update_stap_config

Modifies the configuration of the S-TAPs reporting to the specified Guardium® systems.

This API is available in Guardium V9.5 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/stap_config

GuardAPI syntax

Use the updateValue parameter to modify the listed parameters in the file guard_tap.ini. Each listed parameter indicates if it is relevant for Windows or Unix. You can specify any combination of parameters in this command.

update_stap_config parameter=value updateValue=<guard_tap.ini section name>.<parameter>:value
To modify multiple parameters:
update_stap_config parameter=value updateValue=<guard_tap.ini section name>.<parameter>:value&<guard_tap.ini section name>.<parameter>:value...

Parameters

CAUTION:
Many of these parameters are advanced and are usually only modified by IBM Technical Support.
Parameter Value type Description
stapHost String Required. The host name or IP address of a database server on which Guardium system, or a comma-separated list of host names or IP addresses, or one of:
  • 9.70.147.80
  • all_active: All S-TAPs that are configured to report to this Guardium system
  • all_unix_active: All S-TAPs that are configured to report to this Guardium system and are running on UNIX servers.
  • all_windows_active: All S-TAPs that are configured to report to this Guardium system and are running on Windows servers.

For valid values, call update_stap_config from the command line with --help=true.

tap_identifier NULL Used to distinguish inspection engines from one another. If unspecified, Guardium auto-populates the field with a unique name using the database type and sequence number.
updateValue String Required. Modifiable parameters in the guard_tap.ini configuration file. For valid values of each parameter refer to the parameter descriptions in the Windows and UNIX-Linux S-TAP® configuration.
TAP section:
  • add_to_verification_schedule (UNIX, Windows)
  • alert_on_shared_memory_enabling (Windows)
  • all_can_control (UNIX, Windows)
  • alternate_ips (UNIX, Windows)
  • appserver_installed (UNIX, Windows)
  • appserver_login_pattern (UNIX, Windows)
  • appserver_ports (UNIX, Windows)
  • appserver_session_pattern (UNIX, Windows)
  • appserver_session_postfix (UNIX, Windows)
  • appserver_session_prefix (UNIX, Windows)
  • appserver_username_postfix (UNIX, Windows)
  • appserver_username_prefix (UNIX, Windows)
  • appserver_usersess_pattern (UNIX, Windows)
  • appserver_usersess_postfix (UNIX, Windows)
  • appserver_usersess_prefix (UNIX, Windows)
  • atap_exec_location (UNIX)
  • auto_discovery (Windows)
  • bad_alloc_counter_max (UNIX)
  • buf_msg_time_interval (UNIX, Windows)
  • buffer_file_size (UNIX, Windows)
  • buffer_mmap_file (UNIX, Windows)
  • buffer_percentage_for_priority_packet (UNIX)
  • cas_checkpoint_period (UNIX, Windows)
  • cas_client_baseline (UNIX, Windows)
  • cas_client_checkpoint (UNIX, Windows)
  • cas_fail_over_file (UNIX, Windows)
  • cas_fail_over_file_size_limit (Windows)
  • cas_max_reconnect_attempts (UNIX, Windows)
  • cas_md5_size_limit (UNIX, Windows)
  • cas_raw_data_limit (UNIX, Windows)
  • cas_reconnect_interval (UNIX, Windows)
  • cas_task_baseline (UNIX, Windows)
  • cas_task_checkpoint (UNIX, Windows)
  • cassandra_audit_delimiter (UNIX)
  • cassandra_audit_enabled (UNIX)
  • checksum (UNIX, Windows)
  • checksum_configuration (UNIX, Windows)
  • compression_level (UNIX, Windows)
  • connection_timeout_sec (UNIX, Windows, i)
  • correlation_timeout (Windows)
  • db_exit_list (UNIX)
  • db2_shmem_driver_installed (Windows)
  • db2_tap_installed (Windows)
  • db_ignore_response (UNIX, Windows)
  • db_ignore_response_bypass_bytes (UNIX, Windows)
  • db_ignore_response_filter (UNIX, Windows)
  • db_ignore_response_local (UNIX, Windows)
  • db_ignore_response_resets_per_request (UNIX, Windows)
  • db_request_handler_enable (UNIX)
  • devices (UNIX, Windows)
  • disable_shared_memory_if_turned_on (Windows)
  • discovery_debug (UNIX)
  • discovery_interval (UNIX, Windows). Valid values: <n>m (for minutes) and <n>h (for hours).
  • enable_dynamic_ring_buffers (UNIX
  • extra_info (UNIX, Windows)
  • failover_tls (UNIX, Windows,i)
  • fam_enable (UNIX, Windows)
  • firewall_default_state (UNIX, Windows)
  • firewall_fail_close (UNIX, Windows)
  • firewall_force_unwatch (UNIX, Windows)
  • firewall_force_watch (UNIX, Windows)
  • firewall_installed (UNIX, Windows)
  • firewall_timeout (UNIX, Windows)
