modify_guard_param

This generic API updates the values of specific parameters for various Guardium functions.

REST API syntax

This API is available as a REST service with the POST method. Call this API as follows:
POST https://[Guardium hostname or IP address]:8443/restAPI/modify_guard_param

Parameters

Parameter Value type Description
paramName String Required. One of the parameters that are described in the following sections.
paramValue String The new value for the parameter.
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Alerting parameters

Parameter Value Type Description
ALERT_VERB_NUM_LIMIT Integer Sets the maximum number of SQL verbs to show in the Alert log.

Valid value is a positive integer between 1 and 50. The default is 10.

ANTLR3_REMOVE_COMMENTS Boolean Enables or disables logging of comments.
Valid values:
  • 0: logging of comments is enabled
  • 1: logging of comments is disabled

Default = 0

SMTP_TIMEOUT Integer Alerter SMTP Time-Out.
STARTTLS String Sets TLS data encryption for the alerter email server.
Valid values:
  • TLS: Use TLS data encryption.
  • SSL: Use TLS data encryption.
  • NONE: Turn off TLS encryption.

Analyze limits parameters

The analyze limits parameters define thresholds used for the central manager limits tile on the Deployment Health Dashboard and elsewhere. For more information, see Deployment health dashboard.

Parameter Value Type Description
CLASSIFIER_MEMORY_USAGE_THRESHOLD Integer

Valid values: 1 - 100

HTTP_GIMSERVER_AUTH_CONNECTIONS_THRESHOLD Integer

Valid values: 1 - 100

HTTP_GIMSERVER_CONNECTIONS_THRESHOLD Integer

Valid values: 1 - 100

HTTP_GUI_CONNECTIONS_THRESHOLD Integer

Valid values: 1 - 100

MYSQL_CONNECTIONS_THRESHOLD Integer

Valid values: 1 - 100

OPEN_HANDLERS_THRESHOLD Integer

Valid values: 1 - 100

RUNNING_PROCESSES_THRESHOLD Integer

Valid values: 1 - 100

UNAUTHENTICATED_CONNECTIONS_THRESHOLD Integer

Valid values: 1 - 100

CyberArk parameters

Parameter Value Type Description
CYBERARK_USER_NAME String Updates the CyberArk user name.
CYBERARK_USER_PASSWORD Encrypted String Updates the encrypted CyberArk vault user password.
CYBERARK_VAULT_WEBSERVER_NAME String Updates the CyberArk vault web server name.

Classification parameters

Parameter Value Type Description
classifier_running_timeout Integer Sets a time limit, in minutes, for the housekeeping process (nanny). After the timeout period, the nanny considers the classifier process to be inactive and restarts it.

Valid values: 5 - 720

Default = 30

classifier_gather_data Boolean Enables or disables the gathering of system data.
Valid values:
  • 0: gathering of system data is disabled
  • 1: gathering of system data is enabled
compare_max_row_threshold Integer Changes the display threshold value.

Default and maximum value: 1000 rows

Classifier examples

Use the following example to modify the value of the classifier_running_timeout parameter.
grdapi modify_guard_param paramName=classifier_running_timeout paramValue=50
Use the following example to modify the value of the classifier_gather_data parameter.
>grdapi get_guard_param paramName=classifier_gather_data
ID=0
classifier_gather_data value: false

>grdapi modify_guard_param paramName=classifier_gather_data paramValue=1
ID=0
ok

>grdapi get_guard_param paramName=classifier_gather_data
ID=0
classifier_gather_data value: true
ok
Use the following example to view and modify the value of the compare_max_row_threshold parameter.
grdapi get_guard_param paramName=COMPARE_MAX_ROW_THRESHOLD
ID=0
COMPARE_MAX_ROW_THRESHOLD value: 1000
ok

grdapi modify_guard_param paramName=COMPARE_MAX_ROW_THRESHOLD paramValue=91935
modify_guard_param:
ERR=5059
Error  Parameter Value is greater then MAX allowed : 1000
Error in modify_guard_param. Can not process the request
ok

grdapi modify_guard_param paramName=COMPARE_MAX_ROW_THRESHOLD paramValue=999
ID=0
ok

grdapi get_guard_param paramName=COMPARE_MAX_ROW_THRESHOLD
ID=0
COMPARE_MAX_ROW_THRESHOLD value: 999
ok

Data mart parameters

Parameter Value Type Description
COPYFILE_THREAD_POOL_CORE_SIZE Integer For internal use only, tunes the size of the data mart threadpool.
COPYFILE_THREAD_POOL_IDLE_KEEP_ALIVE_TIME_SEC Integer For internal use only, tunes the size of the data mart threadpool.
COPYFILE_THREAD_POOL_MAX_SIZE Integer For internal use only, tunes the size of the data mart threadpool.
COPYFILE_THREAD_POOL_MAX_TASKS_WAITING Integer For internal use only, tunes the size of the data mart threadpool.
CUSTOM_DATAMART_FILE_REMOVE_EXTRA_BACKSLASH Binary Removes an extra backslash from custom data mart files during extraction.

