The External S-TAP user interface
Use the External S-TAP instances page to create, monitor, start, stop, and configure Guardium® External S-TAPs.
Use the External S-TAP instances page to deploy an External S-TAP, check on the status of any currently running External S-TAPs, and to modify certain parameters.
To open the page, browse to
.The External S-TAP instances page
The External S-TAP instances page displays all of the currently available External S-TAPs on the current Docker host machine, and provides some tools to help manage them.
- New: Click to deploy a new External S-TAP. For more information, see Deploy External S-TAP window
- Edit: Select an External S-TAP and click to open the Edit External S-TAP group page. For more information, see Edit External S-TAP group tab.
- Delete: Select one or
more stopped External S-TAPs and click
to
delete them from the Guardium database. You cannot delete a running External S-TAP.
If your site uses Kubernetes, deleting the External S-TAP from the UI does not remove it from the Kubernetes cluster. To remove the External S-TAP and all of its underlying structures, delete the External S-TAP deployment and service from the Kubernetes dashboard or by using the kubectl command-line interface. For more information, see the Kubernetes documentation.
- Refresh: Click to update your view of the External S-TAP instances page.
- Comment: Select an External S-TAP from the list and then click to display the Comments window. Add a comment for the selected External S-TAP and then click Close to save and close the window. Other users can reply to comments or add their own.
- Actions: Select an External S-TAP on which to perform one of the actions in the list. For more information, see Actions menu.
- Export: From the Export menu, select one of the
following options to save current information about the available External S-TAPs:
- Download as CSV: Save information in an Excel file.
- Download as PDF: Save information in a PDF file.
- Filter: Enter any string into the Filter text box to exclude External S-TAPs that do not contain the specified string. For example, enter 65 to show only those External S-TAPs that have the number 65 in the host IP address or the Group uuid.
- External S-TAP group: The name of the External S-TAP cluster. The name is created from the database type and the IP address of the Docker host machine.
- Group uuid: The uuid for this cluster. The uuid can either be a generated uuid or a string that was entered as the uuid during deployment.
- Host: The IP address of the Docker host machine.
- Database type: The type of database for this External S-TAP.
- Total members: The total number of containers in this cluster. Each cluster contains both a load balancer and one or more External S-TAP containers.
- Overall status: The status of this External S-TAP cluster.
- If all of the External S-TAPs are down, the status is red.
- If at least one External S-TAP is running, the status is green.
- Healthy members : The number of healthy members in this cluster. For a cluster with multiple External S-TAPs, if Total members is different than Healthy members, you know that some of the External S-TAPs are down.
- Collector: The name of the Guardium collector that this External S-TAP is using.
Actions menu
- Restart: Restarts the S-TAP that runs with this External S-TAP.
- S-TAP logging: From the S-TAP logging window, specify an External S-TAP group, a debug level, as described in Table 1, and a time period for which to monitor S-TAP interaction and save the data to the S-TAP log file.
- Run diagnostics: From the Run diagnostics window, specify an External S-TAP group, a debug level, as described in Table 1, and a time period for which to run the S-TAP diagnostics script. The diagnostics run with the specified debug level and are uploaded to the Guardium collector.
- Revoke ignore: If your installation has the IGNORE STAP SESSION (REVOCABLE) rule set, click Revoke ignore to open the Revoke ignore window. Click Apply for the selected External S-TAP group for the S-TAP to start transmitting data for any sessions that were in an ignore state.
- View details: View and manage details for one or more members of a selected External S-TAP group. If you
view the details of an External S-TAP group that
contains multiple members, all of the members display.From the External S-TAP details window, you can take the following actions:
- View details and version information for each member of the selected External S-TAP group.
- Delete one or more inactive containers in the group. Select the containers that you want to
delete and click . A
confirmation message displays. Click Yes to delete the selected containers.
Note: You can delete only inactive containers.
- View events: View the events for the selected External S-TAP group. For each event, the report identifies the Event type, Event description, Timestamp, and Container (Group uuid). You can filter on any string in the report. For example, to see error messages, enter ERR to display only events with an event type of LOG-ERR.
- View deployment: View selected details about this External S-TAP deployment.
The External S-TAP page includes the following tabs.