IBM Support

InfoSphere Guardium Sniffer May Crash When Running with 12 or More than 12 Threads

Troubleshooting


Problem

After applying Guardium V9 64bit snif patch 9.0p1058 or above(e.g. V9 GPU300, 9.0p1067), snif may crash if running with 12 or more than 12 threads.

Symptom

Symptom 1:

In Guardium web GUI's "Guardium Monitor" -> "Buffer Usage Monitor" report, "TID" column keeps changing values which is the process ID of sniffer.



Symptom 2:
1. Issue cli command "fileserver" from cli console.
2. Open http://<collector hostname or IP> from web browser.
3. Click "Sqlguard logs".
4. Locate the "messages" file.
In the messages file, you may note following messages repeatedly:

Oct 31 15:23:50 guard01 snif: Guardium Sniffer Started
Oct 31 15:23:52 guard01 GuardiumSniffer[7374]: Guardium Sniffer license verified.
Oct 31 15:23:52 guard01 GuardiumSniffer[7374]: WTAP_SERVER: Started at Fri_31-Oct-2014_15.23.52.659
Oct 31 15:23:55 guard01 GuardiumSniffer[7374]: CRuleSet::CRuleSet(gdm::DB*): set_should_exit !! Exitig_mode = 0
Oct 31 15:23:55 guard01 snif: Guardium Sniffer Started
Oct 31 15:23:57 guard01 GuardiumSniffer[7451]: Guardium Sniffer license verified.
Oct 31 15:23:57 guard01 GuardiumSniffer[7451]: WTAP_SERVER: Started at Fri_31-Oct-2014_15.23.57.919
Oct 31 15:24:00 guard01 GuardiumSniffer[7451]: CRuleSet::CRuleSet(gdm::DB*): set_should_exit !! Exitig_mode = 0
Oct 31 15:24:00 guard01 snif: Guardium Sniffer Started
Oct 31 15:24:02 guard01 GuardiumSniffer[7519]: Guardium Sniffer license verified.
Oct 31 15:24:02 guard01 GuardiumSniffer[7519]: WTAP_SERVER: Started at Fri_31-Oct-2014_15.24.02.956
Oct 31 15:24:04 guard01 GuardiumSniffer[7519]: CRuleSet::CRuleSet(gdm::DB*): set_should_exit !! Exitig_mode = 0
Oct 31 15:24:04 guard01 GuardiumSniffer[7519]: CRuleSet::CRuleSet(gdm::DB*): set_should_exit !! Exitig_mode = 1
Oct 31 15:24:04 guard01 init: Id "snif" respawning too fast: disabled for 5 minutes

Cause

This is a bug introduced since Sniffer patch 9.0p1058. After 9.0p1058, 12 sniffer threads tries to open around 1700 mysql connections, which exceeds the 1500 max defined in MySQL configuration file.

Resolving The Problem

This issue is fixed in sniffer patch 9.0p4001 and above. Please apply sniffer patch 9.0p4001 or above to fix this issue. Please contact Guardium support if you need this patch 9.0p4001.

If you don't want to apply sniffer patch, following is the workaround:


In cli command window, type following command so snif will run with default 6 threads:

store system snif-thread-number default

Current snif is running with 12 threads.
You want to change to the snif thread number from 12 to 6.
Do you want to change it? (y/n) y

Attempting to restart the snif. It may take time. Please wait.
ok

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.1;9.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21689566

Page Feedback