Correct IP address (Oracle) example

When the Oracle connection manager handles the connection to the database server, the connection manager can insert the wrong IP address and other information. The following example shows how to ensure that Guardium has the correct information from Oracle.

This example has two rules.

Rule 1: If the session is not logged after 30 packets are received on the collector, then ignore this session.
  • Session level criteria: No criteria
  • Rule action = IGNORE SESSION

    Packets limit = 30

Rule 2: Map Oracle connection information correctly.
  • Session level criteria:
    • Client IP address = 10.10.10.10
    • Database type = ORACLE
    • Operating system user In Group, where:
      • Group type = OS User
      • Members = A list of allowed operating system users.
    • Server port = 1521
    • Session = LOCAL
  • Rule actions:
    1. TRANSFORM SERVER HOST NAME
      • Source = SERVER HOST NAME
      • Search prefix = redwood
      • Output format = rh7u1-lenx01
    2. TRANSFORM ANALYZED CLIENT IP
      • Source = CLIENT HOST NAME
      • Search prefix = redwood
      • Output format = (.*)
    3. TRANSFORM SERVER DESCRIPTION
      • Source = ANALYZED CLIENT IP
      • Search prefix = 10
      • Output format = WITH ORACLE CONNECTION MANAGER

SR language example

SR_POLICIES
{
         IF (*) { IGNORE_SESSION PACKETS_LIMIT = 30 }

         IF (CLIENT_IP = '10.10.10.10' SESSION = 'LOCAL' OS_USER = ('',1) DB_TYPE = 'ORACLE' SERVER_PORT = 1521) 
        {
                TRANSFORM_SERVER_HOST_NAME SEARCH_PREFIX = 'redwood' 
                OUTPUT_FORMAT = 'rh7u1-lenx01'

                TRANSFORM_ANALYZED_CLIENT_IP SEARCH_PREFIX = 'redwood' 
                SOURCE = CLIENT_HOST_NAME OUTPUT_FORMAT = '(.*)'

               TRANSFORM_SERVER_DESC SEARCH_PREFIX = '10' 
               SOURCE = ANALYZED_CLIENT_IP OUTPUT_FORMAT = 'WITH ORACLE CONNECTION MANAGER'

        }
GROUP_ID = 1 SIZE = 1 { 'or18cl' }
}