Predefined common reports

This section provides a short description of all predefined reports available for users with either default user access rights or default admin access rights.

The common reports are:
  • Data Source Version History
  • Data Sources

Status Monitor

The Status Monitor graphical report displays the current state of the guardium appliance: how many packets per second and requests per second it is processing, how much disk space and memory is being used, and so forth. Each field is described in the following table.

The box displays the output of the Linux® VMSTAT command. If you are familiar with that command, these statistics should be familiar to you.

Field Description
procs

The number of processes:

r: Waiting for run time.

b: In uninterruptable sleep (blocked, waiting for another event).

memory

Memory use (kB):

swpd: Amount of virtual memory used.

free: Amount of idle memory.

buff: Amount used as buffers.

cache: Amount reserved for cache.

swap

Amount of memory (kB):

si: Swapped in from disk.

so: Swapped out to disk.

io

Input/Output blocks (kB/s):

bi: Blocks received from a block device

bo: Blocks sent to a block device

system

System:

in: Interrupts per second, including the clock

cs: Context switches per second

cpu

Percentage of total CPU time used by:

us: Time spent running non-kernel code

sy: Time spent running kernel code

id: Idle time (not including waiting for IO)

wa: Time spent waiting for IO

st: Time stolen from a virtual machine

(n)pps / (m)rps In the arrow next to the Analysis Engine, two averages are calculated for the last five seconds: n is the average number of network packets per second, and m is the average number of network database requests per second.
Analysis Engine

(q-d) ------ (p)

For the Analysis Engine, the first line lists the total number of messages queued for processing (q), followed by the number of messages dropped (d) because the buffer was in danger of becoming filled. The second line lists the total number of messages processed (p). The number processed will be reset to zero whenever the inspection engine is restarted.
Server Type

(q) ---- (p)

For each server type, the number of messages awaiting processing (q) is listed and the number of messages processed (p) is listed.
Free Disk Space The number of bytes free.
DB n% Full The percentage of the database space allocation that is used.
Files/Other The Files/Other portion of Status Monitor represents the data accumulated in nondb-sql logger.

Nondb-sql logger logs close session events arriving to the Analyzer from “ignored” sessions that have been internally closed by the Analyzer (INACTIVE_FLAG=-1). The Analyzer has the ability to close connections by timeout (if session has been inactive for a long time). If close session data arrives to the Analyzer from “ignored” session that has been closed by timeout, it is recorded in the nondb-sql-logger section.

Analyzer never records data directly to database. This section also represents number of DB requests sent by Analyzer to Logger, as well as other supported protocols such as SCP.

Data Source Version History

Default Layout Location
  • admin: available as drill-down from the Data Sources report
  • user: Discover > DB Discovery

Data Sources

Lists all datasources defined: Data -Source Type, Data-Source Name , Data-Source Description, Host, Port, Service Name, User Name, Database Name, Last Connect, Shared, and Connection Properties..

You can restrict the output of this report using the Data Source Name run time parameter, which by default is set to “%” to select all datasources.

Domain Based on Query Main Entity
internal - not available Data-Sources not available
Run-Time Parameter Operator Default Value
Data Source Name LIKE %
Period From >= NOW -1 DAY
Period To <= NOW

Predefined Audit Processes

There is one predefined audit process named Appliance Monitoring, which contains the proceeding reports listed. This audit process is inactive by default. The administrator can activate and schedule it according to his or her needs.

Note: When scheduling this audit process, check that the FROM/TO dates for each report make sense for the process interval being defined (for example, it doesn’t make sense to have a reporting period of one day if the audit process runs only once a week - you will miss six days of activity).
The Appliance Monitoring audit process contains the following reports:
  • Failed Logins to Guardium
  • Active Guardium Users
  • Aggregation/Archive Errors
  • Policy Related Changes
  • Inspection Engines and S-TAP Changes
  • Data Source Changes
  • CAS Instance Configuration Changes
  • CAS Instances
  • CAS Templates
  • Scheduled Jobs Excep