General parameters

These parameters define basic properties of the S-TAP running on a Windows server and the server on which it is installed, and do not fall into any of the other categories.

These parameters are stored in the [VERSION] section of the S-TAP properties file: guard_tap.ini.
Attention: If a parameter is available through both the GIM and the command line interface (CLI), then the GIM parameter, including any defaults, always overwrites any value that is available from WINSTAP_CMD_LINE.
Table 1. S-TAP configuration parameters in the [VERSION] section
GUI guard_tap.ini Description Protocol version
  STAP_CLIENT_BUILD Read only. The build version of the installed S-TAP. 7 and 8
Version PROTOCOL_VERSION Read only. The version of the Guardium® system. 7 and 8
These parameters are stored in the [TAP] section of the S-TAP properties file: guard_tap.ini.
Table 2. S-TAP configuration parameters in the [TAP] section
GUI GIM guard_tap.ini Default value Description Protocol version
    ADD_TO_VERTIFICATION_SCHEDULE     7 and 8
All can control WINSTAP_ALL_CAN_CONTROL ALL_CAN_CONTROL 0 Defines which Guardium systems control this S-TAP. Valid values:
  • 0: S-TAP is controlled by the primary Guardium system
  • 1: S-TAP can be controlled by any Guardium system
 7 and 8
  WINSTAP_BUFFER_FILE_MAX_SIZE BUFFER_FILE_MAX_SIZE 250 Advanced. The maximum size, in MB, that the Memory commit expands to. Maximum value is 1000. 7
  WINSTAP_BUFFER_FILE_MAX_SIZE BUFFER_FILE_MAX_SIZE 512 The maximum amount of memory, in MB, that the STAP can use to buffer overhead and traffic data. In practice the STAP may not hit this limit exactly, it may use a little less or a little more memory that specified. Valid values: integer, ≥50. 8
  BUFFER_FILE_MEM_FOOTPRINT 8 12.0 Deprecated in 12.1. Advanced. The maximum fraction of the total memory that is allocated for the dynamic buffer increase. The default value of 8 translates to 1/8 of the total memory. The minimum parameter value is 2, meaning that you cannot allocate more than 1/2 of the total memory. 7 and 8
  WINSTAP_BUFFER_MMAP_FILE_SIZE BUFFER_MMAP_FILE 0
  • 0=virtual memory allocation
  • 1=memory mapped file option.
7
  WINSTAP_BUFFER_FILE_SIZE BUFFER_FILE_SIZE 50 Advanced. The initial size of the buffer. The range is 5 - 1000 in MB. 7
Compres.level WINSTAP_COMPRESSION_LEVEL COMPRESSION_LEVEL 0 Compression level. Valid values:
  • 0: No compression
  • 1-9: Compression level. Nine is the maximum.
 7
  WINSTAP_CMD_LINE     In rare cases, the S-TAP named pipes driver can interact with other third-party software in ways that slow the server down. To turn off the named pipes driver, set the -nmp parameter to off. The named pipes driver is removed at the next system reboot.
Notes:
  • The named pipes driver is not removed during an upgrade. A reboot is always required.
  • If you turn off the named pipes driver, then the S-TAP does not capture named pipes traffic.

For more information about using the WINSTAP_CMD_LINE parameter with GIM, see GIM user interfaces.

 7 and 8
  WINSTAP_CORRELATION_LIMIT CORRELATION_LIMIT 200 Limits the amount of traffic buffered by each session. Once the limit is reached S-TAP stops waiting for the correlation key as if a correlation timeout occurred, and all buffered traffic is released to the appliance.

