IBM Support

IBM Security Guardium Sniffer restarting every five minutes

Troubleshooting


Problem

The Sniffer is restarting every five minutes and the nanny is producing the error "stuck condition = timestamp" in the /var/log/messages log file.

Symptom

The Sniffer is restarting and producing error's in the /var/log/messages log file.

Cause

The Guardium appliance unit type has been edited incorrectly.

Diagnosing The Problem

Generate the Sniffer Must Gather output, using either the GUI or using the CLI command.

Then uncompress the Must Gather zip file, once it has been obtained. In the extracted contents you will be able to find the /var/log/messages log file, you will need to open this file using a text editor, this will enable you to review it's contents.

If you are encountering the same problem with the Sniffer restarting, then you will see the below messages being produced:

May 6 22:09:20 vmguard3 snif: Guardium Sniffer Started
May 6 22:09:22 vmguard3 GuardiumSniffer[31255]: Guardium Sniffer license verified.
May 6 22:09:22 vmguard3 GuardiumSniffer[31255]: Inspection engine, Tap disabled.
May 6 22:14:27 vmguard3 nanny:[4038]: stuck condition = timestamp
May 6 22:14:27 vmguard3 nanny:[4038]: killing 31255 with -9.
May 6 22:14:27 vmguard3 nanny:[4038]: Sun May 6 22:14:27 2018 snif 31255 killed because it stuck
May 6 22:14:27 vmguard3 init: guard-snif main process (31255) killed by KILL signal
May 6 22:14:27 vmguard3 init: guard-snif main process ended, respawning

This problem is caused by the Unit Type being incorrectly set. To confirm that this is the cause simply execute the below CLI command:
SHOW UNIT TYPE

The output generated by this command does not return the "stap" output, as the below example output demonstrates:
Managed Netinsp

Resolving The Problem

To resolve the issue you will need to execute the STORE UNIT TYPE command to add the "stap" to the stored unit type information.
STORE UNIT TYPE STAP

This will then return the below output from the SHOW UNIT TYPE command:
Managed Netinsp stap

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Appliances","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.1;10.1.2;10.1.3;10.1.4;10.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg22016285

Page Feedback