Configure GBDI data streaming

To configure and use Guardium Big Data Intelligence (GBDI) data streaming, install a jProxy connector to initiate and maintain the connection between the Guardium collector and the GBDI platform.

About this task

The jProxy connector is available as an RPM package within the Guardium installation package. After jProxy is installed, the Guardium collector sniffer component communicates with jProxy (rather than directly with GBDI).

The jProxy installation includes the following services:

  • sonarjproxyd: A light-weight MongoDB server with some customized functionality for GBDI.
  • jproxytimer: Controls service timing configuration, including starting jProxy and managing the intervals for flushing the data.

jProxy includes the following configuration files:

  • jproxy.conf: sonarjproxyd service settings
  • jproxyforwarder.env: jproxyforwarder service settings
  • logging.conf : Log file and log level settings
Use the CLI commands, described in the Procedure section, to update the configuration file settings.
Note: Every CLI store command that is described in this section has a matching show command that displays the current stored value.

Procedure

  1. From your Guardium collector, call the following CLI command to control the sniffer logger destination.
    store snif_logger_destination_type [LOCAL | REMOTE]
    Where:
    • LOCAL (default) sets the logger destination to the local database on the Guardium collector.
    • REMOTE sets the logger destination to the intermediate database used by GBDI.
  2. For security reasons, each GBDI machine provides an authentication key file (SSH key) to secure data communication between the Guardium collector and GBDI. Use the following CLI commands to upload the GBDI SSH key file (in .pem format) and configure the SSH target host to communicate with GBDI:
    • import jproxy_files
    • store jproxy_config ssh_key_file <key_file_name>
    Take the following steps to import and store the SSH key file:
    1. Call import jproxy_files to import the jProxy ssh key file from the specified location.
    2. Call store jproxy_config ssh_key_file <key_file_name> to store the key file in the key store.
  3. Then, use the following CLI commands to configure information such as logger destination, Mongo client authentication (username, auth, database, and mechanism).
    Note: All of the following configuration commands are optional. You can use these commands to change the defaults, if needed.
    • store logger_data_destination_config type <database type>

      The default value = "mongodb"

    • store logger_data_destination_config database_name <db name>

      The default value = "sonargd"

    • store logger_data_destination_config destination [hostname | port] <value>
      • The default value for hostname = "localhost"
      • The default value for port = "27118"
    • store logger_data_destination_config [auth_username | auth_database_name | mechanism] <value>
      • The default value for auth_username = "enchantedg"
      • The default value for auth_database_name = "admin"
      • The default value for mechanism = "plain"
  4. Optionally, use the following CLI command to specify the collections that you want to stream. The default for all collections is ON.

    store logger_data_destination_config data <collection type> [on|off]

    The collection types are:
    • session
    • instance
    • full_sql
    • policy_violations
    • exception
  5. Optionally, use the following CLI commands to configure the streaming interval for transporting the JSON document data from Guardium to GBDI. Whenever Guardium hits either threshold, jProxy sends the data to GBDI.
    • store jproxy_config flush_timeout_sec <seconds>

      The default is 60 seconds.

    • store jproxy_config flush_at_size <bytes>

      The default is 102400000

What to do next

After you set the store snif_logger_destination_type to REMOTE and store the jProxy SSH key, the data collections are automatically streamed to the GBDI platform. From there, you can use the GBDI data analytic tools as needed.

In addition, data is also stored in the Guardium MySQL database.