Troubleshooting
Problem
Guardium session level policies can be used to trigger actions based on session level criteria.
In some cases, triggering on database name is not working.
Cause
Session level policy is based on session information in the analyzer part of Guardium sniffer. Because of this, it cannot trigger based on SQL statements. If a database is accessed by running SQL in an already open session, a session level rule based on database name cannot trigger.
There are two known cases of this:
- Informix - Using 'dbaccess' to access the database locally
- MSSQL - Logging into one database, then switching via the MSSQL Server GUI
In both cases the database name is provided in an SQL statement run in an existing session. There might be other databases and clients that have the same behavior.
Resolving The Problem
As of Guardium v10.6 p630 and v11.0 there is no way to overcome this limitation.
Session level policies for sessions with this issue can be defined using other criteria, not database name.
Data level policy can still be used to trigger based on database name, for example to ignore the traffic using Ignore S-TAP Session action.
In Guardium v11.1 and v10.6 higher bundle patch than p630 (not yet released at time of writing).
There will be an option to work around the problem only in cases where the database name is provided in the first SQL of the new session.
More details will be provided when the patches are released.
If you suspect this problem may be happening in your environment, but you don't have one of the known cases listed above, support can check. Provide:
- Slon capture, running while a problem session is started
- Details of your test connection type, database, client and commands run
- Sniffer must gather
- Policy export
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"v10.6, v11","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
01 March 2022
UID
ibm11073826