IBM Support

Guardium not capturing any traffic from Network Tap

Troubleshooting


Problem

I have a network tap sending data to a Guardium collector and inspection engine configured. I can see that traffic is arriving at the correct port of the Guardium appliance by using iptraf. I can see that the expected data is arriving with tcpdump. Still no data is being logged into the appliance.

Cause

Traffic sent from a network tap with Virtual LAN (VLAN) tags in the packets are not supported. This traffic will not be captured by the Guardium sniffer.

Diagnosing The Problem

1. Confirm that there is certainly no data from the network tap coming into the appliance. How do I check if the correct data is being logged on my Guardium Appliance?

2. Run iptraf on the appliance. Use this to confirm that data is coming to the appliance from the IP address specified in the inspection engine.

3. Run tcpdump on the appliance. Use this to confirm that there is valid database traffic coming to the appliance from the database configured in the inspection engine.

Using Guardium cli commands iptraf and tcpdump to troubleshoot network issues

4. Check in the packets from the tcpdump to confirm if there are VLAN tags. For example:


Resolving The Problem

Configure the network tap to remove the VLAN tags from the packets sent to Guardium.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"10.0;10.0.1;10.1;9.0;9.1;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21991134

Page Feedback