  • force_server_ip (UNIX)
  • guardium_ca_path (UNIX)
  • guardium_crl_path (UNIX)
  • hunter_trace (UNIX)
  • kafka_bootstrap_servers (UNIX)
  • kafka_keytab (UNIX)
  • kafka_principal (UNIX)
  • kafka_reader_enabled (UNIX)
  • kafka_topic_name (UNIX)
  • kafka_use_tls (UNIX)
  • kerberos_plugin_dir (UNIX)
  • khash_max_entries (UNIX)
  • khash_table_length (UNIX)
  • krb_mssql_driver_installed (Windows)
  • krb_mssql_driver_nonblocking (Windows)
  • krb_mssql_driver_ondemand (Windows)
  • krb_mssql_driver_user_collect_time (UNIX, Windows)
  • ktap_buffer_flush (UNIX)
  • ktap_buffer_size (UNIX)
  • ktap_dbgev_ev_list (UNIX)
  • ktap_dbgev_func_name (UNIX)
  • ktap_fast_file_verdict (UNIX)
  • ktap_fast_tcp_verdict (UNIX)
  • ktap_installed (UNIX)
  • ktap_request_timeout (UNIX)
  • lhmon_driver_installed (Windows)
  • lhmon_for_network (Windows)
  • load_balancer_ip (UNIX, Windows)
  • load_balancer_load_affinity (UNIX)
  • load_balancer_num_mus (UNIX, Windows)
  • log4j_listen_address (UNIX)
  • log4j_num_connections (UNIX)
  • log4j_port (UNIX, Windows)
  • log4j_reader_enabled (UNIX)
  • log_program_name (UNIX)
  • max_server_write_size (UNIX)
  • min_bytes_to_compress (UNIX, Windows)
  • modification_count (UNIX, Windows)
  • modification_host (UNIX, Windows)
  • modification_microsec (UNIX, Windows)
  • msg_aggregate_timeout (UNIX)
  • msg_count_watermark (UNIX)
  • named_pipes_driver_installed (Windows)
  • network_namedpipes (Windows)
  • number_of_processors (Windows)
  • ora_driver_installed (Windows)
  • participate_in_load_balancing (UNIX, Windows,i)
  • pcap_backup_ktap (UNIX, Windows)
  • pcap_buffer_size (UNIX)
  • pcap_dispatch_count (UNIX)
  • pcap_read_timeout (UNIX)
  • private_tap_ip (UNIX)
  • qrw_default_state (UNIX)
  • qrw_force_unwatch (UNIX)
  • qrw_force_watch (UNIX)
  • qrw_installed (UNIX)
  • remote_messages (UNIX, Windows,i)
  • shared_memory_driver_installed (Windows)
  • sqlguard_cert_cn (UNIX)
  • stap_statistic (UNIX)
  • stap_statistic_version (UNIX, Windows)
  • sybase_driver_installed (Windows)
  • syslog_messages (UNIX, Windows)
  • tap_buf_dir (UNIX)
  • tap_debug_output_level (UNIX)
  • tap_failover_session_quiesce (UNIX)
  • tap_failover_session_size (UNIX)
  • tap_identifier (UNIX, Windows)
  • tap_ip (UNIX, Windows)
  • tap_log_dir (UNIX)
  • tap_run_as_root (UNIX)
  • tee_installed (UNIX)
  • tee_msg_buf_len (UNIX)
  • tracefiles_dir (Windows)
  • uid_chain_sshd_ip (UNIX)
  • upload_feature (UNIX, Windows)
  • use_tls (UNIX, Windows,i)
  • wait_for_db_exec (UNIX)
DB section:
  • connect_to_ip (UNIX)
  • db2_client_offset (UNIX, Windows)
  • db2_fix_pack_adjustment (UNIX, Windows)
  • db_exec_file (UNIX)
  • db_install_dir (UNIX)
  • db_user (UNIX)
  • db_version (UNIX, Windows)
  • encryption (UNIX)
  • exclude_networks (UNIX, Windows)
  • instance_name (Windows)
  • intercept_types (UNIX)
  • named_pipe (Windows)
  • networks (UNIX, Windows)
  • port_range_end (UNIX, Windows)
  • port_range_start (UNIX, Windows)
  • priority_count (UNIX, Windows)
  • real_db_port (UNIX, Windows)
  • tap_db_process_names (Windows)
  • unix_domain_socket_marker (UNIX)
SQLGUARD section:
  • connection_pool_size (UNIX)
  • num_main_thread (UNIX)
  • sqlguard_ip (UNIX, Windows, i)
SQLC_n section (UNIX Oracle Unified Auditing only):
  • data_pull_interval (UNIX)
  • instance (UNIX)
  • username (UNIX)
  • roles (UNIX)
  • data_pull_num_rows (UNIX)
waitForResponse String Specifies whether the API waits for a response from the S-TAP. Valid values:
  • 0: do not wait
  • 1: wait for a response
The default is 1 when stapHost is a single host name or IP address, and 0 in all other cases.
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

For all active UNIX S-TAPs: in the [TAP] section, set all_can_control to 1; set qrw_default_state to 0; in the [SQLGUARD] section, set num_main_thread to 4:

> grdapi update_stap_config stapHost=all_unix_active updateValue=tap.all_can_control:1&tap.qrw_default_state:0&sqlguard.num_main_thread:4
or
>grdapi update_stap_config stapHost=all_unix_active updateValue=tap.all_can_control:1
update_stap_config stapHost=all_unix_active updateValue=tap.qrw_default_state:0
update_stap_config stapHost=all_unix_active updateValue=sqlguard.num_main_thread:4
For Windows, use this GRDAPI to turn on the firewall. For example:
> grdapi update_stap_config stapHost=MyHost updateValue=TAP.FIREWALL_INSTALLED:1 waitForResponse=1
ID=77039
ok