Question & Answer
Question
What is the recommended configuration to automatically restart the IBM Guardium S-TAP process when it consumes high CPU, and to automatically disable it when it continues to take high CPU too often?
Answer
For GIM-based Deployments:
1) On the GUI for the GIM Server, go to:
Administration Console -> Module Installation -> Setup By Client OR Setup By Module
Administration Console -> Module Installation -> Setup By Client OR Setup By Module
2) Select the Server.
3) Select currently installed S-TAP bundle from the Modules list, and click Next.
4) Set the following parameters:
STAP-UTILS_START_MONITOR = y
STAP-UTILS_MONITOR_AUTO_KILL_ON_CPU_ENABLE = 1
STAP-UTILS_MONITOR_AUTO_KILL_ON_CPU_LEVEL = 7500
NOTE: Setting these parameters runs guard_monitor and automatically restarts the S-TAP when it’s average (STAP-UTILS_MONITOR_CPU_MEASUREMENT_TIMESLICE=0: measure CPU across the life of the process) uses above 75% on one CPU (STAP-UTILS_MONITOR_CPU_MEASUREMENT_MODE=0: means measure CPU relative to one core).
If there are 75 cores on the system, then STAP-UTILS_MONITOR_AUTO_KILL_ON_CPU_LEVEL = 7500 means 1% entire system CPU. STAP-UTILS_MONITOR_AUTO_KILL_ON_CPU_LEVEL should be adjusted to a different CPU level based on number of cores and/or set STAP-UTILS_MONITOR_CPU_MEASUREMENT_MODE=1.
5) Set the following parameters:
STAP-UTILS_MONITOR_KILL_NUM_IN_HOUR = 5
STAP-UTILS_MONITOR_FINAL_ACTION = 1
NOTE: These parameters will restart S-TAP a maximum of 5 times within an hour, before disabling the S-TAP. To re-enable the S-TAP at a later stage requires explicit action specific to the operating system and type of deployment (GIM or S-TAP only).
6) Set the following parameters:
STAP-UTILS_MONITOR_AUTO_DIAG = 1
STAP-UTILS_MONITOR_DIAG_HIGH_CPU_LEVEL = 6500
STAP-UTILS_MONITOR_DIAG_NUM = 2
NOTE: These parameters will automatically run a diag when S-TAP uses above 65% CPU, which will collect diagnostic information for further investigation. This will take a maximum of 2 diag files. Also this 65% CPU is based on a single core. Please adjust it based on number of cores on the system.
7) Apply the Parameters and Install/Update.
For non-GIM Deployments (S-TAP only):
1) Open file [GUARDIUM INSTALL DIRECTORY]/etc/guard_monitor.ini.
2) Set the following parameters:
auto_kill_on_cpu_enable=1
auto_kill_on_cpu_level=7500
cpu_measurement_timeslice=0
cpu_measurement_mode=0
NOTE: This will run guard_monitor and will automatically restart the S-TAP when it’s average(cpu_measurement_timeslice=0: measure CPU across the life of the process) utilizing above 75% on one CPU(cpu_measurement_mode=0: means measure CPU relative to one core).
If there are 75 cores on the system, then auto_kill_on_cpu_level=7500 means 1% entire system CPU. auto_kill_on_cpu_level should be adjusted to a different CPU level based on number of cores and/or set cpu_measurement_mode =1.
3) Set the following parameters:
kill_num_in_hour=5
final_action=1
NOTE: These parameters will restart S-TAP a maximum of 5 times within an hour, before disabling the S-TAP. To re-enable the S-TAP at a later stage requires explicit action specific to the operating system and type of deployment (GIM or S-TAP only).
4) Set the following parameters:
auto_diag=1
diag_high_cpu_level=6500
diag_num=2
NOTE: These parameters will automatically run a diag when S-TAP uses above 65% CPU, which will collect diagnostic information for further investigation. This will take a maximum of 2 diag files. Also this 65% CPU is based on a single core. Please adjust it based on number of cores on the system
5) Start Monitor
For RHEL 6 and above, run:
start umon
For Solaris, run:
For all other Unix/Linux:
a. Uncomment the umon line in /etc/inittab
EXAMPLE
If the line appears in /etc/inittab as:
c. Run the following command:
svcadm enable guard_umon
For all other Unix/Linux:
a. Uncomment the umon line in /etc/inittab
EXAMPLE
If the line appears in /etc/inittab as:
#umon:2345:respawn:/usr/local/guardium/guard_stap/guard_monitor /usr/local/guardium/guard_stap/guard_monitor.ini
Change this line to:
umon:2345:respawn:/usr/local/guardium/guard_stap/guard_monitor /usr/local/guardium/guard_stap/guard_monitor.ini
b. Save the filec. Run the following command:
init q
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZSXX","label":"Guardium Database Activity Monitor"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]
Was this topic helpful?
Document Information
Modified date:
16 January 2024
UID
swg21974444