Installing and activating FAM discovery agent (crawler) on Windows servers

Install the GIM client on the file server, then use it to install the FAM discovery agent.

Before you begin

  • License keys must be installed. See Install license keys.
  • FAM discovery agent (also known as the FAM crawler or FAM agent) must be accessible. Required for file discovery and classification. Download from Fix Central or obtain from your Guardium representative.
  • Verify that the Compatibility standard C++ libraries i686 package libraries are installed.
  • .NET 4.5 or above is installed (If not yet installed, requires 5 GB).
  • Disk space requirements: 2GB.
  • The FAM discovery agent (crawler) does not support TLS encryption.
From V11.0, the FAM monitor package is a standalone package, and is installed independently. (It is not installed with S-TAP®, as it was in previous releases.) When upgrading from pre-V11.0 to V11.0 and higher:
  • If you're using FAM and S-TAP:
    1. Upgrade the STAP to V11.0 and higher. This uninstalls the previous FAM (FsMonitor driver and StapAT service).
    2. Install the V11.0 and higher FAM crawler and FamMonitor.
  • If you're using FAM only:
    1. Uninstall the S-TAP. This uninstalls the previous FAM (FsMonitor driver and StapAT service).
    2. Install the V11.0 FAM crawler and FamMonitor.

Procedure

  1. Install the GIM client on the file server. See Installing the GIM client on a Windows server.
  2. Download the FAM bundle and save in an accessible drive.
    The monitoring and discovery agent bundle name has the format: guard-FAM-guardium_r*****Windows-Server-x86_x64_ia64.gim.
  3. On the central manager if there is one, otherwise on an appliance, upload and import the FAM discovery agent bundle.
    1. Go to Manage > Module Installation > Upload Modules.
    2. Under Upload Module, click Browse and navigate to the FAM bundles. Click Upload.
    3. Under Import uploaded modules, select the FAM bundles and click Install/Update.
    Configure additional parameters as relevant:
    Note: You can also configure GIM parameters using the grdapi command: gim_update_client_params.
    • Configure SOURCE_DIRECTORIES for the directories you want to scan.
    • By default, the agent performs basic scanning for entitlement information. To enable scanning based on decision plans, such as for SOX or HIPAA, set FAM_IS DEEP_ANALYSIS to true. By default, it uses all of the default decision plans. You can specify which decision plans you want it to use.
    • The default schedule for the scanning is every 12 hours, and starts immediately upon configuration. You can change these using GIM parameters FAM_SCHEDULER_HOUR_TIME_INTERVAL, FAM_SCHEDULER_START, FAM_SCHEDULER_REPEAT.
    See full parameter list in File discovery and classification GIM parameters.
  4. Verify that the FAM discovery agent installed successfully by viewing the Guardium S-TAP Status Monitor report (add the report from My Dashboards). Look for the FAM_Agent suffix in the IP address of the S-TAP host.
  5. To trigger file rediscovery later without uninstalling and reinstalling the FAM bundle:
    1. Remove the files under the work directory. If Guardium is installed in the default directory, the files to be removed are in this directory on the file server: /usr/local/IBM/modules/FAM/current/files/work
    2. Change any FAM parameter in GIM, for example, changing the time interval from 5 to 10 minutes.
    3. Click Apply to Selected then click Install/Update.

Results

When the installation of the FAM discovery agent (file crawler) is complete, a basic run of the file crawler begins, using the initial path that you specified during the installation. Each time the crawler completes its run, it sends a status message that is included in the Files Crawler Configuration report. This process gathers the list of folders and files, their owner, access permissions, size, and the date and time of the last update.