Troubleshooting
Problem
In Guardium reports, traffic coming from a database server with ATAP installed is appearing with DB_USER=? (ENCRYPTED). This traffic includes access information like client and server IP but never any SQL.
Cause
Record Empty Sessions is enabled in the inspection engine. The DB_USER=? (ENCRYPTED) data is from an unencrypted header packet that only has the session information in it. If record empty sessions is enabled this header packet is logged by Guardium and will appear in reports.
Environment
Guardium ATAP installed
Diagnosing The Problem
In the DB User column in your GUI report there are entries with "? (ENCRYPTED)".
Resolving The Problem
1. In GUI-> Administration Console-> Inspection Engines. Unselect "Record Empty Sessions" and apply.
2. In CLI: restart inspection-core
Sessions started after the change should appear as normal.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21691910