Linux-UNIX: S-TAP Control: Details
These parameters define basic properties of the S-TAP. This topic lists the full set of parameters that can display under Details. Not all parameters display for every type of database server.
Name | Default value | Description |
---|---|---|
Version | Read only. The S-TAP version that is installed on the DB server, added to the file during installation or upgrade only. | |
Devices | none | Which interfaces to listen on. Use ifconfig to find the correct interface. |
Load balancing | 0 | Controls load balancing to Guardium® systems. Valid values:
This parameter is also used in enterprise load balancing. For more information, see Enabling enterprise load balancing and associating an S-TAP with a central manager. |
Messages remote | Send messages to the active Guardium host.
|
|
Messages syslog | Send messages to syslog.
|
|
Trace files dir | The directory in which access tracer files are stored. | |
Alternate ips | NULL | Comma-separated list of alternate or virtual IP addresses used to connect to this database server. The alternate_ips parameter is only used when your server has multiple network cards with multiple IPs, or virtual IPs. S-TAP only monitors traffic when the destination IP matches either the S-TAP Host IP defined for this S-TAP, or one of the specified alternate IPs. It's recommended that you specify all virtual IPs. |
App. Server User Identification | Valid values:
|
|
TLS | Select the checkbox to use SSL to encrypt traffic between the S-TAP and the
Guardium
system. This adds ~15% of CPU usage to the sniffer's S-TAP server but does
not affect the sniffer's other modules. Guardium recommends encrypting network traffic between the S-TAP and the collector whenever possible: only in cases where the performance is a higher priority than security should this be disabled. If unencrypted, the traffic between the S-TAP agent and Guardium system is in clear text. |
|
Compres. Level | 0 | Increase the compression level to lower the number of bytes between
the S-TAP and the collector. Changing the compression level is
recommended where latency is high between the data centers, to reduce travel time. Compression might
impact performance on both ends (S-TAP and collector
(sniffer)). The disk usage is not affected by compression. Valid values:
|
All can control | Defines which Guardium
system control this S-TAP. Valid
values:
|
|
Load balancer host name or IP address | Required for enterprise load balancing. If blank, enterprise load
balancing is disabled. The IP address or hostname of the central manager or managed unit this S-TAP uses for load balancing. |
|
Managed Units | 1 | The number of managed units the enterprise load balancer allocates for this S-TAP. |
Include client IP in UID chain for SSH daemon | Add an SSH client
IP:port pair to the UID chain when SSH is identified as one of the processes in the chain. Valid values:
|
|
OS type | Read only. Software version running on the database. | |
DB request handler | Allow the database to access K-TAP without manual
configuration (requires a defined DB user in the Inspection
Engines section).
|
|
Cassandra audit | Create a file appender pipe for Cassandra/Datastax with native audit logging.
Valid values:
|
|
Cassandra audit delimiter | GUARD_DELIM | Cassandra audit reader delimiter. Valid values:
|
Restricted logging | 0 | Controls restricted logging on the collector. Use this
to evaluate the number of records affected by an SQL command, while masking the actual query. This
parameter can only be set by user root on the DB server. Valid values:
|
SQL configuration properties directory | Relevant for Oracle Unified Auditing. The path to the tnsnames.ora file that describes the connections to the database to be monitored. | |
LD library paths | Relevant for Oracle Unified Auditing. The path to the Oracle Instant Client libraries installed on the system. | |
Discovery interval | The interval at which the S-TAP
reports database instance discovery results to the collector. Select only if you want to change the
discovery interval from its default of 24 hours. When you select this option, the UI updates with
two radio buttons: Hour and Minute. Type in any
positive integer to set the discovery interval in either hours or minutes. Clear the Enable discovery interval checkbox to disable. |
|
Wait for DB exec | When S-TAP restarts,
either from a system reboot or user initiated S-TAP stop / start
commands, S-TAP polls all
databases that have been configured to be monitored and begins monitoring all valid configurations.
Any configuration anomalies (either on the database side or the S-TAP side) that
limits S-TAP
ability to monitor a database does not limit the S-TAP from monitoring
other databases with valid configurations. This parameter determines the S-TAP response, and
its status in the S-TAP Control page,
if a DB instance is not available (db_install_dir or
db_exec_file is not accessible) during IE validation, after an S-TAP or DB restart.
|
|
Kerberos plugin directory | Location of the Kerberos file. | |
Force server IP | Forces the reported server IP of database to be the S-TAP Host value.
Valid values:
|
|
Private tap IP | If this parameter is defined, the database uses it for the S-TAP communication. (Relevant when the S-TAP is deployed in a private network; the external, public IP address of the S-TAP is defined by tap_ip. See Linux-UNIX: Configure a public and private address for an S-TAP. | |
Dynamic ring buffers | Dynamically adds and removes S-TAP buffers for each main connection during peak traffic, to
prevent an overflow in the S-TAP buffer. If S-TAP failover happens, data in all buffers is moved to
the new buffers. Valid values:
|
|
KTAP fast TCP verdict | 1 | For TCP connections. Valid values:
|
KTAP fast file verdict | 1 | Push file information to K-TAP for determining
if pipe traffic should be intercepted. For TLI connection, K-TAP sends ioctl to
the S-TAP to
confirm that the session is the database connection configured in the IE by checking ports and IPs,
when ktap_fast_file_verdict is set to 1, then K-TAP does not send
the request to the S-TAP as long as the
session's ports are in the range. Valid values:
|
KTAP fast shmen | Push shmem information to K-TAP to determine if
shmem traffic should be intercepted. Valid values
|
|
KTAP local TCP | This parameter is used for TCP connections.
|
|
QRW installed | 0 | Enable or disable the query rewrite feature. When set to 0, all other
parameters in this group are ignored. Valid values:
|
QRW default state | 0 | Sets the query rewrite activation trigger. Must be 0 if firewall_default_state=1. Valid values:
|
QRW force watch | NULL | Comma-separated list of client IP/MASKs (for example, 1.1.1.1/1.1.1.1,2.2.2.2/2.2.2.2) to watch automatically. Valid when qrw_installed is 1, and qrw_default_state is 0. Cannot be configured to the same IP range as firewall_force_unwatch. |
QRW force unwatch | NULL | Comma separated list of client IP/MASKs (for example, 1.1.1.1/1.1.1.1,2.2.2.2/2.2.2.2) to exclude from watching. Valid when qrw_installed is 1, and qrw_default_state is 1. Cannot be configured to the same IP range as firewall_force_unwatch. |
Hunter trace | Turns on the collection of UID chains. When enabled,
captures the UID but without IP in the string. Use this setting for local TCP/IP connections
including Solaris zones and AIX WPARs, and remote TCP/IP connections when
appserver_installed = 1.
|
|
Load balancer node affinity | Whether the S-TAP connects to more than one managed
unit, for enterprise load balancing. Some scenarios need all traffic to go to the same collector.
With Oracle ATAP, for example, the analyzed client IP only shows if both the encrypted and
unencrypted sessions go to the same managed unit.
|