The External S-TAP user interface

Use the External S-TAP instances page to create, monitor, start, stop, and configure Guardium® External S-TAPs.

Use the External S-TAP instances page to deploy an External S-TAP, check on the status of any currently running External S-TAPs, and to modify certain parameters.

To open the page, browse to Manage > Activity Monitoring > External S-TAP Control.

The External S-TAP instances page

The External S-TAP instances page displays all of the currently available External S-TAPs on the current Docker host machine, and provides some tools to help manage them.

From the External S-TAP instances page, you can select the following tools:
  • New: Click New icon to deploy a new External S-TAP. For more information, see Deploy External S-TAP window
  • Edit: Select an External S-TAP and click Edit icon (pencil) to open the Edit External S-TAP group page. For more information, see Edit External S-TAP group tab.
  • Delete: Select one or more stopped External S-TAPs and click Delete icon to delete them from the Guardium database. You cannot delete a running External S-TAP.

    If your site uses Kubernetes, deleting the External S-TAP from the UI does not remove it from the Kubernetes cluster. To remove the External S-TAP and all of its underlying structures, delete the External S-TAP deployment and service from the Kubernetes dashboard or by using the kubectl command-line interface. For more information, see the Kubernetes documentation.

  • Refresh: Click Refresh icon to update your view of the External S-TAP instances page.
  • Comment: Select an External S-TAP from the list and then click Comment icon to display the Comments window. Add a comment for the selected External S-TAP and then click Close to save and close the window. Other users can reply to comments or add their own.
  • Actions: Select an External S-TAP on which to perform one of the actions in the list. For more information, see Actions menu.
  • Export: From the Export menu, select one of the following options to save current information about the available External S-TAPs:
    • Download as CSV: Save information in an Excel file.
    • Download as PDF: Save information in a PDF file.
  • Filter: Enter any string into the Filter text box to exclude External S-TAPs that do not contain the specified string. For example, enter 65 to show only those External S-TAPs that have the number 65 in the host IP address or the Group uuid.
For each External S-TAP, the following information displays:
  • External S-TAP group: The name of the External S-TAP cluster. The name is created from the database type and the IP address of the Docker host machine.
  • Group uuid: The uuid for this cluster. The uuid can either be a generated uuid or a string that was entered as the uuid during deployment.
  • Host: The IP address of the Docker host machine.
  • Database type: The type of database for this External S-TAP.
  • Total members: The total number of containers in this cluster. Each cluster contains both a load balancer and one or more External S-TAP containers.
  • Overall status: The status of this External S-TAP cluster.
    • If all of the External S-TAPs are down, the status is red.
    • If at least one External S-TAP is running, the status is green.
  • Healthy members : The number of healthy members in this cluster. For a cluster with multiple External S-TAPs, if Total members is different than Healthy members, you know that some of the External S-TAPs are down.
  • Collector: The name of the Guardium collector that this External S-TAP is using.

Actions menu

After you select an External S-TAP, you can select any of the following options from the Actions menu:
  • Restart: Restarts the S-TAP that runs with this External S-TAP.
  • S-TAP logging: From the S-TAP logging window, specify an External S-TAP group, a debug level, as described in Table 1, and a time period for which to monitor S-TAP interaction and save the data to the S-TAP log file.
  • Run diagnostics: From the Run diagnostics window, specify an External S-TAP group, a debug level, as described in Table 1, and a time period for which to run the S-TAP diagnostics script. The diagnostics run with the specified debug level and are uploaded to the Guardium collector.
  • Revoke ignore: If your installation has the IGNORE STAP SESSION (REVOCABLE) rule set, click Revoke ignore to open the Revoke ignore window. Click Apply for the selected External S-TAP group for the S-TAP to start transmitting data for any sessions that were in an ignore state.
  • View details: View and manage details for one or more members of a selected External S-TAP group. If you view the details of an External S-TAP group that contains multiple members, all of the members display.
    From the External S-TAP details window, you can take the following actions:
    • View details and version information for each member of the selected External S-TAP group.
    • Delete one or more inactive containers in the group. Select the containers that you want to delete and click Delete icon. A confirmation message displays. Click Yes to delete the selected containers.
      Note: You can delete only inactive containers.
  • View events: View the events for the selected External S-TAP group. For each event, the report identifies the Event type, Event description, Timestamp, and Container (Group uuid). You can filter on any string in the report. For example, to see error messages, enter ERR to display only events with an event type of LOG-ERR.
  • View deployment: View selected details about this External S-TAP deployment.

The External S-TAP page includes the following tabs.