Configuring the slon looper utility
Before you can run an slon looper, you need to configure one from the Support Information Gathering page. Use the slon looper to investigate an incoming network traffic problem on the sniffer.
The slon looper utility allows you to create a looper configuration from Guardium sniffer data. You can create a general slon looper that looks for either specific traffic patterns or searches for information in log files.
Configuring a general slon looper
- Open the New looper configuration window, as described Running the slon looper utility.
- Enter a meaningful name for this looper utility.
- Select the Issue type that reflects your issue. If you don't know, select Other. Depending on the issue type that you select, Guardium sets other parameters. In this case, use the specified defaults.
- Select Looper options:
In most cases, you can use the defaults. Work with Guardium technical support to determine whether you should make changes to these options.
- Collect msg-dump - Selected by default.
- Collect slon file - This file is useful when you need to investigate issues related to the firewall, query rewrite, timing issues, or session level policies.
- Collect snif must_gather - Selected by default. The slon looper utility analyzes the sniffer log output to help determine sniffer issues.
- Set the options for running the slon looper:
- Number of loops - The count of message dumps and "must gather" data instances where conditions for logging (as defined in the looper) are met.
- Loop duration - The maximum time allotted for looper logging. If the specified conditions aren't met within this period, the slon looper discards the existing message dump and starts again.
- Looper timeout - The maximum length of time that a looper can run if its conditions aren't met.
- Max file size - The maximum size of the logged message dump to ensure the server's disk space isn't exhausted.
- Optionally select an additional filter:
- Select Traffic filters and then select one of the filters from the list.
- Select or enter the information for that filter.
For example, if you select Server IP address, then select an operand and enter an IP address (or use regex to find a range of IP addresses).
Or
- Select Log files search.
- Specify a search string for either the syslog or the sniffer log.
- When you are done, click Save and then click Save again to select the slon looper configuration that you created and return to the Support Information Gathering page.
- Click Start to run the slon looper utility. You can view the output from the Support Information Results page, as described in Running the slon looper utility.
Configuring a custom slon looper
If you work with Guardium technical support on a sniffer issue, your support team might send you an ad hoc sniffer patch to debug an issue or test a fix.
Click Custom and then follow the instructions from your support team to upload and run the ad hoc patch.