, ports, named pipes, and so on. Examples:
`I 05/10/2020 14:46:34.917 ADmssql: Start discovering 64-bit instances.
`W 05/10/2020 14:46:34.917 ADmssql: Registry path not found: SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server\Instance Names\SQL
`I 05/10/2020 14:46:34.917 ADoracle: Start discovering
Traffic debug log
The traffic log is a file with a .txt extension in the Logs directory, under the installation directory. You can initiate traffic logging in two ways.
  • From the collector, trigger traffic collection, for up to 4 minutes of S-TAP traffic. Click Send Command, and select S-TAP logging in the S-TAP Control page. For more information, see Send command.
  • From the database server, change the DEBUGLEVEL parameter to a non-zero value in the .INI file. The S-TAP creates a recording of traffic in binary format. When you set it back to 0, it is converted into human readable form. The V8 S-TAP can detect .ini parameter changes without having to be restarted, so you can change the DEBUGLEVEL parameter back to 0 in the .ini file without restarting the S-TAP.
Both methods create a traffic debug log file in the S-TAP Logs folder. While traffic is being recorded, the size of the traffic file remains at 0 bytes, which is normal. When the traffic collection ceases, either because the time interval elapsed or because you changed the DEBUGLEVEL parameter back to 0, the S-TAP converts the recorded binary traffic into human readable form. As this happens, the size of the traffic file grows if you're watching it in Explorer. You need to wait until the size of the file stops increasing before you access the file and copy it off to another system. DO NOT stop the S-TAP during either traffic recording or traffic conversion, or you'll lose all the traffic that you recorded. The S-TAP automatically waits for the conversion to be completed before shipping the traffic log file to the collector when the collection of traffic is triggered from the collector itself.

Protocol 7

Debug is disabled by default. The guard_tap.ini parameter DEBUGLEVEL enables debug and controls the level. See Protocol 7 Debug parameters.

Logs and debug logs are in the bin/stap_buffer/ folder.

Auto discover debug messages are logged in logs/Stap.ctl. Each [AD<dbtype>] has logs pf the indicated DB type . Logs include step-by-step success or failure discovery of instance names, process names, ports, named pipes, and so on. Examples:
`I 05/10/2020 14:46:34.917 ADmssql: Start discovering 64-bit instances.
`W 05/10/2020 14:46:34.917 ADmssql: Registry path not found: SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server\Instance Names\SQL
`I 05/10/2020 14:46:34.917 ADoracle: Start discovering