Minimum value=100; no maximum value

 7 and 8
  WINSTAP_CORRELATION_TIMEOUT CORRELATION_TIMEOUT 120 The number of seconds the WFP and NMP sniffers wait for correlation to occur before giving up and resuming the flow of traffic to the appliance.
Valid values:
  • Minimum value: 1
  • Maximum value: 600
 7 and 8
  WINSTAP_CPU_LOAD_LIMIT CPU_LOAD_LIMIT 100 The CPU load threshold (as a percentage) for S-TAP. Valid values 1 - 100. 7 and 8
  WINSTAP_CPU_INTERVALS_ALLOWED CPU_INTERVALS_ALLOWED 30 The number of intervals (in minutes) that the CPU can be greater than the threshold before an action is triggered. Valid values 1 - 360. 7 and 8
  WINSTAP_DB_IGNORE_RESPONSE DB_IGNORE_RESPONSE   Ignore response at inspection level. Use this function to ignore all database responses at the S-TAP level, without sending anything to the Guardium system. In certain environments, where only interested in client transactions, this function saves bandwidth and processing time for the S-TAP and the Guardium system. Use this function for an easier configuration for ignoring unwanted responses from the database, without loading the network. Database types can be listed as comma separated or ALL can be specified to ignore responses from all types of databases, for example, DB_IGNORE_RESPONSE=ALL or DB_IGNORE_RESPONSE=MSSQL,DB2. Supported DB types: ALL, MSSQL_NP, MSSQL, MYSQL, TRD, PGRS, MSSYB, ORACLE, DB2, DB2_EXIT, INFORMIX, KERBEROS, FTP, CIFS.
Remember: For Protocol 8 only: Dynamic parameter. When you modify the value in the guard_tap.ini, the S-TAP does not need restarting for the updated values to take effect.
 7 and 8
  WINSTAP_DB_IGNORE_RESPONSE_BYPASS_BYTES DB_IGNORE_RESPONSE_BYPASS_BYTES 65535 Ignore DB responses after specified number of bytes.
Remember: For Protocol 8 only: Dynamic parameter. When you modify the value in the guard_tap.ini, the S-TAP does not need restarting for the updated values to take effect.
 7 and 8
  WINSTAP_DB_IGNORE_RESPONSE_FILTER DB_IGNORE_RESPONSE_FILTER 0.0.0.0/0.0.0.0 Comma separated list of IP/MASKs to be response-ignored. Any DB responses of the type specified by DB_IGNORE_RESPONSE to the specified IP/MASKs are ignored. Valid values:
  • NULL: No filtering of responses
  • 0.0.0.0/0.0.0.0: All IPs are filtered
 7 and 8
  WINSTAP_DB_IGNORE_RESPONSE_LOCAL DB_IGNORE_RESPONSE_LOCAL 1 Filtering of local db responses. Valid values:
  • 0: No
  • 1: Yes
Note: TCP traffic is not considered Local traffic for db_ignore_response_local parameter.
 7 and 8
  WINSTAP_DB_IGNORE_RESPONSE_RESETS_PER_REQUEST DB_IGNORE_RESPONSE_RESETS_PER_REQUEST 1 The DB_IGNORE_RESPONSE_BYPASS_BYTES is reset on each request's response. Valid values:
  • 0: No
  • 1: Yes
 7 and 8
WINSTAP_DB2_EXIT_DRIVER_INSTALLED DB2_EXIT_DRIVER_INSTALLED   Enable Db2 Exit library integration. Valid values:
  • 0: Disabled
  • 1: Enabled
 7 and 8
  WINSTAP_DB2_PROTOCOLS DB2_PROTOCOLS LOCAL,PIPES,SSL Specifies the protocols that Db2 exit monitors. 7 and 8
