Guardium collector overwhelmed with incoming traffic when the STAP is sending little traffic

Troubleshooting

Problem

Guardium collector has symptoms of being overwhemed due to high incoming traffic, but it is known that the database server is not generating a lot of traffic and the STAP is not sending too much traffic.

Symptom

High incoming traffic observed on iptraf utility

High CPU usage by sniffer process

Diagnosing The Problem

Run iptraf utility from the CLI command prompt and select the option "General interface statistics" to list TCP/IP traffic per NIC (Network Card Interface). Usually a collector is configured to receive traffic only on eth0. If traffic is observed on another NIC (eth1, eth2, etc) that isn't configured, it is likely that a network cable is plugged in that NIC by mistake. This unwanted incoming traffic causes the sniffer to use high CPU to try to interpret the non-STAP traffic.

Resolving The Problem

Unplug the network cable from the NIC that isn't sending STAP traffic.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.1;9.0;8.2;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Guardium collector overwhelmed with incoming traffic when the STAP is sending little traffic

Troubleshooting

Problem

Symptom

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?