Question & Answer
Question
Guardium refers to certain processes that run on a Guardium Appliance - what are they ?
Cause
Some of the Guardium Documentation make reference processes. For example this cli command to restart any stopped services does .
xxxx.com> restart stopped_services
Are you sure you want to restart stopped services (y/n)?
The services are tomcat, classifier, rds, snif, snif_buf, sql_session , ame_process and nanny.
Restarting stopped services
start service tomcat
start service classifier
start service snif
start service snif-bufusage
start service rds
start service sqlsessionwatch
start service nanny
ok
Answer
The following lists a very brief description of some of the MAIN processes referred to by Guardium.
The list is not exhaustive and is subject to change at any time.
NOTE
some of the must_gathers provide a list of processes running at the time the must_gather is taken in a file a called running_system_processes.txt. The must_gather files can be viewed via fileserver at any time
Common processes
process / name | purpose |
mysql | Internal database system that contains the session data etc from the STAPs |
nanny | a main overseeing process - controls restarting other processes when needed. |
snif | The Guardium sniffer process that processes STAP data coming from DB Servers. - analyzer - analyzes and filters the data based on the Installed Policy - parser - parses the sql to get the object/field/verb etc - logger - logs this data to Internal Database for use by GUI reports etc. |
sniffer_buffer_usage | Collects a periodic (every minute) snapshot of the sniffer and system performance - data can be seen in Buffer Usage Monitor report |
tomcat | used by the Guardium GUI |
classifier | (guard-classifier) - listens for distributed tasks like VA and data marts. |
rds | (rds_retriever) - associated with snif - used to monitor Amazon Relational Databse Service (RDS) |
sqlsession_watch | checks and reacts to long sessions on the Guardium Appliance Internal Database. |
ame_process | AME interface to the tomcat/GUI |
Other processes / daemons
process / name | purpose |
install_patch.sh | runs every 2 minutes to initiate installation of any newly requested patches |
guard-cas.sh | Change Auditing System (CAS) listener process |
guard_sender | sends email alerts etc. |
guard_filetransfer | used to send newly created files (eg Archives /Exports etc) and sends them |
Main Aggregation / backup processes
You may also notice the following activities at time when Aggregation processes are running
process / name | purpose |
archive | generating Archive file(s) |
export | generating export file(s) and sends to an Aggregator |
import | imports the files that have been sent from other appliances (eg export files from a Collector) |
backup | turbine_backup.sh - System backup process (for CONFIG / DATA ) |
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22014137