Windows: General parameters

These parameters define basic properties of the S-TAP running on a Windows server and the server on which it is installed, and do not fall into any of the other categories.

These parameters are stored in the [VERSION] section of the S-TAP properties file.

Table 1. S-TAP configuration parameters in the [VERSION] section
GUI	guard_tap.ini	Description
	STAP_CLIENT_BUILD	Read only. The build version of the installed S-TAP.
Version	PROTOCOL_VERSION	Read only. The version of the Guardium system.

These parameters are stored in the [TAP] section of the S-TAP properties file.

Table 2. S-TAP configuration parameters in the [TAP] section
GUI	GIM	guard_tap.ini	Default value	Description
		TAP_TYPE	wstap	Read only. The type of installed S-TAP agent:
Version		TAP_VERSION		Read only. The version of S-TAP installed on the server.
S-TAP Host		TAP_IP		Read only. Used by the file system monitoring service, instead of the SOFTWARE_TAP_HOST parameter. Both parameters should have the same value.
All can control	WSTAP_ALL_CAN_CONTROL	ALL_CAN_CONTROL	0	0=S-TAP can be controlled only from the primary Guardium system. 1=S-TAP can be controlled from any Guardium system.
Load balancing	WINSTAP_PARTICIPATE_IN_LOAD_BALANCING	PARTICIPATE_IN_LOAD_BALANCING	0	Controls S-TAP load balancing (not enterprise load balancing) to Guardium systems: 0: No load balancing. 1: Load balancing. Traffic is balanced between the primary and secondary servers, defined in the SQLGuard section. 2: Redundancy. Fully mirrored S-TAP sends all traffic to all primary and secondary servers, defined in the SQLGuard section. 3: Hardware load balancing. Guardium uses a load balancer such as F5 or Cisco. S-TAP sends the traffic to the load balancer, which forwards it to one of the collectors in the pool. Use the primary parameter in the SQLGUARD section to specify primary, secondary, etc. servers. If this parameter is set to 0, and you have more than one Guardium system monitoring traffic, then the non-primary Guardium systems are available for failover.
TLS Use		USE_TLS	0	1=use SSL to encrypt traffic between the agent and the Guardium system. 0=do not encrypt. Warning - the traffic between the agent and Guardium system is in clear text. Guardium recommends encrypting network traffic between the S-TAP and the collector whenever possible, only in cases where the performance is a higher priority than security should this be disabled.
TLS Failover		FAILOVER_TLS	1	1= If ssl connection is not possible for any reason, fail over to using non-secure connection. 0=use only secure connections.
		NUMBER_OF_PROCESSORS	4	Read only. Number of processors on the machine
		ALTERNATE_IPS		Comma-separated list of alternate or virtual IP addresses used to connect to this database server. This is used only when your server has multiple network cards with multiple IPs, or virtual IPs. S-TAP only monitors traffic when the destination IP matches either the S-TAP Host IP defined for this S-TAP, or one of the alternate IPs listed here, so it's recommend that you list all virtual IPs here.
		DB2_TAP_INSTALLED	0	Set to 1 for sniffing DB2 shared memory traffic. Starts the DB2 TAP Service when set to 1.
		DB2_EXIT_DRIVER_INSTALLED		DB2 Integration with S-TAP: set to 1 to enable DB2 Exit library integration 1) Let S-TAP capture all DB2 traffic directly from the DB2 engine - Note, that it is only for specifc DB2 releases - 10.1 and onwards 2) When using this method, Firewall and Scrub/Redact functionality are not supported. Also, stored procedures will not be captured. 3) It lets us pick up all DB2 traffic , regardless of encryption/network protocol. 4) This solution simplifies the S-TAP configuration for customers that will deploy this version of DB2, and gives them native DB2 support.
		DB2_SHMEM_DRIVER_INSTALLED		Deprecated, and replaced by db2_tap_installed.
		DB2_SHMEM_DRIVER_LEVEL		Deprecated
		DC_COLLECT_FREQ	24	Specifies the frequency of collection in hours. Minimum is 1, maximum is 24. GuardiumDC is a service that collects updates of user accounts (SIDs and usernames) from the primary domain controller and then signals the changes to Guardium_S-TAP to update S-TAP internal SID/UserName? map. If S-TAP cannot find resolved SID in the map, it tries to get it from the primary Domain Controller, in which case S-TAP logs a message into debug log (level 7) `The account name * has been retrieved for SID *`.
		DC_COLLECT_MAXUSERS	200,000	The maximum number of users to collect. Minimum is 10,000.
		DOMAIN_CONTROLLER		The name of the specific controller from which the SID/usernames map should be read.
