Predefined common reports
This section provides a short description of all predefined reports available for users with either default user access rights or default admin access rights.
- Data Source Version History
- Data Sources
The Status Monitor graphical report displays the current state of the guardium appliance: how many packets per second and requests per second it is processing, how much disk space and memory is being used, and so forth. Each field is described in the following table.
The box displays the output of the Linux® VMSTAT command. If you are familiar with that command, these statistics should be familiar to you.
The number of processes:
r: Waiting for run time.
b: In uninterruptable sleep (blocked, waiting for another event).
Memory use (kB):
swpd: Amount of virtual memory used.
free: Amount of idle memory.
buff: Amount used as buffers.
cache: Amount reserved for cache.
Amount of memory (kB):
si: Swapped in from disk.
so: Swapped out to disk.
Input/Output blocks (kB/s):
bi: Blocks received from a block device
bo: Blocks sent to a block device
in: Interrupts per second, including the clock
cs: Context switches per second
Percentage of total CPU time used by:
us: Time spent running non-kernel code
sy: Time spent running kernel code
id: Idle time (not including waiting for IO)
wa: Time spent waiting for IO
st: Time stolen from a virtual machine
|(n)pps / (m)rps||In the arrow next to the Analysis Engine, two averages are calculated for the last five seconds: n is the average number of network packets per second, and m is the average number of network database requests per second.|
(q-d) ------ (p)
|For the Analysis Engine, the first line lists the total number of messages queued for processing (q), followed by the number of messages dropped (d) because the buffer was in danger of becoming filled. The second line lists the total number of messages processed (p). The number processed will be reset to zero whenever the inspection engine is restarted.|
(q) ---- (p)
|For each server type, the number of messages awaiting processing (q) is listed and the number of messages processed (p) is listed.|
|Free Disk Space||The number of bytes free.|
|DB n% Full||The percentage of the database space allocation that is used.|
|Files/Other||The Files/Other portion of Status Monitor represents
the data accumulated in nondb-sql logger.
Nondb-sql logger logs close session events arriving to the Analyzer from “ignored” sessions that have been internally closed by the Analyzer (INACTIVE_FLAG=-1). The Analyzer has the ability to close connections by timeout (if session has been inactive for a long time). If close session data arrives to the Analyzer from “ignored” session that has been closed by timeout, it is recorded in the nondb-sql-logger section.
Analyzer never records data directly to database. This section also represents number of DB requests sent by Analyzer to Logger, as well as other supported protocols such as SCP.
Data Source Version History
- admin: available as drill-down from the Data Sources report
- user: Discover > DB Discovery
Lists all datasources defined: Data -Source Type, Data-Source Name , Data-Source Description, Host, Port, Service Name, User Name, Database Name, Last Connect, Shared, and Connection Properties..
You can restrict the output of this report using the Data Source Name run time parameter, which by default is set to “%” to select all datasources.
|Domain||Based on Query||Main Entity|
|internal - not available||Data-Sources||not available|
|Run-Time Parameter||Operator||Default Value|
|Data Source Name||LIKE||%|
|Period From||>=||NOW -1 DAY|
Predefined Audit Processes
There is one predefined audit process named Appliance Monitoring, which contains the proceeding reports listed. This audit process is inactive by default. The administrator can activate and schedule it according to his or her needs.
- Failed Logins to Guardium
- Active Guardium Users
- Aggregation/Archive Errors
- Policy Related Changes
- Inspection Engines and S-TAP Changes
- Data Source Changes
- CAS Instance Configuration Changes
- CAS Instances
- CAS Templates
- Scheduled Jobs Excep