update_engine_config
Use the update_engine_config command to change inspection engine settings.
An inspection engine monitors the traffic between servers and clients by using a specific database protocol (such as Oracle or Sybase). Configure an inspection engine from the Inspection Engine Configuration page. After the inspection engine is configured, you can use the update_engine_config command to change the parameters. For more information, see Configuring inspection engines.
This API is available in Guardium V11.0 and later.
REST API syntax
PUT
method. Call this API as
follows:PUT https://[Guardium hostname or IP address]:8443/restAPI/engine_config
GuardAPI syntax
update_engine_config parameter=value
Parameters
See Inspection Engine Configuration for details about each parameter.
Parameter | Value type | Description |
---|---|---|
computeAverage | Boolean | When enabled, for each SQL construct logged, the average response time is computed. Valid values:
|
defaultAutoCommit | Boolean | Due to various auto-commit models for different databases, this value is used by Replay
function to explicitly mark up the transactions and auto commit after each command. When enabled,
commits and rollbacks are ignored. Databases currently supported include DB2®, Informix®, and
Oracle. Valid values:
|
defaultCapture | Boolean | Used by Replay function to distinguish between transactions and capture values, meaning that
if you have a prepared statement, assigned values are captured and replayed. Enable this if you want
to replay your captured prepared statements as prepared statements. Valid values:
|
excludePorts | String | A list of ports to be ignored. Add values to this list if you know your database servers are processing non-database protocols, and you don't want Guardium® to waste cycles analyzing non-database traffic. For example, if you know the host on which your database resides also runs an HTTP server on port 80, you can add 80 to the ignored ports list, ensuring that Guardium does not process these streams. Separate multiple values with commas, and use a hyphen to specify an inclusive range of ports. For example: 101,105,110-223 |
granularity | Integer | The number of minutes in a logging unit. If requested in a report, Guardium summarizes request data at this granularity. For example, if the
logging granularity is 60, and a certain request occurred "n" times in a given hour. If disabled,
the exact time when the command occurred within the hour is not recorded. But, if a rule in a policy
is triggered by a request, a real time alert can indicate the exact time. When you define exception
rules for a policy, those rules can also apply to the logging unit. For example, you might want to
ignore 5 login failures per hour, but send an alert on the sixth login failure. Valid values:
|
inspectData | Boolean | When enabled, data returned by SQL requests are inspected, and the ingress and egress counts
are updated. If rules are used in the security policy, this parameter must be enabled. Valid values:
|
logExceptionSql | Boolean | If enabled, when exceptions are logged, the entire SQL statement is logged. Valid values:
|
logRecords | Boolean | When enabled, the number of records affected is recorded for each SQL statement (when
applicable). Valid values:
The records affected option is a sniffer operation which requires sniffer to process additional response packets and postpone logging of impacted data. This increases the buffer size and might potentially have an adverse effect on overall sniffer performance. Significant impact comes from really large responses. To prevent large amount of overhead associated with this operation, Guardium uses a set of default thresholds that allows sniffer to decide to skip processing operation when exceeded. Refer to Configuration and Control CLI Commands store max_results_set_size, store max_result_set_packet_size and store max_tds_response_packets, to set levels of granularity. Records
Affected feature is not supported for:
Example of result set values:
|
logSequencing | Boolean | When enabled, a record is made of the immediately previous SQL statement, as well as the
current SQL statement, provided that the previous construct occurs within a short enough time
period. Valid values:
|
maxHits | Integer | When returned data is being inspected, indicate how many hits (policy rule violations) are to be recorded. |
parseXml | Boolean | The Inspection Engine does not normally parse XML traffic. Enable to parse XML traffic. Valid values:
|
recordEmpty | Boolean | When enabled, sessions containing no SQL statements are logged. When disabled, these sessions
are ignored. Valid values:
|
api_target_host | String |
Specifies the target hosts where the API executes. Valid values:
IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode. |
Examples
The following GuardAPI example changes three inspection engine parameters.
grdapi update_engine_config defaultCapture=true logExceptionSql=false maxHits=32
If successful, the command returns the following information:
ID=0 ok