		HIGH_RESOLUTION_TIMER	0	0: send time stamps in milliseconds. 1: send time stamps in microseconds, but use milliseconds system timer (to reduce system performance hit - multiply milliseconds by 1000). 2: send time stamps in microseconds, use high resolution windows timer (most accurate). For cases 1 and 2, the S-TAP will indicate to the Guardium system that micro seconds are sent, by setting the reserved byte in PacketData to 1.
		BUFFER_FILE_SIZE	50	Advanced. The initial size of the buffer. The range is 5 to 1000 in MB.
		BUFFER_FILE_NAME		The full path of the memory mapped file if BUFFER_MMAP_FILE=1. Default is WSTAP working folder/StapBuffer/STAP_buffer.dtx
		BUFFER_MMAP_FILE	0	1=memory mapped file option. 0=virtual memory allocation
		SOFTWARE_TAP_HOST		The database server host on which S-TAP is installed. It can be an IP address or a name recognized by the DNSserver. There is no default. An invalidly configured SOFTWARE_TAP_HOST is automatically replaced with a valid local IP.
		TCP_ALIVE_MESSAGE	1	This parameter is deprecated since Guardium v10.x. Guardium collectors no longer send UDP alive messages.
Compres. level		COMPRESSION_LEVEL	0	Compression level, from 1 to 9. 0=no compression.
		DISABLE_SHARED_MEMORY_IF_TURNED_ON	0
		FILE_SNIFFER_FREQUENCY	45	Frequency, in seconds, of: registration attempts with a Guardium system if a previous attempt was not successful S-TAP checks for new logs available from Program Files\IBM\Windows S-TAP\Logs for uploading onto collector
		MAXIMUM_PACKET_NUM	300,000	Deprecated
		MIN_BYTES_TO_COMPRESS	500	Advanced. Minimum size of message to compress.
		NOT_SEND_TO_SQLGUARD	0	Advanced. Send nothing to the Guardium system.
		RECV_LEVEL	0	Advanced.
Messages: remote		REMOTE_MESSAGES	1	1=Send messages to the active Guardium system. 0=Do not send messages
		SEND_LEVEL	0	Advanced. Used for thread prioritization.
		SNIFFED_UDP_PORTS	88	Deprecated.
		SYNCH_FLAG	1	Read only. Deprecated in v10.0. Indicates whether parameters are synchronized with the UI.
		TAP_DBSERVER_NAMES
		TAP_MIN_HEARTBEAT_INTERVAL	30	Maximum time the S-TAP attempts to write to the primary Guardium system buffer before attempting to write to the secondary Guardium buffer. Default is 30 sec, meaning it tries to write at least 5*60/30 times before failover, by default (using also TAP_MIN_TIME_BEFOREFAILOVER).
		TAP_MIN_TIME_BEFOREFAILOVER	5	The time interval, in minutes, after which the S-TAP switches to secondary Guardium system if: it cannot connect to its primary Guardium system; it can connect to its primary Guardium system but cannot write to its buffer.
		TCP_BUFFER_SIZE	60000	Advanced. Minimum number of bytes to collect before sending a message to the Guardium system
		TIME_NETWORK	0	Advanced. Used for debug only.
		WEB_SERVER_CONNECTIONS	1	Maximum number of DB connections by .net app.
		WEB_SERVER_INSTALLED	0	Deprecated. Formerly used to enable IIS tap.
		WEB_SERVER_PORT	9000	Port for web-server
		GUARDIUM_CA_PATH	NULL	Location of the Certificate Authority certificate.
		SQLGUARD_CERT_CN	NULL	The common name to expect from the Sqlguard certificate.
		GUARDIUM_CRL_PATH	NULL	The path to the Certificate Revocation list file or directory.
		TAP_FAILOVER_SESSION_QUIESCE	240	The number of seconds after failover, when unused sessions in the failover list from the previous active servers can be removed from the current active server,
		TAP_FAILOVER_SESSION_SIZE	8192	Size, in MB, of the failover session list. 0=no failover sessions should be saved
		DB_IGNORE_RESPONSE		Ignore response at inspection level. Use this function to ignore all database responses at the S-TAP level, without sending anything to the Guardium system. In certain environments, where only interested in client transactions, this function saves bandwidth and processing time for the S-TAP and the Guardium system. Use this function for an easier configuration for ignoring unwanted responses from the database, without loading the network. Database types can be listed as comma separated or ALL can be specified to ignore responses from all types of databases, for example, DB_IGNORE_RESPONSE=ALL or DB_IGNORE_RESPONSE=MSSQL,DB2. Supported DB types: ALL, MSSQL_NP, MSSQL, MYSQL, TRD, PGRS, MSSYB, ORACLE, DB2, DB2_EXIT, INFORMIX, KERBEROS, FTP, CIFS.
		DB_IGNORE_RESPONSE_FILTER	0.0.0.0/0.0.0.0	Comma separated list of IP/MASKs to be response-ignored. Any DB responses of the type specified by DB_IGNORE_RESPONSE to the specified IP/MASKs are ignored NULL: no filtering of responses 0.0.0.0/0.0.0.0: all IPs are filtered
		DB_IGNORE_RESPONSE_LOCAL	1	filtering of local db responses 0:no, 1:yes Note: TCP traffic is not considered Local traffic for db_ignore_response_local parameter.
		DB_IGNORE_RESPONSE_BYPASS_BYTES	65535	DB_IGNORE_RESPONSE starts when bypass bytes are reached.
		DB_IGNORE_RESPONSE_RESETS_PER_REQUEST	1	Reset DB_IGNORE_RESPONSE_BYPASS_BYTES on each request.
		UPLOAD_FEATURE	1	Controls uploading of all log files from Program Files\IBM\Windows S-TAP\Logs onto the collector.