Linux-UNIX: Configure standard verification

Use this task to add all inspection engines on a specific S-TAP client host to the verification schedule.

About this task

As an alternative to this procedure, you can:
  • use the GRDAPI command verify_stap_inspection_engine_with_sequence.
  • Use the procedure in Linux-UNIX: Configure advanced verification to configure verification on individual inspection engines, by clicking Verify in step 3. The system immediately outputs results. Failed checks are shown first, with recommendations for next steps. Checks that succeeded are shown in a collapsed section at the end of the list. In some situations, it might be useful to review the successful checks in order to choose among possible next steps.

Procedure

  1. Access Manage > Activity Monitoring > S-TAP Control.
  2. Use these options:
    • Add All to Schedule: add all inspection engines for all displayed S-TAPs to verification.
    • Remove All from Schedule: remove all inspection engines for all displayed S-TAPs from verification.
    • Add to Schedule: add all inspection engines of the selected S-TAP client to the schedule.
    If an S-TAP does not have the option All Can Control enabled, you can only change its status if your Guardium system is the primary system for this S-TAP.
  3. Click Refresh.
  4. To verify now, go to Manage > Activity Monitoring > S-TAP Verification Scheduler and click Run Once Now.
  5. By default, the system waits five seconds before displaying verification results. If your network latency is high, this might not be enough time to receive the expected response from the database server. If you need to allow more time, you can use the store stap network_latency CLI command to change the period.

What to do next

View the verification results in the S-TAP Verification page (Manage > Reports > Activity Monitoring > S-TAP® Verification page).