Datasource parameters

Parameter Value Type Description
allow_datasource_full_control_by_role Boolean Controls whether assigning a role on a datasource gives the role full control over the datasource.
Valid values:
  • false
  • true

Default = false

customtable_running_timeout Integer Sets a timeout mechanism, in minutes, for a hung custom table data upload. When a datasource hangs, the custom data upload stops after the timeout period and skips to the next datasource in the queue.
DATASOURCE_CONFIRMATION_EXPIRATION_TIME Integer To delete a datasource (or a set of datasources) a confirmation number is required. By default the confirmation number expires after 5 minutes. Use this parameter to change the expiration time to between 4 to 60 minutes.
MIN_OPTIMIZE_SIZE Integer For a specified database, sets the minimum size for optimization. The size must be between 1000 and 10000000.

Datasources example

Use the following command to modify the value of the customtable_running_timeout parameter.
grdapi modify_guard_param paramName=allow_datasource_full_control_by_role paramValue=true customtable_running_timeout paramValue=5
Use the following command to modify the value of the datasources parameters.
grdapi modify_guard_param paramName=paramName=customtable_running_timeout paramValue=5

Health analyzer parameters

These parameters control the predictions of DB sizes and files on disk (/var). For more information, see DB sizes and files on disk (/var).

Parameter Value Type Description
HEALTH_ANALYZER_DB_LOOKAHEAD_DAYS Integer Alerts are sent if the HEALTH_ANALYZER_DB_USAGE_THRESHOLD is predicted to occur in the next HEALTH_ANALYZER_DB_LOOKAHEAD_DAYS.

Default = 14

HEALTH_ANALYZER_DB_SAMPLE_DAYS Integer The number of immediately preceding days that the DB growth is monitored. Use this parameter to predict future usage.

Default = 7

HEALTH_ANALYZER_DB_USAGE_THRESHOLD Integer The DB size threshold (in %) at which an alert is sent. 100% size varies according to the Guardium system type (50% of /var for collector, and 75% of /var for aggregator).

Range is 1 - 100%. Default = 50

HEALTH_ANALYZER_VAR_LOOKAHEAD_DAYS Integer Alerts are sent if HEALTH_ANALYZER_VAR_USAGE_THRESHOLD is predicted to occur in the next HEALTH_ANALYZER_VAR_LOOKAHEAD_DAYS.

Default = 14

HEALTH_ANALYZER_VAR_SAMPLE_DAYS Integer Number of days the /var growth is monitored. Use this parameter to predict future usage.

Default = 7

HEALTH_ANALYZER_VAR_USAGE_THRESHOLD Integer The /var size threshold (in %) at which an alert is sent.

Range is 1 - 100%. Default = 50

Inspection engine parameters

Before you configure the Database Discovered Instances Rules in the GUI, you need to enable inspection engine creation by setting the IE_CREATION parameter to 1. For more information, see Database discovered instances rules and apply_rules_on_discoveredinstances.

Parameter Value Type Description
IE_CREATION Boolean Required for automatic inspection engine creation. Determines whether Guardium automatically creates inspection engines on a collector, based on whether inspection engine creation is enabled on the Database Discovered Instances Rules page.
Valid values:
  • 0 (false): Disable automatic inspection engine creation.
  • 1 (true): Enable automatic inspection engine creation, according on the rules selected on the Database Discovered Instances Rules page.

Default = 0 (false)

IE_PROCESSED_TIMESTAMP Date

Timestamp for identifying already considered, discovered instances for IE creation functionality.

Offline help parameters

To use IBM Documentation without requiring an internet connection, you can use IBM® Documentation Offline to access help files for Guardium and other IBM products. IBM Documentation Offline allows you to view IBM Documentation either as a desktop application or from your corporate intranet. For more information about installing and using IBM Documentation Offline, see https://www.ibm.com/docs/en/offline.

After installing and configuring IBM Documentation Offline, use the following parameters to enable IBM Documentation Offline with Guardium.