  WINSTAP_DB2_SSL_DRIVER_INSTALLED DB2_SSL_DRIVER_INSTALLED 0 Specifies whether the DB2 SSL engine is installed. Valid values:
  • 0: Disabled
  • 1: Enabled
 7 and 8
  WINSTAP_DB2_TAP_INSTALLED DB2_TAP_INSTALLED 0 Set to 1 for sniffing Db2 shared memory traffic. Starts the Db2 TAP Service when set to 1.
Note: For a fresh S-TAP installation on a server where a Db2 database is installed, the DB2_TAP_INSTALLED parameter is automatically enabled if DB2_EXIT_DRIVER_INSTALLED and DB2_SSL_DRIVER_INSTALLED are disabled.
 7 and 8
  DISABLE_SHARED_MEMORY_IF_TURNED_ON 0   7
  WINSTAP_DOMAIN_CONTROLLER DOMAIN_CONTROLLER Null The name of the specific controller from which the SID/usernames map should be read. 7 and 8
  WINSTAP_DYNAMIC_BUFFER_INCREASE DYNAMIC_BUFFER_INCREASE 0 Advanced. Enables the dynamic buffer feature: when the buffer gets to 75% full in the current S-TAP session, the buffer size increases incrementally by 50 MB. The feature is controlled by buffer_file_size and buffer_file_max_size. Valid values:
  • 0: Disabled
  • 1: Enabled
 7
  WINSTAP_FAILOVER_FAILFORWARD_DELAY FAILOVER_FAILFORWARD_DELAY 0 The amount of time, in seconds, that the STAP waits for a failed appliance to come back to life before switching to the secondary appliance.
Valid values: integer, ≥ 0. 		8
  WINSTAP_FAILOVER_FAILBACK_DELAY FAILOVER_FAILBACK_DELAY 30 The amount of time, in seconds, that the S-TAP waits after the primary appliance comes back online before switching back to the primary from the secondary.
Valid values: integer, 0 and higher		 8
  WINSTAP_FAILOVER_ENABLED FAILOVER_ENABLED 1 Controls S-TAP or enterprise failover. Enterprise failover is enabled if LOAD_BALANCER_IP is not NULL. The S-TAP fails over to a secondary appliance when the primary appliance goes down or is otherwise unreachable. Valid values:
  • 0: disabled
  • 1: enabled
 8
  WSTAP_FAM_PROTECT_PRIVILEGED FAM_PROTECT_PRIVILEGED 0 Valid values:
  • 0: The FAM for Windows software does not provide any blocking functionality for either the domain or local Administrator accounts. An Administrator user can still access a file or folder that is marked to be blocked by policy.
  • 1: The FAM for Windows software treats the Administrator accounts like any other account on the machine. Files that are marked to be blocked are blocked for regular users, as well as the Administrator users.
 7
  FILE_SNIFFER_FREQUENCY 45 Frequency, in seconds, of:
  • Registration attempts with a Guardium system if a previous attempt was not successful.
  • S-TAP checks for new logs available from Program Files\IBM\Windows S-TAP\Logs for uploading on to collector.
 7
  WINSTAP_FIREWALL_VERDICT_DELAY FIREWALL_VERDICT_DELAY 5 The number of milliseconds delay before applying verdicts from the collector. Smaller values results in decrease of end-user latency but increases CPU usage. Larger values decrease overall system CPU usage but increase end-user latency.

