Troubleshooting
Problem
When z/OS traffic into the guardium appliance is being suspected as the possible cause of unexpected logging and inspection engine status failure, run zdiag to collect z/OS traffic diagnostics to be sent to IBM Support
Symptom
Possible logging problems:
- some sql exceptions are not captured
- inspection engine status always failed
- missing data in report
- inaccurate record affected count
Cause
Sniffer (inspection-core) is suspected - collect z/OS traffic diagnostics, The files collected include TCPDUMP and SLON.
Diagnosing The Problem
To start zdiag collection: From the cli prompt
- ibm.com> support store zdiag on
Z diagnostic has started.
Do not start or stop SLON and TCPDUMP during the running period.
Results files tcpdump.tar.gz and slon_all.tar.gz can be downloaded using "fileserver" command.
ok
To end zdiag collection: From the cli prompt
- ibm.com> support store zdiag off
Results file tcpdump.tar.gz can be downloaded using "fileserver" command.
Results file slon_all.tar can be downloaded using "fileserver" command.
ok
The zdiag collection defaults to 60 seconds. If a longer time is required, specify <N> in minutes like this
- support store zdiag on <N>
Once collection completes, results file(s) can be downloaded using "fileserver" command.
- /opt/IBM/Guardium/log/tcpdump.tar.gz
/opt/IBM/Guardium/log/slon_all.tar.gz
To check zdiag is currently enabled, in cli run
- support show zdiag
*** Additional note: - If you want to collect SLON without TCPDUMP.
To start slon collection:
- ibm.com> support store slon on [parameter]
The options for [parameter] are
packets | dump analyzer packets (default) |
snifsql | log sniffer SQL activities and dump analyzer packets |
secparams | log secure parameters info and dump analyzer packets |
sgate | log S-GATE debugging info and dump analyzer packets |
messages | tap message data dump |
Result files as below can be downloaded using the "fileserver" command and then sent to IBM Support for analysis
-
- slon_packets.tar.gz
- slon_messages.tar.gz
- slon_all.tar.gz
To stop slon collection:
- ibm.com> support store slon off
Related Information
[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"10.0;10.0.1;10.1;8.2;9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
02 April 2020
UID
swg21971314