Login information dump example

Use the login information dump session level policy to help resolve Sniffer connection issues.

When you work with Guardium technical support to solve Sniffer issues, your support person might ask you to configure and run the slon looper or the login information dump session level policy. The slon looper and login information dump policy work together as follows.

The login information dump is a standard session-level policy template. To use this policy, click Clone policy to make a copy of the policy and make changes as needed. For example, you can specify a database username, an IP address, or other information.

Let's say that you have a scenario in which the username is empty, but packets aren't dropped in either the S-TAP or in Sniffer. One cause might be that the login sequence was encrypted or garbled and was sent more than 1 hour before the session’s first statement. If the session received the login sequence, but timed out after an hour, then no information is available to log. In this case, the first incoming statement opens new session without login information and an error occurs. The login information dump session-level policy can help find these kinds of issues.

This example has two rules:

  • Rule 1: Configure a login dump (CONFIGURE DUMP LOGIN)
    • Session level criteria: None.
    • Rule action: CONFIGIRE Option =DUMP_LOGIN:ON
  • Rule 2: Create the login dump (DUMP LOGIN)
    • Session level criteria: None.
    • Rule action: LOG EXCEPTION = SESSION EXCEPTION
    • Exception message = DUMP_LOGIN:DUMP_LOGIN: Session $(SESSION_INFO)$

SR language example

This example creates a login dump for an Oracle database.
SR_POLICIES
{
    IF (DB_TYPE = 'ORACLE' )
    {
        CONFIGURE OPTION = 'DUMP_LOGIN:ON'
    }
    IF (DB_TYPE = 'ORACLE' STATEMENT LIKE 'BEGIN%')
        LOG EXC_TYPE = SESSION_EXCEPTION EXC_MSG = DUMP_LOGIN:DUMP_LOGIN: Session $(SESSION_INFO)$. Packets logged.

}