Troubleshooting
Problem
You have configured ATAP and successfully run "activate". The messages are similar to below:
...
Inserted instrumentation
Restoring non-instrumented libn12.a from /opt/oracle/12.2.0/lib/libn12.a-guard-original
Restoring non-instrumented libnnzst12.a from /opt/oracle/12.2.0/lib/libnnzst12.a-guard-original
Restoring non-instrumented libnnz12.a from /opt/oracle/12.2.0/lib/libnnz12.a-guard-original
Restoring non-instrumented naeet.o from /opt/oracle/12.2.0/lib/naeet.o-guard-original
Restoring non-instrumented oracle /opt/oracle/12.2.0/bin/oracle-guard-original -> /opt/oracle/12.2.0/bin/oracle
Instance root/myinst1 is instrumented
Set 856 bytes for 'executor/env' in file '/opt/oracle/12.2.0/bin/oracle-guard-executor'
Instance root/myinst1 is active
Restoring non-instrumented libn12.a from /opt/oracle/12.2.0/lib/libn12.a-guard-original
Restoring non-instrumented libnnzst12.a from /opt/oracle/12.2.0/lib/libnnzst12.a-guard-original
Restoring non-instrumented libnnz12.a from /opt/oracle/12.2.0/lib/libnnz12.a-guard-original
Restoring non-instrumented naeet.o from /opt/oracle/12.2.0/lib/naeet.o-guard-original
Restoring non-instrumented oracle /opt/oracle/12.2.0/bin/oracle-guard-original -> /opt/oracle/12.2.0/bin/oracle
Instance root/myinst1 is instrumented
Set 856 bytes for 'executor/env' in file '/opt/oracle/12.2.0/bin/oracle-guard-executor'
Instance root/myinst1 is active
The guardctl commands list-active shows the instance.
But no encrypted traffic is seen in Guardium.
Cause
Encryption is set to 1 in the STAP configuration. This was done either in the GUI (S-TAP Control > Inspection Engine > encryption box checked) or in the guard_tap.ini (encryption=1) or both.
Diagnosing The Problem
In the STAP syslog, you see configuration errors similar to the ones below when the STAP is started:
Guardium STAP starting, Wed May 20 10:14:48 2020
(pid 6946830,uid 0)
FIPS 140-2 mode not available
2020.05.20 10:14:49 Adding exec map for /opt/oracle/12.2.0/bin/oracle-guard-instrumented failed!
2020.05.20 10:14:49 CONF_ERROR: IPC reader failed to initialize Adding exec map for /opt/oracle/12.2.0/bin/oracle-guard-instrumented failed!, ktap_install is set to 0, no data will be captured from KTAP
2020.05.20 10:14:49 CONF_ERROR: After failed to initialize IPC, Initailize PCAP failed: , no data will be captured from PCAP
(pid 6946830,uid 0)
FIPS 140-2 mode not available
2020.05.20 10:14:49 Adding exec map for /opt/oracle/12.2.0/bin/oracle-guard-instrumented failed!
2020.05.20 10:14:49 CONF_ERROR: IPC reader failed to initialize Adding exec map for /opt/oracle/12.2.0/bin/oracle-guard-instrumented failed!, ktap_install is set to 0, no data will be captured from KTAP
2020.05.20 10:14:49 CONF_ERROR: After failed to initialize IPC, Initailize PCAP failed: , no data will be captured from PCAP
Resolving The Problem
- Stop the database processes.
- Deactivate ATAP.
- Set encryption=0. It should not be set in either guard_tap.ini or S-TAP Control.
- Restart STAP. Verify after the restart that encryption is still 0 in both guard_tap.ini and the GUI and KTAP_INSTALLED=1. Reset the KTAP setting if needed.
- Activate ATAP.
- Start the database processes.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCJM6A","label":"IBM Security Guardium S-TAP for IMS on z\/OS"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
07 August 2020
UID
ibm16221118