IBM Security Guardium: Hadoop Policy not Excluding Data as Expected for "Skip Commands" Group

Troubleshooting

Problem

The installed Guardium policy is configured with the allow action when the command is in the Hadoop "Skip Commands" group. But commands in this group are being logged in the Collector. You would not expect these to be logged.

Symptom

One command example is the getFileInfo. This will show up in reports but should not be logged.
The GDM_FIELD and GDM_CONSTRUCT_INSTANCE tables are large.

Resolving The Problem

Switch the rule action from "Allow" to "SKIP LOGGING". This is similar to "Allow" but does not log any constructs. "Allow" was the default in version 9, but it was later recommended to use "SKIP LOGGING". The default was changed to "SKIP LOGGING" in version 10.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Appliances","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

IBM Security Guardium: Hadoop Policy not Excluding Data as Expected for "Skip Commands" Group

Troubleshooting

Problem

Symptom

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?