Parameter Value Type Description
HELP_DISABLE Boolean Enable or disable IBM Documentation Offline for Guardium help links. The setting is disabled by default.
Valid values:
  • 0 (false): Disable IBM Documentation Offline. When disabled, the Guardium system uses help files from the public IBM Documentation site. This is the default behavior.
  • 1 (true): Enable IBM Documentation Offline. When enabled, the Guardium system links to help files from the IBM Documentation Offline instance identified by the HELP_HOST and HELP_PORT parameters.
HELP_HOST String

Specify the host name of the system where IBM Documentation Offline is installed. If you leave the server name blank, the online help is directed to www.ibm.com.

HELP_PORT String

Specify the port number for the IBM Documentation Offline configuration. The default value is 443.

Offline help parameters examples

  • The following example uses the GuardAPI to find and set the host name,
    grdapi get_guard_param paramName=HELP_HOST
    ID=0
    HELP_HOST value: test.mycompany.com
    
    grdapi modify_guard_param parameter_name=HELP_HOST parameter_value=test.mycompany.com
  • The following example uses the GuardAPI to set the port value,
    grdapi modify_guard_param paramName=HELP_PORT paramValue=9443

Manage SQL parameters

These parameters allow you to manage various SQL details.

Parameter Value Type Description
ALERT_OBJECT_NUM_LIMIT Integer Maximum number of SQL objects in one alert message for an object template variable.
DB2_COMMA_DECIMAL_POINT Integer Flag for the ANTLR3 DB2 parser to consider a comma as a numeric precision mark.
DUMP_DATA_FOR_FORENSICS Integer Determines whether to dump full SQL details into the Kafka server. The full SQL details are used for forensics and analysis. Valid values:
  • 0 (off): Do not dump full SQL details
  • 1 (on): Dump full SQL details

Default = 0

LONG_VALUE_SPLIT_IN_CSV Binary Allows text to be split into multiple lines during CSV export.
MAX_SAVED_CONSTRUCTS Integer Size of the SQL construct rule. Results are being saved in the session.

Nanny parameters

These parameters enable and configure sending test messages to the alerter orrsyslog to verify that it is communicating with Guardium.

Parameter Value Type Description
GENERATE_TOMCAT_DUMP Binary Triggers Tomcat core dump.
NANNY_ALERT_RSYSLOG Integer Controls whether the nanny monitors ryslog servers.
NANNY_ALERT_RSYSLOG_FREQ Integer Determines the frequency, in hours, with which the nanny monitors rsyslog servers.
NANNY_SNIF_CORE Integer Captures the nanny snif core count. Default = 0 (disabled)

A value of 1, 2, or 3 indicates the number of compressed and encrypted cores to save to the /var/IBM/Guardium/log/snif/cores directory as tar files.

Use the fileserver CLI command to upload the compressed snif core tar file.

NANNY_TEST_RSYSLOG Integer Determines whether the nanny process sends test messages to rsyslog. Valid values:
  • 0 (false): Do not send test messages to rsyslog
  • 1 (true): Send test messages to rsyslog

Success messages are severity info, and error messages are severity med (error).

Default = 1

NANNY_TEST_RSYSLOG_FREQ Integer Determines the frequency, in hours, with which the nanny sends test messages to rsyslog.

Default = 0, which sets the frequency to 5 minutes.

NANNY_TEST_SMTP_ALERTER Integer Determines whether the nanny process checks the status of the SMTP alerter.

If set to 1 (true), the nanny establishes that connectivity is available to the SMTP relay server on the server side and reports the results to Syslog. Success messages are severity info, and error messages are severity med (error).

If the SMTP alerter is down, Guardium attempts to restart it, and reports to Syslog indicating success or failure.

Valid values:
  • 0 (false): Do not test the alerter
  • 1 (true): Test the alerter

Default = 1

NANNY_TEST_SMTP_ALERTER_FREQ Integer Determines the frequency, in hours, with which the nanny tests the alerter.

Default = 0, which sets the frequency to 5 minutes.

Quartz scheduler parameters

These parameters provide input to the Quartz Job Scheduler.

Parameter Value Type Description
QUARTZ_LONG_RUNNING_JOB_THRESHOLD Integer Defines the Quartz Scheduler long running job threshold in minutes.

Default = 600 (minutes).

QUARTZ_MAX_LONG_RUNNING_JOBS Integer Defines the maximum number of long running Quartz Scheduler jobs that is considered unhealthy.

Default = 3.

QUARTZ_SCHD_ENABLE_MONITOR Boolean Enable Quartz Scheduler monitoring.

The default is 0 (off).

To turn on, set to 1.

Smart card parameters

This configuration is for logging into the Guardium UI using a smart card. For more details, see Enabling smart card authentication.

Parameter Value Type Description
ENABLE_OCSP_CHECK Binary

Check certificate status via OCSP if smart card authentication is turned on.