Minimum value: 0

Maximum value: 30

 7 and 8
  WINSTAP_FORCE_LOG_LIMITED FORCE_LOG_LIMITED 0 Forces restricted logging on the collector. Use this parameter to evaluate the number of records affected by an SQL command, while masking the actual query. This parameter can be set only by user root on the DB server. Valid values:
  • 0: No logging allowed
  • 1: Log with masking, only logins are allowed (sent packets are flagged with LOGALWAYSMASK). Forces encryption to be on in the S-TAP regardless of any other settings; traffic is sent to the collector only after the collector indicates that it is aware of the parameter value. Otherwise, the S-TAP logs a message that traffic can't be sent, and its status is red in the S-TAP Control page.
  • 2: All packets are allowed (sent packets are flagged with LOGACCESSONLY)
 7
  WINSTAP_GLOBAL_SESSION_KEY GLOBAL_SESSION_KEY 0 12.1 and later When set to 1, allows the S-TAP to use the extended session key, which provided more unique IDs for each session.
Valid values:
  • 0 (off, default)
  • 1 (on)

Setting GLOBAL_SESSION_KEY to 1 reduces the chances that the S-TAP reuses an ID, which in turn helps to ensure that data packets are correlated correctly.

Note: Do not change the value of this parameter when restarting the S-TAP. You might lose session information for open sessions.
 7 and 8
  WINSTAP_GUARDIUM_CA_PATH GUARDIUM_CA_PATH NULL Location of the Certificate Authority certificate.
Remember: For Protocol 8 only: Dynamic parameter. When you modify the value in the guard_tap.ini, the S-TAP does not need restarting for the updated values to take effect.
 7 and 8
  WINSTAP_GUARDIUM_CRL_PATH GUARDIUM_CRL_PATH NULL The path to the Certificate Revocation list file or directory. 7 and 8
  WINSTAP_HANDLE_COUNT_INTERVALS_ALLOWED HANDLE_COUNT_INTERVALS_ALLOWED 30 The number of intervals (in minutes) that the handle count can be greater than the threshold before an action is triggered. Valid values 1 - 360. 7 and 8
  WINSTAP_HANDLE_COUNT_LIMIT HANDLE_COUNT_LIMIT 5000 The handle count threshold for S-TAP before an action is triggered. Valid values 300 - 10,000. 7 and 8
  HIGH_RESOLUTION_TIMER 0 Valid values:
  • 0: Send time stamps in milliseconds.
  • 1: Send time stamps in microseconds, but use milliseconds system timer (to reduce system performance hit - multiply milliseconds by 1000).
  • 2: Send time stamps in microseconds, use high-resolution windows timer (most accurate).
For cases 1 and 2, the S-TAP indicates to the Guardium system that micro seconds are sent, by setting the reserved byte in PacketData to 1. 		7 and 8
    INFORMIX_LOG_SIZE     7 and 8
    INFX_SSL_DRIVER_INSTALLED     7 and 8
WINSTAP_INITIAL_BALANCER_MU_GROUP INITIAL_BALANCER_MU_GROUP   The managed unit group name to associate with this S-TAP (by the central manager load balancer) when installing an S-TAP. S-TAP stops sending group information after the first successful request. 7 and 8
WINSTAP_INITIAL_BALANCER_TAP_GROUP INITIAL_BALANCER_TAP_GROUP   The S-TAP group name to associate with this S-TAP (by the central manager load balancer) when installing an S-TAP. S-TAP stops sending group information after the first successful request. 7 and 8
    INTERVAL     7
    LDAP_DRIVER_INSTALLED     7 and 8
  WINSTAP_LOAD_BALANCER_BACKUP LOAD_BALANCER_BACKUP Null The DNS name or IP address of the backup central manager. The backup central manager is used to service load balancing request if the primary central manager (LOAD_BALANCER_IP) is down. 8
  WINSTAP_LOAD_BALANCER_IP LOAD_BALANCER_IP Null IP address or hostname of the load balancer unit. If not defined, S-TAP does not use enterprise load balancing. 7 and 8
  WINSTAP_LOAD_BALANCER_NUM_MUS LOAD_BALANCER_NUM_MUS 1 If you specify a LOAD_BALANCER_IP, LOAD_BALANCER_NUM_MUS is the number of managed units that enterprise load balancing will assign. If LOAD_BALANCER_IP is null, S-TAP does not use enterprise load balancing and LOAD_BALANCER_NUM_MUS is ignored. 7 and 8
  WINSTAP_LOAD_BALANCER_PORT LOAD_BALANCER_PORT 8443 Port of the load balancer unit.
Valid values: 1024-65535
Remember: For Protocol 8 only: Dynamic parameter. When you modify the value in the guard_tap.ini, the S-TAP does not need restarting for the updated values to take effect.
 7 and 8
  WINSTAP_LOG_LEVEL LOG_LEVEL   The verbosity of the overall logging of the S-TAP output to the Stap.ctl circular text log file.
Range: 0 (lowest verbosity)-10 (highest verbosity)
