IBM Support

IBM Security Guardium: No remote traffic from MYSQL 5.7 or above

Troubleshooting


Problem

Guardium S-TAP is unable to capture remote traffic from MYSQL 5.7 or above. 

Symptom

In Guardium reports, you see local connection to database being captured but no remote connections are seen.

Cause

The connections for mysql 5.7 or above are SSL encrypted by default. Currently, mysql SSL encrypted traffic capture is not supported by regular Guardium S-TAP.
Note:- Guardium supports mysql encrypted traffic with Guardium External S-TAP
Resolution mentioned in this technote is only relevant for regular Guardium S-TAP. 

Resolving The Problem

In order to resolve the issue mysql SSL connection can be disabled as mentioned below, please contact mysql support for more information or questions on SSL encryption.
Steps:-
For MYSQL version 5.7.32
1. To disable encryption, you have to add the following line to /etc/my.cnf file
(under the [mysqld] section):
skip-ssl
Then, save the file.
2. Restart mysql
3. Test again.
For MYSQL version 8 or above
1. To disable encryption, you have to add the following line to /etc/my.cnf file
(under the [mysqld] section):
ssl-mode=DISABLED
Then, save the file.
2. Restart mysql
3. Test again.

If this is still failing to capture the remote traffic, share following logs to investigate further:
1. /etc/my.cnf file
2. Output of this query in mysql: show variables like '%ssl%';
3. SLON capture while creating remote sessions.
4. support must_gather sniffer_issues from the associated collector
 

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCJM6A","label":"IBM Security Guardium S-TAP for IMS on z\/OS"},"ARM Category":[{"code":"a8m0z000000Gp0PAAS","label":"DATABASE"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
30 December 2020

UID

ibm16374044