Windows: Monitoring with the Guardium Agent Monitor
The Guardium Agent Monitor (GAM) process monitors Guardium agent performance and responsiveness. Use GAM for detailed analysis during troubleshooting.
Monitoring covers the following services:
- CPU usage
- Memory
- Handles
- Number of threads
- Alive
- Automatically run
diag.bat
(or the name of your diagnostics application file). - Automatically stop or restart the service..
- Automatically perform a core dump.
Guardium Agent Monitor is installed when S-TAP® is installed but is not enabled by default. When S-TAP is uninstalled, GAM is uninstalled.
The default installation location for GAM is the parent folder of S-TAP (C:\Program Files\IBM\Guardium Agent Monitor\).
The default location for GAM output is the \Bin\ subfolder.
After you enable GAM, make sure that the process is running on the database server (resmon.exe).
Guardium Activity Monitor (GAM) is listed in the Services as IBM Security Guardium Resource Monitor Service, which has a Service Name property of Guardium Resource Monitor.
For an example of how GAM works, see Resource monitoring example.
Global level configuration
resmon.ini | Default value | Description |
---|---|---|
NUMBER_OF_SERVICES | 1 | Number of services being monitored. The minimum is 0, there is no maximum. |
UPDATE_INTERVAL | 1 | The length, in seconds, of the interval between polling metrics. |
DEBUG | 1 | Deprecated. |
NUMBER_BYTES_IN_LOG | 200 | Maximum number of KB for the GAM log. There is no maximum size. |
ACTION | 1 | Determine whether to generate a dump when your system exceeds certain thresholds such as
THREAD_COUNT_LIMIT or MEM_USAGE_LIMIT. Valid values:
|
FULLDUMP | 0 | Valid values:
Note: A full dump takes more time.
|
CPUAVE | 1 | Defines the way to calculate the average CPU time.
|
MDTIMEOUT | 1000 | Timeout of generating a dump in milliseconds. A dump is not generated if the time is exceeded. |
Service level configuration
The following parameters apply to each service and are defined in the [Service_N] section. The name of the section can be anything except [Global]. For [Service1], Name=GUARD_STAP is defined by default.
resmon.ini | Default value | Description |
---|---|---|
Name | GUARDIUM_STAP | The name of the Windows Service for GAM to monitor. |
NAMEDPIPE_INTERVAL | 30 | For supported Windows S-TAPS only. The interval, in seconds, to check aliveness (supported
agents only). Set to 0 to disable. For more information about named pipes, see Protocols 7 and 8 Inspection engine parameters. |
DIAGACTION | 0 | Run diagnostic on action.
|
DIAGNAME | diag.bat | Diagnostic file name. When set to diag.bat , GAM calls the application from
the same directory as the service process. |
DIAG_PARAMETER | (none) | Diagnostic parameters. If the parameter has spaces, the parameter must be enclosed with quotation marks ("). |
resmon.ini | Default value | Description |
---|---|---|
CPU_LOAD_LIMIT | 10 | Percentage CPU threshold at which either action is taken, or UPDATE_INTERVAL starts counting
occurrences of reaching threshold. The minimum is 1. Maximum is 100. |
CPU_INTERVALS_ALLOWED | 10 | Number of intervals the CPU can be above the threshold before it triggers an action (used with UPDATE_INTERVAL to set a time limit). |
UPDATE_INTERVAL | 1 | Valid values:
|
resmon.withi | Default value | Description |
---|---|---|
MEM_USAGE_LIMIT | 150000 | Lower-level threshold in KB. An action is triggered if this limit is exceeded for more intervals than MEM_USAGE_INTERVALS_ALLOWED. |
MEM_USAGE_INTERVALS_ALLOWED | 30 | Number of intervals allowed for the lower limit threshold before an action is triggered (used with UPDATE_INTERVAL for time limit). |
MEM_USAGE_PEAK_LIMIT | 200000 | Upper level threshold in KB. An action is triggered if this threshold is exceeded once. |
HANDLE_COUNT_LIMIT | 500 | Lower-level threshold. An action is triggered if this limit is exceeded for more intervals than HANDLE_COUNT_INTERVALS_ALLOWED. |
HANDLE_COUNT_INTERVALS_ALLOWED | 20 | Number of intervals allowed for the lower limit threshold before an action is triggered (used with UPDATE_INTERVAL for time limit). |
HANDLE_COUNT_PEAK_LIMIT | 1000 | Upper level threshold. An action is triggered if this threshold is exceeded once. |
THREAD_COUNT_LIMIT | 200 | Lower-level threshold. An action is triggered if this limit is exceeded for more intervals than THREAD_COUNT_INTERVALS_ALLOWED. |
THREAD_COUNT_INTERVALS_ALLOWED | 20 | Number of intervals allowed for the lower limit threshold before an action is triggered (used with UPDATE_INTERVAL for time limit). |
THREAD_COUNT_PEAK_LIMIT | 300 | Upper level threshold. An action is triggered if this threshold is exceeded one time. |
Action Configuration
resmon.ini | Default value | Description |
---|---|---|
FIRST_ACTION | 1 | Valid values:
|
SECOND_ACTION | 1 | Valid values:
|
THIRD_ACTION | 2 | Valid values:
|
ACTION_RESET_INTERVALS | 60 | Number of seconds before resetting the action count. For example, if an action is triggered after more than 60 seconds since the previous action, FIRST_ACTION is applied. |
Resource monitoring example
This example shows how the Guardium Agent Monitor (GAM) settings interact to provide meaningful information. This example tracks memory usage settings. However, the same pattern applies to other resources.
- NAME=GUARDIUM_STAP
- UPDATE_INTERVAL=1
- MEM_USAGE_LIMIT=150000
- MEM_USAGE_INTERVALS_ALLOWED=30
- MEM_USAGE_PEAK_LIMIT=200000
- ACTION=1
- FULLDUMP=0
- DIAGACTION=1
- DIAGNAME=diag.bat
- FIRST_ACTION=1
- ACTION_RESET_INTERVALS=60
- SECOND_ACTION=2
- THIRD_ACTION=2
- Generate a mini-dump (ACTION and FULLDUMP)
- Run
diag.bat
(DIAGACTION and DIAGNAME) - Restart the service (FIRST_ACTION).
- If the same symptoms occur within 60 seconds (ACTION_RESET_INTERVALS), GAM takes the same actions (SECOND_ACTION).
- If the same symptoms occur again within 60 seconds, GAM generates a mini-dump, runs
diag.bat
, and stops the service without restarting (THIRD_ACTION).