Default=4		 8
  WINSTAP_LOG_DB2_CONNECTIONS LOG_DB2_CONNECTIONS 0 The Db2 protocol's status information. Valid values:
  • 0: status information is not logged to the STAP.CTL file
  • 1: logs items like connection establishment, connection termination, and a few others.
 8
  WINSTAP_LOG_INFORMIX_CONNECTIONS LOG_INFORMIX_CONNECTIONS 0 The INFORMIX protocol's status information. Valid values:
  • 0: status information is not logged to the STAP.CTL file
  • 1: logs items like connection establishment, connection termination, and a few others.
 8
  WINSTAP_LOG_NMP_CONNECTIONS LOG_NMP_CONNECTIONS 0 Named Pipe connection information is logged in S-TAP. Valid values:
  • 0: Disabled
  • 1: Enabled
 7 and 8
    LOG_NMP_MUTE 0 Mutes the Premonitory logs. Valid values:
  • 0 (off, default)
  • 1 (on)
 7 and 8
    LOG_STP_MUTE 0 Mutes the S-TAP logs. Valid values:
  • 0 (off, default)
  • 1 (on)
 7
  WINSTAP_LOG_ORA_CONNECTIONS LOG_ORA_CONNECTIONS 0 The ORA protocol's status information. Valid values:
  • 0: status information is not logged to the STAP.CTL file
  • 1: logs items like connection establishment, connection termination, and a few others.
 8
    LOG_STAP_MUTE 0 Mutes the S-TAP logs. Valid values:
  • 0 (off, default)
  • 1 (on)
 8
  WINSTAP_LOG_WFP_CONNECTIONS LOG_WFP_CONNECTIONS 0 TCP information is logged in S-TAP. Valid values:
  • 0: Disabled
  • 1: Enabled
 7 and 8
    LOG_WFP_MUTE 0 Mutes the Premonitory logs. Valid values:
  • 0 (off, default)
  • 1 (on)
 7 and 8
  MAXIMUM_PACKET_NUM 300,000 Sets the maximum packet ID. When Guardium reaches the maximum number (300,000), the packet ID is reset and the IDs are incremented from 0. 7
  WINSTAP_MEM_USAGE_INTERVALS_ALLOWED MEM_USAGE_INTERVALS_ALLOWED 30 The number of intervals (in minutes) that memory usage can be greater than the threshold before an action is triggered. Valid values 1 - 360. 7 and 8
  WINSTAP_MEM_USAGE_LIMIT MEM_USAGE_COUNT_LIMIT 10240 The memory usage threshold for S-TAP before an action is triggered. Valid values 50-20480. 7 and 8
    MEM_USAGE_LIMIT     7 and 8
  WINSTAP_MIN_BYTES_TO_COMPRESS MIN_BYTES_TO_COMPRESS 500 Advanced. Minimum size of message to compress. 7
  WINSTAP_NAMED_PIPES_DRIVER_INSTALLED NAMED_PIPES_DRIVER_INSTALLED 0 Set to 1 for local named pipes sniffing. Valid values:
  • 0: no
  • 1: yes
 7 and 8
  WINSTAP_NMP_SNIFFER_PAUSE NMP_SNIFFER_PAUSE 0 The length of the pause, in milliseconds, after every packet on the Named Pipes thread (to reduce CPU consumption). 7
  NOT_SEND_TO_SQLGUARD 0 Advanced. Send nothing to the Guardium system. 7
    NPTRC_LOG_SIZE     7 and 8
  NUMBER_OF_PROCESSORS 4 Read only. Number of processors on the machine 7
    ORA_DRIVER_INSTALLED     7 and 8
    ORACLE_LOG_SIZE     7 and 8
    OS_TYPE     7 and 8
  WINSTAP_NMP_THREAD_PRIORITY NMP_THREAD_PRIORITY 0 The thread priority of all the threads responsible for processing Named Pipes-based database traffic relative to other threads in the system.
Valid values: -2 to 2.		 8
Load balancing WINSTAP_PARTICIPATE_IN_LOAD_BALANCING PARTICIPATE_IN_LOAD_BALANCING 0 Controls S-TAP load balancing (not enterprise load balancing) to Guardium systems. Valid values:
  • 0: No load balancing.
  • 1: Load balancing. Traffic is balanced between the primary and secondary servers, which are defined in the SQLGuard section.
  • 2: Redundancy. Fully mirrored S-TAP sends all traffic to all primary and secondary servers, which are defined in the SQLGuard section.
  • 3: Hardware load balancing. Guardium uses a load balancer such as F5 or Cisco. S-TAP sends the traffic to the load balancer, which forwards it to one of the collectors in the pool.
Use the primary parameter in the SQLGUARD section to specify primary, secondary (and so on), servers. If this parameter is set to 0, and you have more than one Guardium system monitoring traffic, then the non-primary Guardium systems are available for failover.		 7 and 8
  WINSTAP_PRIORITY_QUEUE_ENABLED PRIORITY_QUEUE_ENABLED 1 Valid values:
  • 0: Disabled
  • 1: S-TAP sends the PRIORITY_COUNT number of packets per session. See priority_count.
 7 and 8
  WINSTAP_QUERY_REWRITE_VERDICT_DELAY QUERY_REWRITE_VERDICT_DELAY 5 The number of milliseconds to delay before applying verdicts from the collector. Smaller values decrease end-user latency at the expense of increased CPU usage. Larger values decrease overall system CPU usage at the expense of increased end-user latency.

