Configuring S-TAP in the S-TAP Control page

Use the S-TAP Control page to view all S-TAPs that are managed by this Guardium system, manage individual S-TAPs, and perform a few operations on all S-TAPs.

Before you begin

You must be logged in to a Guardium system that is the active host for the S-TAP.

About this task

During the installation process, a user might make an error in configuring an S-TAP, which is not detected until after the installation process finishes. For instance, a user might forget to enter an IP address or use the wrong IP address when they define an SQL Guard IP. To remedy these types of mistakes, you can modify some of the S-TAP configurations.

You can safely change the parameters that are in the GUI. Parameters that do not appear in the GUI are advanced parameters. Do not change them without instructions from Guardium support.

All configuration changes require that you restart the S-TAP agent. If you modify parameters in the GUI or with GIM, the S-TAP is restarted transparently. If you need to restart the S-TAP manually (for example after you modify the configuration by using API or directly in the guard_tap.ini file), use the Send command, or see Windows: Starting S-TAP using GIM, or Windows: Starting S-TAP without GIM.

If you installed your S-TAP by using the Guardium Installation Manager (GIM), you can update some parameters through the GIM GUI or API.

S-TAP status can be one of:
  • Green: Online
  • Yellow: Indicates an S-TAP or a database server error. To see details about a specific error, click info icon to open the S-TAP event log.
    Typical errors, along with their resolutions, include:
    • CPU exceeds threshold: The CPU_USAGE_LIMIT is exceeded by the number of minutes determined by CPU_USAGE_INTERVALS_ALLOWED.
      Resolution: Take one of the following steps:
      • Restart the S-TAP.
      • Increase the system CPU.
      • Verify and, if needed, modify, the CPU parameter values in either the guard_tap.ini file or through the GIM parameters.
    • Handle count exceeds threshold: The HANDLE_COUNT_LIMIT is exceeded by the number of minutes determined by HANDLE_COUNT__INTERVALS_ALLOWED.
      Resolution: Take one of the following steps:
      • Restart the S-TAP.
      • Verify and, if needed, modify, the HANDLE_COUNT parameter values in either the guard_tap.ini file or through the GIM parameters.
    • S-TAP memory usage exceeds threshold: The MEM_USAGE_LIMIT is exceeded by the number of minutes determined by MEM_USAGE_INTERVALS_ALLOWED.
      Resolution: Take one of the following steps:
      • Restart the S-TAP.
      • Increase S-TAP memory.
      • Verify and, if needed, modify, the S-TAP memory values in either the guard_tap.ini file or through the GIM parameters.
    • DBMonitor service down.

      Resolution: Restart the S-TAP by clicking Accept.

    • DLLs not loaded correctly: Certain DLLs that support Db2 Exit or encrypted traffic might not be loaded correctly.

      Resolution: Verify the relevant parameters in guard_tap.ini and then restart the S-TAP.

    • Drivers not running or loaded: An issue exists with the S-TAP drivers.

      Resolution: Restart the drivers manually by running the net start <driver_name> command from an administrative command prompt. The driver name is included in the error message.

      The S-TAP drivers for your system depend on the S-TAP protocol. For more information about protocols, seeWindows: S-TAP protocol 8. For more information about the S-TAP drivers, see either, Driver parameters or Protocol 8 Driver parameters.

    • Load Balancer is down: The load balancer is unreachable by the S-TAP.

      Resolution: Check the load balancer and restart if needed. Verify the load balancer IP address by clicking Modify. If you make changes, click Accept.

    • Out of range ini parameter values: One or more S-TAP parameters in the TAP section of the guard_tap.ini file are outside of the acceptable range.
      Resolution: Modify the relevant parameter values by taking one of the following steps:
      • Click Modify, if available (not all parameters can be modified from the Modify page) and then click Accept
      • Modify the parameters from the guard_tap.ini file.
      • Modify the parameters from GIM.

    If problems persist, contact Guardium support.

    Note: When you modify S-TAP parameters in the GUI or through the GuardAPI, S-TAP checks the values before it saves the parameters. When the S-TAP identifies an erroneous value, the value is not saved and Guardium creates an error in the S-TAP event log. The S-TAP uses default values so that it can keep sending traffic.
  • Red: Offline

Procedure

  1. Click Manage > Activity Monitoring > S-TAP Control to open S-TAP Control.
  2. Perform operations on all S-TAPs in the page.
    • Refresh: Refresh display of S-TAPs.
    • Add All to Schedule: Add all displayed S-TAPs to the S-TAP verification schedule. See Windows: Inspection engine verification.
    • Remove All from Schedule: Remove all displayed S-TAPs from the S-TAP verification schedule.
    • Comments: Add comments. See Comments.
  3. Identify the S-TAP to be configured by its IP address or the symbolic hostname of the database server on which it is installed. View and perform operations on individual S-TAPs.
    Option Description
    Delete: delete button Click Delete to remove an S-TAP.

    Deleting S-TAPs is useful to clean up your display when you know that an S-TAP is inactive, or when the Guardium unit is no longer listed as a host in the S-TAP's configuration file. In either of these cases, the S-TAP displays indefinitely with an offline status if you do not delete it.

    You cannot remove an active S-TAP from the list. Clicking Delete does not stop an S-TAP from sending information, and does not remove the Guardium host from the list of hosts that are stored in the S-TAP's configuration file.

    Refresh:refresh button Click Refresh to fetch a copy of the latest S-TAP configuration from the agent. The S-TAP display does not auto-refresh.
    Send Command: send button Opens the S-TAP Commands window, where you can run various commands on the S-TAP host.
    • Restart. Restarts the S-TAP in the mode you select.
      • 0: Restarts the S-TAP. Use this mode in environments without enterprise load balancing.
      • 1: Restarts the S-TAP process while preserving the data in the S-TAP buffer. (The S-TAP picks up the new configuration from the enterprise load balancer without flushing the buffers.) Used in the enterprise load balancer environment.
    • S-TAP logging: Starts S-TAP logging for debugging purposes, at the log level you enter in Level and for the duration you enter in Duration Sec. See DEBUGLEVEL in Debug parameters and Protocol 8 Debug parameters.
    • Run Diagnostics: Run the S-TAP diagnostics script (and upload the results to the Guardium system)
    • Revoke Ignore: All sessions that are ignored by a revocable ignore policy become available, and S-TAP starts capturing the traffic for those sessions.
    • Run Database Instance Discovery: Runs the database instance discovery once, immediately. (By default, it runs once every 24 hours.) Select Replace Inspection Engines only if you want to override defined inspection engines with discovered details, and restart the S-TAP. For a full description of this option, see Windows: Discover database instances.
      You can specify rules that manage how discovered details on database instances are implemented, or not. For more information, see Database discovered instances rules.
    Edit S-TAP configuration: edit icon Opens the S-TAP configuration window. Parameters that do not appear in the GUI are advanced parameters. Do not modify them unless you are an advanced user, or you are instructed to modify them by Guardium Technical Support.
    Show S-TAP Event Log: info icon Click to open the S-TAP event log, where you can see events such as connect, disconnect, GIM server configuration. This log is useful for troubleshooting.
    Add to Schedule If selected, adds the individual S-TAP to the scheduled verification.
    Revoke All Ignored Sessions A database might be running many sessions, some of which are currently ignored. Clear this option to stop ignoring traffic from ignored sessions.