Troubleshooting
Problem
Occasionally reports may not show the []DB USER NAME[] and / or []SOURCE PROGRAM[] fields in all the rows of report data but may still contain other expected fields. Some data has been lost.
Symptom
This will cause occasional data loss. Not all database traffic is collected.
Cause
The causes for this include the following (This may not be an exhaustive list)
-
- Occasional sniffer performance problem caused by high traffic on the collector.
Environment
Any Guardium collector on version 8.
Diagnosing The Problem
Start the collector GUI. Select the: 'Guardium Monitor' tab and then the: 'Buffer Usage Monitor' report.
Monitor these fields, look for the following around the datetime(s) that the missing DB USER NAME and missing SOURCE PROGRAM appear in your reports.
See: 'Guardium must gather URL"
Monitor these fields, look for the following around the datetime(s) that the missing DB USER NAME and missing SOURCE PROGRAM appear in your reports.
-
- Increasing "Analyzer Lost Packets".
- "Sniffer Process ID" changing as the sniffer process is restarted.
See: 'Guardium must gather URL"
Resolving The Problem
Reduce the traffic if possible. Consider filtering data at the policy level or moving an S-TAP to another collector.
If you have checked the above and still have the problem or believe the cause(s) to be different to those given above, please contact IBM Technical Support in the usual manner.
Related Information
[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.0;10.0.1;10.1;10.1.2;8.2;9.0;9.1;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
13 May 2020
UID
swg21580664