Minimum value: 0

Maximum value: 30

 7 and 8
Messages: remote REMOTE_MESSAGES 1
  • 1: Send messages to the active Guardium
  • 0: Do not send messages
  • system
 7 and 8
  SEND_LEVEL 0 Advanced. Used for thread prioritization. 7
  SOFTWARE_TAP_HOST   The database server host on which S-TAP is installed. It can be an IP address or a name that is recognized by the DNS server. There is no default.

If the SOFTWARE_TAP_HOST configuration is invalid, the value is automatically replaced with a valid local IP address.

SQLGUARD_IP and SOFTWARE_TAP_HOST must be both either IPv4 or IPv6. Do not mix IP modes for these addresses.

Remember: For Protocol 8 only: Dynamic parameter. When you modify the value in the guard_tap.ini, the S-TAP does not need restarting for the updated values to take effect.
 7 and 8
  WINSTAP_SQLGUARD_CERT_CN SQLGUARD_CERT_CN NULL The common name to expect from the Sqlguard certificate.
Remember: For Protocol 8 only: Dynamic parameter. When you modify the value in the guard_tap.ini, the S-TAP does not need restarting for the updated values to take effect.
 7 and 8
  12.1 and later WINSTAP_SSPI_NAME_LIMIT SSPI_NAME_LIMIT 10000 The maximum number of SSPI names that the correlators can store in the STAP at a time. Any names over this limit are dropped and result in a missing DB_USER.

Maximum value: 20000

Minimum value: 500

 7 and 8
  12.1 and later WINSTAP_SSPI_NAME_TTL SSPI_NAME_TTL 120 The number of seconds that an SSPI name remains in the STAP. The names that dreaming beyond the time interval are dropped and result in a missing DB_USER.

Minimum value: 5

Maximum value: 300

 7 and 8
  12.1 and later WINSTAP_SSPI_SESSION_MEMORY SSPI_SESSION_MEMORY 40 This is the amount of memory in MB that can be utilized to buffer traffic while waiting the delivery of Kerberos names for sessions that are currently active. Traffic is released when this limit is reached, which results in missing DB_USERs.

Minimum value: 1

Maximum value: 1024

 7 and 8
  12.1 and later WINSTAP_SSPI_SESSION_TTL SSPI_SESSION_TTL 60 The duration for which the login packets must wait for a Kerberos name to be sent to them. If a login packet remains beyond the designated time duration, then they are released to the collector, and result in missing DB_USER.

