Troubleshooting
Problem
You are using the Query Rewrite feature to redact data. It is not working as expected.
Cause
Multiple causes are possible:
1. The setting is not in the STAP guard_tap.ini file: qrw_installed=1
2. The inspection engine for the STAP was not restarted after adding the entry to the guard_tap.ini file.
3. You have both firewall_installed=1 and qrw_installed=1.
4. You applied the QUERY REWRITE ATTACH rule on object level items or any intra-session components such as commands.
5. The ATTACH/DETACH rules are based on the same criteria so the session is being attached and detached in each session.
Environment
Version 10.1.
Supported DB Vendors: MS SQL Server, DB2, Oracle.
Resolving The Problem
The following resolutions correspond to the items in the "Cause" section.
1. Make sure the setting qrw_installed=1 is in the STAP guard_tap.ini file.
2. Restart the inspection engine for the STAP after adding the query rewrite to the guard_tap.ini file.
3. You cannot have both the query rewrite setting and the firewall setting (SGATE) over the same IP. You have to be rewriting the queries on different IPs.
4. You should not attach/detach on object level items (e.g. Table) or any intra-session components (e.g. commands). This can introduce inconsistencies. Attach to session-level criteria such as DB_USER and SERVER_IP. Do not attach to a particular table.
5. Check the actions for each rule. Remove the Detach action QUERY REWRITE DETACH.
This action is intended to be used in conjunction with the qrw_default_state=1 option where S-TAP attaches all sessions by default in order to release sessions which are not important to watch.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21993000