SMART_CARD_MAPPING_REGEX String Sets the value of the regular expression (regex) in the Guardium Portal page to match the user information on a smart card.

Smart card example

Use the following command to modify the value of the SMART_CARD_MAPPING_REGEX parameter.
grdapi modify_guard_param paramName=SMART_CARD_MAPPING_REGEX paramValue="CN?=?(.*?),?OU?=?Test Agency,?OU?=?Test Department,?O?=?Test Government,?C?=?US"

Sniffer parameters

Use the following parameters to manage Sniffer settings.

Parameter Value Type Description
ACTIVE_PARSER_ENGINE Integer
Controls which parser engine snif will use. Options are:
  • 1 - Use ANTLR3 with errors re-parsed by ANTLR2 (default)
  • 2 - Use ANTLR2
  • 3 - Use ANTLR3
HOST_SERVICE_OS_NAME_CACHE_SIZE Integer Allows you to change the size of sniffer held values in host name, service name, or OS user name caches.

Default = 2048.

The cache size must be between 1 and 25000.

INTERNAL_REST_CLIENT_SECRET Encrypted The internal REST client secret to allow snif and other components to make internal REST calls.
INTERNAL_REST_CLIENT_SECRET_PASSWORD Encrypted The password for the internal REST client user.
LOG_GENERAL_RESPONSE_LENGTH Number Displays whether the store log_general_response_length CLI command is enabled or disabled.

Default = disabled

PE_TRAINING_PHASE_ONE_LENGTH Integer Minimum mandatory training period (in days) for the snif probability engine.
PE_TRAINING_PHASE_TWO_LENGTH Integer

Minimum training period (in hours) where snif must see no new training data. Extended dynamically when new events are encountered.

SAVED_RESPONSE_QUEUE_SIZE Integer Allows you to change the queue size for saved responses.
SELECTIVE_AUDIT_PRESCREEN_THRESHOLD Integer

Snif internally disables the prescreen functionality for performance purposes if total selective audit group member count exceeds this value.

SNIF_DQ_ARE_LITERALS Integer

Controls which database types snif will consider double quoted strings literals by default.

SNIF_USE_FEED_ANALYZER_THREAD Integer Snif use feed analyzer thread.
UID_CHAIN_PROCESS_ASYNC Integer Control synchronous/asynchronous processing of the UID CHAIN in snif.

SNMP parameters

Use the following parameters to set certain system SNMP settings.

Parameter Value Type Description
GUARDIUM_SNMP_TRAP_MSG_OID String The message for the Guardium SNMP trap OID. The default message is .1.3.6.1.4.1.18708.1.6 .
GUARDIUM_SNMP_TRAP_OID String Specify the Guardium SNMP trap OID.

Use this parameter to change how the Alerter sends SNMP traps to older values or to another value that you need to work with a particular server that monitors SNMP traps. For more information, see Configuring the alerter.

The default trap OID is .1.3.6.1.4.1.18708.1.1.1
SNMP_AUTHENTICATION_PASSWORD Encrypted SNMP authentication passphrase.
SNMP_ENCRYPTION_PASSWORD Encrypted SNMP encryption passphrase.
SNMP_ENGINE_ID String If required, change the SNMP engine ID. Use the show system snmp engineid CLI command to see the current engine ID.
Note: Engine ID must be unique.
SNMP_USER_AUTHENTICATION_TYPE String SNMP user authentication type for v3.
SNMP_USER_ENCRYPTION_TYPE String SNMP user encryption type for v3.
SNMPV3_USER String Create a new SNMP version 3 user account. Guardium recommends that you use the store system snmp user CLI command to create a new user.
SNMP_VERSION String Set the SNMP version for this machine.

Valid values = v2c or v3

Syslog TCP parameters

These parameters manage TPC reception in syslog.

Parameter Value Type Description
SYSLOG_TCP_RECEPTION_ON Integer Controls whether syslog TCP reception is on.

Default = 1 (off)

Set to 0 to turn on.

SYSLOG_TCP_RECEPTION_PORT Integer Specify the port to use for syslog TCP reception.

Default = 10514.

The port number must be between 1 and 65535.

Threat analytics parameters

Parameter Value Type Description
EI_FAILED_LOGIN_DB_USER_THRESHOLD Number The database user threshold for threat analytics failed log ins. Default = 2.
EI_FAILED_LOGIN_DISPLAY_DB_USER_LIMIT Number :The number of different database users threshold for a failed threat analytics login case. Default = 2.
EI_FAILED_LOGIN_PER_DB_USER_THRESHOLD Number The number of failed log ins per database user threshold for a failed threat analytics login case. Default = 10.
EI_GRANT_DORMANT_WEEKS_DEFINITION Number The number of weeks without activity to register a user as dormant for threat analytics. Default = 8.
EI_SQL_TIMEOUT_IN_SECONDS Number Timeout, in seconds, for executing threat analytics scanners on a query or stored procedure. Default = 300.