Minimum value: 1

Maximum value: 300

 7 and 8
    SSL_BANNED_PROTOCOLS     7 and 8
  WINSTAP_STAP_STATISTIC STAP_STATISTIC -5 The interval at which the S-TAP sends its statistics information to the collector.
  • Positive integer: for hours
  • Negative integer: minutes
  • 0: do not send
 7 and 8
    SYBASE_DRIVER_INSTALLED     7 and 8
    SYNCH_FLAG 1 Read only. Indicates whether parameters are synchronized with the UI. 7 and 8
    TAP_DBSERVER_NAMES     7
  WINSTAP_STATISTICS STATISTICS 60 The interval at which the S-TAP its statistics information to the collector. Valid values: 5 and higher 8
  WINSTAP_TAP_FAILOVER_SESSION_QUIESCE TAP_FAILOVER_SESSION_QUIESCE 60 The number of minutes after failover, when unused sessions in the failover list from the previous active servers can be removed from the current active server. Valid values: 20-300. 7 and 8
  WINSTAP_TAP_FAILOVER_SESSION_SIZE TAP_FAILOVER_SESSION_SIZE 8192 Size, in MB, of the failover session list. Valid values:
  • 0: failover sessions are not saved
  • 256 - 12228 (12 K ): size, in MB
 7
    TAP_GUARD_TCP_PORT 9500 Read only. Port used for S-TAP to connect to Guardium system. 7 and 8
Version   TAP_VERSION   Read only. The version of S-TAP installed on the server. 7 and 8
    TAP_MIN_HEARTBEAT_ALL_CAN_CONTROL     7
  WINSTAP_TAP_MIN_HEARTBEAT_INTERVAL TAP_MIN_HEARTBEAT_INTERVAL 30 Maximum time the S-TAP attempts to write to the primary Guardium system buffer before it attempts to write to the secondary Guardium buffer. Default is 30 sec, meaning it tries to write at least 5*60/30 times before failover, by default (along with TAP_MIN_TIME_BEFOREFAILOVER). 7
  WINSTAP_TAP_MIN_TIME_BEFOREFAILOVER TAP_MIN_TIME_BEFOREFAILOVER 5 The time interval, in minutes, after which the S-TAP switches to secondary Guardium system if:
  • It cannot connect to its primary Guardium system.
  • It can connect to its primary Guardium system but cannot write to its buffer.
. 		7
    TAP_TYPE wstap Read only. The type of installed S-TAP agent. Values: wtap=WINDOWS 7 and 8
  WINSTAP_TCP_BUFFER_SIZE TCP_BUFFER_SIZE 60000 Advanced. Minimum number of bytes to collect before sending a message to the Guardium system. 7
    TCP_LOG_SIZE     7 and 8
  TIME_NETWORK 0 Advanced. Used for debug only. 7
S-TAP Host WINSTAP_TAP_IP TAP_IP   Read only. Used by the file system monitoring service, instead of the SOFTWARE_TAP_HOST parameter. Both parameters should have the same value. 7 and 8
  WINSTAP_TCP_CHANNELS TCP_CHANNELS   The number of concurrent threads that process traffic in the S-TAP and the number of threads that read simultaneously from the drivers and transmit the traffic out of multiple TCP connections to the collector. Values greater than 1 increase the throughput of traffic in the STAP at the cost of some extra CPU usage. 8
  WINSTAP_TCP_SEND_BUFFER_SIZE TCP_SEND_BUFFER_SIZE   The size of the transmit hardware buffer, in bytes, used in the TCP connections between the S-TAP and the collector. 8
  WINSTAP_TCP_RECEIVE_BUFFER_SIZE TCP_RECEIVE_BUFFER_SIZE   The size of the receive hardware buffer, in bytes, used in the TCP connections between the S-TAP and the collector. 8
  WINSTAP_TCP_THREAD_PRIORITY TCP_THREAD_PRIORITY   The thread priority of all threads responsible for transmitting database traffic to the collector relative to other threads in the system.
Valid values: -2 to 2.		 8
  WINSTAP_UPLOAD_FEATURE UPLOAD_FEATURE 1 Controls uploading of all log files from Program Files\IBM\Windows S-TAP\Logs to the collector, central manager, or both. Valid values:
  • 0: No automatic upload.
  • 1: Upload files to the collector and the central manager.
  • 2: Upload files to the collector even if a central manager is available.
For more information, see Windows: Upload dump files from the S-TAP to the collector and central manager.		 7 and 8
  WINSTAP_UPLOAD_PORT UPLOAD_PORT 8444 Valid values: 1024-65535 7 and 8
TLS Use WINSTAP_USE_TLS USE_TLS 0 Controls encryption. Valid values:
  • 0: Do not encrypt. Warning: the traffic between the agent and Guardium system is in clear text.
  • 1: Use SSL to encrypt traffic between the agent and the Guardium system.

Guardium recommends encrypting network traffic between the S-TAP and the collector whenever possible. Only disable network encryption when performance is a higher priority than security.

 7 and 8
  WINSTAP_VALIDATE_CERTFICATE VALIDATE_CERTFICATE 0 Valid values:
  • 0:
  • 1: The S-TAP should verify the collector certificate when it connects to the collector using TLS. If the S-TAP can’t verify the collector certificate , then it drops the connection. Use LOG_LEVEL=5 to see any and all SSL X509 errors associated with the collector certificate.
 8
  WINSTAP_V8_PROTOCOL V8_PROTOCOL 1 Enables Protocol 7 on the S-TAP if the value is 0. Enables Protocol 8 on the S-TAP if the value is 1. Both S-TAPs reside in the same image. One is dormant while the other is active. Valid values:
  • 0: Disabled
  • 1: Enabled
 7 and 8
  WEB_SERVER_PORT 9000 Port for web-server 7
  WINSTAP_WFP_THREAD_PRIORITY WFP_THREAD_PRIORITY 0 The thread priority of all the threads responsible for processing TCP-based database traffic relative to other threads in the system.
Valid values: -2 to 2.		 8