DB User=? (ENCRYPTED) in Guardium reports

Troubleshooting

Problem

In Guardium reports, traffic coming from a database server with ATAP installed is appearing with DB_USER=? (ENCRYPTED). This traffic includes access information like client and server IP but never any SQL.

Cause

Record Empty Sessions is enabled in the inspection engine. The DB_USER=? (ENCRYPTED) data is from an unencrypted header packet that only has the session information in it. If record empty sessions is enabled this header packet is logged by Guardium and will appear in reports.

Environment

Guardium ATAP installed

Diagnosing The Problem

In the DB User column in your GUI report there are entries with "? (ENCRYPTED)".

Resolving The Problem

1. In GUI-> Administration Console-> Inspection Engines. Unselect "Record Empty Sessions" and apply.
2. In CLI: restart inspection-core

Sessions started after the change should appear as normal.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"8.2;9.0;9.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

DB User=? (ENCRYPTED) in Guardium reports

Troubleshooting

Problem

Cause

Environment

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?