Vulnerability Assessment parameters

Parameter Value Type Description
ALLOW_NULL_SERVICE_FOR_VA_SUMMARY Binary Name for the VA summary.

Set as DEFAULT in case of NULL in service.

INAPPLICABLE_TEST_RESULT_STATUS Binary

Allows you to include or exclude test scores for unsupported database versions from the vulnerability assessment test report.

0: excludes tests with results that have the test score "NOT APPLICABLE".

1: includes tests with results that have the test score "NOT APPLICABLE".
Tip: For vulnerability assessment tests with a defined range of supported database versions, the test returns a score of "NOT APPLICABLE" when the datasource version is not within the range.
SAVE_TEST_RESULT_DETAIL_STRING Binary

Controls detailed information of a test result.

Default = true, include detail information in the test result.

If false, the detail information is not included in the test result.

Other parameters

Parameter Value Type Description
CM_HEALTH_VIEW_HOSTNAME String For the cross-CM health view. Hostname of the central manager that the machine is reporting to.
Note:
12.0 You can unregister central managers from the cross-CM health view system by providing an empty paramValue for CM_HEALTH_VIEW_HOSTNAME. Unregistered systems still appear on the aggregated health views of the cross-CM health view system, but their data is no longer updated and their status may not be listed accurately.
grdapi modify_guard_param paramName=CM_HEALTH_VIEW_HOSTNAME paramValue=
12.1 and later You can unregister 12.1 central manager from the cross-CM health view system by providing the central manager name.
grdapi unregister_unit unitIpList=""
To register a central management unit with version earlier to 12.1 and cross-CM health view with version 12.1, use the following API:
grdapi modify_guard_param paramName=CM_HEALTH_VIEW_HOSTNAME paramValue=<CM of CMs hostname>

From 12.1, Guardium populates CM_HEALTH_VIEW_HOSTNAME during registration and it cannot be modified.

ENABLE_GUARDIUM_INSIGHT_STREAMING Binary For Guardium Insight streaming. Enable or disable data streaming to Guardium Insights.
Valid values:
  • True: Enable Insights streaming
  • False (default): Disable Insights streaming
ESCAPE_FOR_ARCSIGHT Binary

Deprecated.

FUTURE_PARTITION_EXPAND_DELAY_HOURS Integer The maximum number of hours to delay before creating future partitions. Change this parameter only on advice of Guardium Technical Support.

Default = 0.

INFORMIX_SAVED_RESPONSE_QUEUE_SIZE Integer Informix queue size for the Save response.
KEEP_NUMBER_OF_JAVACORE_BUNDLE Integer The number of javacore file bundles to keep. The number must be between 1 and 30. Default = 3.
LDAP_CONN_TIMEOUT_MILLISEC Integer Sets the number of milliseconds before the LDAP test connection times out.

Default = 5000 (5 seconds)

The value must be between 1000 and 300000 ms.

LOG_TO_APP_USER String Log specified attributes to the Application User field.
PASSWORD_MIN_DAYS Integer The minimum days required between a password change. Default = 1 (day).
PATCH_PRESERVATION Integer Controls whether to preserve failed patches. When set to 1 (on), if the patch fails, you can make corrections and then rerun the patch without having to download it again.

Default = 0 (off).

REMOTE_FILETRANSFER_RESERVE_GB Integer The minimum reserve disk space required in remote file transfer between Guardium Data Protection and Guardium Insights. Default = 25.
SIZE_OF_RAW_STATEMENT_MAP Integer Controls the size of the raw statement map. To view the current size of the raw statement map, use the get_guard_param command. For example:
>grdapi get_guard_param paramName="SIZE_OF_RAW_STATEMENT_MAP"

Default = 2048

12.1 and later UNIVERSAL_CONNECTOR_CONFIGURATION_FLOW_FLEATURE Integer

When set to 1, allows you to use the load_all_packages API to load the universal connector package configuration from a specified folder.

WAF_F5_METHOD Integer Customer-specific parameter. No longer used.
WKC_CONFIGURATION Encrypted For internal use only. When decrypted, displays the configuration parameters for the IBM Cloud Pak® for DataIBM Knowledge Catalog integration with Guardium. For more information, see Integrating with IBM Knowledge Catalog for federated data protection.