IBM Support

Collect SLON and TCPDUMP in Guardium for z/OS traffic

Troubleshooting


Problem

When z/OS traffic into the guardium appliance is being suspected as the possible cause of unexpected logging and inspection engine status failure, run zdiag to collect z/OS traffic diagnostics to be sent to IBM Support

Symptom

Possible logging problems:
  • some sql exceptions are not captured
  • inspection engine status always failed
  • missing data in report
  • inaccurate record affected count

Cause

Sniffer (inspection-core) is suspected - collect z/OS traffic diagnostics, The files collected include TCPDUMP and SLON.

Diagnosing The Problem


To start zdiag collection: From the cli prompt
  • ibm.com> support store zdiag on
    Z diagnostic has started.
    Do not start or stop SLON and TCPDUMP during the running period.
    Results files tcpdump.tar.gz and slon_all.tar.gz can be downloaded using "fileserver" command.
    ok

To end zdiag collection: From the cli prompt
  • ibm.com>  support store zdiag off
    Results file tcpdump.tar.gz can be downloaded using "fileserver" command.
    Results file slon_all.tar can be downloaded using "fileserver" command.
    ok

The zdiag collection defaults to 60 seconds. If a longer time is required, specify <N> in minutes like this
  • support store zdiag on <N>


    •  

Once collection completes, results file(s) can be downloaded using "fileserver" command.
  • /opt/IBM/Guardium/log/tcpdump.tar.gz
    /opt/IBM/Guardium/log/slon_all.tar.gz

To check zdiag is currently enabled, in cli run
  • support show zdiag


*** Additional note: - If you want to collect SLON without TCPDUMP.

To start slon collection:
  • ibm.com> support store slon on [parameter]

The options for [parameter] are
 
packets dump analyzer packets (default)
snifsql log sniffer SQL activities and dump analyzer packets
secparams log secure parameters info and dump analyzer packets
sgate log S-GATE debugging info and dump analyzer packets
messages tap message data dump

Result files as below can be downloaded using the "fileserver" command and then sent to IBM Support for analysis
    • slon_packets.tar.gz
    • slon_messages.tar.gz
    • slon_all.tar.gz
When [parameter] is not specified, slon_all_tar.gz will be generated.

To stop slon collection:
  • ibm.com> support store slon off

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"10.0;10.0.1;10.1;8.2;9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
02 April 2020

UID

swg21971314

Page Feedback