Installing the GIM client on a UNIX server
Learn how to install the GIM client on Unix database servers.
Before you begin
Disk Space requirements
- Perl 5.8 (and up)
- 1GB of space to accommodate all GIM modules (including maintaining a copy of the previous and current installed versions). Without FAM, 300MB.
Port requirements
- 8445: GIM client listener, both directions. Any GIM server on either the central manager or the collector can communicate with the GIM client.
- 8443: (discovery) on the DB server to allow communication from the DB server to the Guardium appliance, and for uploading features.
- 8446: Used between the GIM client and the GIM server (on the central manager or collector) for authenticated TLS, both directions, custom kernel upload, MustGather loggers upload. If GIM_USE_SSL is enabled (default), then the GIM client attempts to communicate its certificate by using port 8446. If port 8446 is not open, then it defaults to 8444, but no certificate is passed (for example, TLS without verification).
- 8081: Used between the GIM client and the GIM server (on the central manager or collector) for non-TLS (but with message signing verification), both directions, custom kernel upload, MustGather loggers upload. In this scenario, the parameter GIM_USE_SSL must be disabled (=0).
About this task
On Solaris, the GIM client and supervisor in each slave zone are controlled by the GIM supervisor process that runs in the master zone. If the supervisor process on the master zone is shut down, all GIM processes on the slave zones are shut down as well.
Parameter | Description |
---|---|
dir | Target directory of the GIM client installation. |
tapip | The IP address or FQDN of the database server or node on which the GIM client is being installed. |
sqlguardip | The collector IP address/hostname that the GIM client connects to. If it is not specified, the GIM client installs in “Listener mode". |
no_ssl | Use SSL to encrypt traffic between the GIM client and the
Guardium appliance.
|
perl | Path to perl script, for example: /usr/bin/ |
ca_file | Full file name path to the Certificate Authority PEM file. |
key_file | Full file name path to the private key PEM file. |
cert_file | Full file name path to the certificate PEM file. |
listener_port | Listener port for registration with appliance. Default = 8445. |
shared_secret | Set the shared secret to verify collectors. |
no_listener | Disables "Listener mode" even if sqlguardip is not specified. |
install_customed_bundles | Allow GIM clients to
install custom bundles.
|
failover_sqlguardip | The IP address/hostname of the secondary collector with which this GIM client communicates. |
allow_ip_hostname_combo | Enables GIM client uniqueness
across database servers with "common" hostname.
|
auto_set_gim_tapip | When value set to 1, a local IP is automatically assigned. Do not specify both
auto_set_gim_tapip and tapip when installing the GIM client.
|
Note: Install the GIM client first on
the master zone, then on the local.