Linux-UNIX: Monitoring S-TAP in the GUI

Use these standard reports and views to monitor your S-TAP® status in the GUI.

You can create alerts that are based on exceptions that are created by S-TAPs, but other domains that are used by S-TAP reports are system-private and cannot be accessed by users.  

System View

S-TAP Status Monitor in the System Monitor window: For each S-TAP reporting to this Guardium® system, this report identifies the S-TAP Host, S-TAP Version, DB Server Type, Status (active or inactive), Last Response Received (date and time), Instance Name, Primary Host Name, and true/false indicators for: K-TAP, MS SQL Server Shared Memory, DB2® Shared Memory, Win TCP, Local TCP monitoring, Named Pipes Usage, Encryption, Firewall, DB install Dir, DB port Min and DB Port Max.

Click any line to view the inspection engines that are configured for this S-TAP. The bread crumbs show where you are; click ALL S-TAPs to return to the list of S-TAP. For more details, see Linux-UNIX: Inspection engine verification.

S-TAP Status Monitor: For each S-TAP reporting to this Guardium system, this report identifies the S-TAP Host, DB Server Type, S-TAP Version, Status (active or inactive), Inspection Engine status, Last Response Received (date and time), Primary Host Name, and true/false indicators for: Firewall and Encrypted. Click the S-TAP Status and the Inspection Engine status to see the Verification status on all Inspection Engines.

S-TAP Events: For each S-TAP reporting to this Guardium system, this report identifies the S-TAP Host, Timestamp, Event type (Success, Error Type, and so on), and Tap Message.

If no messages display in the S-TAP Events panel, the production of event messages may have been disabled in the configuration file for that S-TAP. If this is the case, you may be able to locate S-TAP event messages on the host system in the syslog file.

Tap Monitor

S-TAP Configuration Change History: This report is displayed only when an inspection engine is added or changed. Lists S-TAP configuration changes – each inspection engine change is displayed on a separate row. Each row lists the S-TAP Host, DB Server Type, DB Port From, DB Port To, DB Client IP, DB Client Mask, and Timestamp for the change.

Primary Guardium Host Change Log: Log of primary host changes for S-TAPs. The primary host is the Guardium system to which the S-TAP sends data. Each line of the report lists the S-TAP Host, Guardium Host Name, Period Start, and Period End.

S-TAP Status: Displays status information about each inspection engine that is defined on each S-TAP Host. This report does not have From and To date parameters, since it is reporting current status. Each row of the report lists the S-TAP Host, DB Server Type, Status, Last Response, Primary Host Name, Yes/No indicators for the following attributes: K-TAP Installed, Shared Memory Driver Installed, Db2 Shared Memory Driver Installed, Named Pipes Driver Installed, and App Server Installed. In addition, it lists the Hunter DBS.

Inactive S-TAPs Since: Lists all inactive S-TAPs that are defined on the system. It has a single runtime parameter: QUERY_FROM_DATE, which is set to now -1 hour by default. Use this parameter to control how you want to define inactive. This report contains the same columns of data as the S-TAP Status report, with the addition of a count for each row of the report.