PH62535: POLICY CONTAINING LARGE NUMBER OF FILTER CRITERIA MAY RESULT IN MISSING OR UNWANTED EVENTS STREAMED TO THE GUARDIUM APPLIANCE

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Policy containing large number of filter criteria may result in
  missing or unwanted events streamed to the Guardium Appliance
  

Local fix

• Tuning the policy to be less than approximately 32767 characters
  or less than 4095 8 character unique filter values across all
  rules within the policy pushed to the appliance. Adjust the
  total number of unique filter values depending on the length of
  the filter. For example, if the lengths of the filters is
  greater than 8 characters, use fewer than 4095."
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: Users of IBM Security Guardium S-TAP for     *
  *                 Db2 on z/OS                                  *
  ****************************************************************
  * PROBLEM DESCRIPTION: Policy containing large number of       *
  *                      filter criteria may result in missing   *
  *                      or unwanted events streamed to the      *
  *                      Guardium Appliance.                     *
  ****************************************************************
  * RECOMMENDATION: Apply the PTF.                               *
  ****************************************************************
  Policy containing large number of filter criteria may result in
  missing or unwanted events streamed to the Guardium Appliance.
  

Problem conclusion

• Large policies are now properly processed. Resulting in the
  reporting of expected events.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI98582

Modules/Macros

• ADHGADHU ADHGAPBX ADHGBRB  ADHGCRCR ADHGCSVC ADHGDTSP ADHGGDMI
  ADHGGIFC ADHGGSTT ADHGLALC ADHGLMIO ADHGLQSM ADHGLTRI ADHGLUTL
  ADHGMSGS ADHGPBUF ADHGPROT ADHGSAF  ADHGSTAP ADHGSTRS ADHGTRC
  ADHGVERS ADHKAFLN ADHKAFLO ADHKAFLT ADHKAFLU ADHKAFUT ADHKBBEX
  ADHKBFLT ADHKEXP  ADHKFADH ADHKIFIE ADHKKTMP ADHKLALC ADHKLMIO
  ADHKLOGN ADHKLQSM ADHKLRTL ADHKLTRI ADHKLUTL ADHKMSGS ADHKOEXP
  ADHKRNTM ADHKRUL  ADHKSAF  ADHKSTRC ADHKTRC  ADHPAPBX ADHPBLMR
  ADHPCRCR ADHPDB2C ADHPDTSP ADHPDYNA ADHPOBLK ADHPPADH ADHPPALC
  ADHPPAUT ADHPPBUF ADHPPCVS ADHPPGDM ADHPPLBK ADHPPLCY ADHPPMIO
  ADHPPMSG ADHPPPRT ADHPPQSM ADHPPRSR ADHPPSAF ADHPPSTT ADHPPUTL
  ADHPPXML ADHPQRBK ADHPQUEM ADHPSIFC ADHPSINF ADHPSQL  ADHPSTAP
  ADHPSTRP ADHPTMDT ADHPVSAM
  

Fix information

• Fixed component name

  SEC GUAR STAP D

• Fixed component ID

  5655STP00

Applicable component levels

• RB30 PSY UI98582

     UP24/10/03 P F410 ¢

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.