IBM Support

IBM MustGather: Collecting data for Guardium STAP on IBM i

Question & Answer


Question

If there is a problem with the Guardium STAP on IBM i, what information must be gathered before contacting IBM software support?

Answer

Information is required from both the IBM i and the collector that the STAP is pointing to.

IBM i

For more detailed serviceability information see the Guardium Database Activity Monitor & DB2 for i Serviceability Guide.

1. PTF level of the IBM i


    Ensure that the PTF level matches the recommended service level requirements. From the IBM i command line run:

      > WRKPTFGRP

    or
      > STRSQL
      SELECT CHAR(PTF_GROUP_NAME,7) as GRPPTF, PTF_GROUP_LEVEL FROM QSYS2.GROUP_PTF_INFO WHERE PTF_GROUP_NAME IN ('SF99701', 'SF99601') AND PTF_GROUP_STATUS = 'INSTALLED' ORDER BY PTF_GROUP_LEVEL DESC FETCH FIRST 1 ROWS ONLY

2. STAP version

    Run the below commands from the IBM i command line:

      >CALL QP2TERM
      cd /usr/local/guardium
      strings -a istap | grep itap_version

3. User profile of the audit server start user

    Send as a spool file or screen shot the output of:

      > STRSQL
      SELECT start_user FROM QSYS2/SYSAUDIT
      > PF3 (exit) with option 1
      > DSPUSRPRF USRPRF(<start_user-name>) TYPE(*BASIC) OUTPUT(*PRINT)

4. Audit server status

    Send screen shots of the full status or the QTEMP/SYSAUDS file. Run the following:

      >STRSQL
      CALL SYSPROC/SYSAUDIT_STATUS() [Inserts a row into the status table with the current status]
      SELECT * FROM QTEMP/SYSAUDSTS [Displays the status]

5. Audit server configuration

    Send screen shots of the full configuration or the QSYS2/SYSAUDIT file. Run the following:

      >STRSQL
      SELECT * FROM QSYS2/SYSAUDIT

Collector

1. Sniffer must gather


    From the CLI, send the file generated by running:

      support must_gather sniffer_issues

    Further information about CLI must gather commands can be found here.

2. DB2 for i STAP status report


    This predefined report would have been added to a GUI pane by the user on the initial set up of the system. Use OPTION A OR B below.

      OPTION A)

        i) Navigate to the report in the GUI.

        ii) Double click one one of the rows and invoke the get_istap_status API.

        iii) Take a screen shot of the resulting status screen.


      OPTION B)

        i) Run a once now upload of the data via Tools->Report Building-> Custom Table Builder -> Upload Data.

        ii) Navigate back to the report and take a screen shot, pdf or csv export.


3. DB2 for i STAP configuration report

    The steps and options are the same as in point 2 above. Except in this case:
      • Navigate to the GUI DB2 for i STAP configuration report.
      • In OPTION A) use the get_istap_config API.

Detailed information and steps to configure the reports in points 2. and 3. can be found in the DB2 for i and Guardium whitepaper.



Note: Differences in the audit server status and configuration between the IBM i and the Guardium collector can be useful for troubleshooting. That is why we ask for the information from both sources.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.1;9.0","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21682533

Page Feedback