Troubleshooting
Problem
IBM Guardium Distributions Dashboard and Reports - Analyse spikes in database and system space usage
Symptom
The Guardium Appliance internal fills up - often before you can react to the problem
Cause
The Guardium Appliance internal database can fill up and especially due to spikes in the amount of data collected and stored.
Diagnosing The Problem
In a properly configured Appliance the Guardium Administrator will have enabled and receive alerts when problems occur on the Appliance - for example when the internal database usage rises above a certain level. In some cases the Internal database can fill up rapidly over some days
Resolving The Problem
The Guardium Administrator will react to the alerts, make checks, purge data and possible amend the Policy to filter trusted data that is being logged. A host of technotes and videos are available on the subject ( see related URLs below)
The Distributions Dashboard
This technote introduces a prototype Distributions Dashboard (and reports) that Guardium Administrators can use alongside the existing alerts and reports to realise spikes in the used space in the days leading up to an eventual Full System. This allows Administrators to react, make checks and fix the problem before the system becomes full.
- At the time of writing these v10.0p205 reports and dashboard can only be imported successfully to a v10.0p205 (and possibly higher) - This issue is being checked. It seems that definitions cannot be imported to a lower GPU even if the main version is the same (ie these v10.0p205 definitions cannot be imported to a v10.0p200. It could be an expected limitation
The concept is for the Guardium Administrator to check the Distributions Dashboard every so often for spikes in the data of the commonly filled internal tables. There is also the possibility to create alerts based on the Distributions Dashboard reports.
The Distributions Dashboard reports on a default of 1 month of data (or less) stored on the Appliance in graphical bar chart form. This should allow for a quick visual check for spikes in data that may have occurred on some previous days BEFORE the database itself has filled right up.
Depending on which data table the spike is on the Administrator can react and use the detailed reports to hopefully identify the reasons for the spike - and then if necessary react and amend the Policy or take other action (eg purge) accordingly.
Most Administrators are familiar with the top tables command eg - below is on a near empty database.
vmguard3.hursley.ibm.com> support show db-top-tables all
Table Size (M) | I/D % | Unused(M) | Est. Rows | Name
-------------- | ----- | --------- | --------- | ----------
1738 | 59 | 51 | 4583573 | GDM_CONSTRUCT_TEXT
99 | 177 | 0 | 180936 | GDM_CONSTRUCT_INSTANCE
30 | 121 | 0 | 33202 | GDM_EXCEPTION
28 | 73 | 0 | 22850 | GDM_SESSION
2 | 533 | 0 | 182 | GDM_POLICY_VIOLATIONS_LOG
The Distributions Dashboard reports on the distributions (number of rows) per day in some of the typical tables that can grow large quickly. It also shows other simple reports that can aid the Administrator to check the space health of the Appliance.
One of the reports on the Distributions Dashboard require the Unit Utilization to be enabled to display relevant information.
NOTE
Feedback needed
This is a work in progress - currently a prototype to gain some feedback that may be used to enhance the Distributions Dashboard. Your feedback is welcome and encouraged via the Rate this Page buttons at the top right of this technote . - Any and all comments welcome
The Distributions Dashboard and reports within it have all been made by using the product as it is by IBM Guardium Technical Support
Here is the v10 Distributions Dashboard and reports to import - also a few slides fora quick explanation.
individual_reports.zip
There was a problem in including multiple reports in one export file so the reports are included here for individual upload once the report files within have been extracted from this zip file
dist_dash.sql
Guardium_Distributions_Dashboard_explain.pptx
Notes on installation
- The Distribution Dashboard needs some minor configuration once it is uploaded
- The reports are installed with the default Period From of "NOW -3 HOUR" - They should be changed using the "edit mode" at the top of the Dashboard
Each report can then have the runtime parameter set to be for example NOW -1 MONTH (or whatever timeframe you wish) by clicking the spanner (wrench)
- The graphs may show as horizontal bar graphs instead of vertical- This can be amended if you wish in edit mode as above and then clicking the customize chart button to switch the graph type to be a vertical bar.
- The reports do not show up in the order they were placed on the dashboard - so the reports / graphs may need to be moved around (drag and drop) if you wish to group similar reports together in the dashboard view - Please see the attached Guardium_Distributions_Dashboard_explain.pptx file above for reference
Summary of Reports / Graphs
Here is a summary detail of the Distributions Dashboard and the reports within it (at the time of writing)
Each report presumes the data is obtained for the last 1 month available on the appliance (configurable)
| Report /Graph | Purpose / shows |
| --IBM Max DB Usage % (during period) | max db used % reached |
| --IBM Max Sys Var Usage | max sys var space used % reached |
| -- IBM Unit Daily Disk Used | report with above numbers for the period |
| --IBM Archive Import Export Backup Failures | total number of failures for the period |
| --IBM Agg Failure files | list of above failure files |
| --IBM Dist Exception graph2 | Exceptions distributions for the period |
| --IBM Exceptions | Exceptions report - use with the above graph |
| --IBM Dist Policy Violations graph | Policy Violations distributions for the period |
| --IBM Pol Rule Viols | Policy Violations report - use with the above graph |
| IBM Distrib Sessions graph | Sessions distributions for the period |
| --IBM DIST CONSTRUCT_INSTANCE | SQL Construct distributions for the period |
| --IBM Dist Full Details graph | Full SQL distributions for the period |
Further Information
Some of the Distributions Dashboard reports / information may be available in other areas - the Distributions Dashboard specifically targets system and DB space and the tables that can cause space problems.
Correlation Alerts can probably be made against the reports to trigger on spikes - Not implemented yet
Some other useful reports / dashboards that are included in the product are :-
- System monitor
- Deployment health table (from the Central Manager CM)
- Deployment health dashboard (from the Central Manager CM)
- Deployment health topology (from the Central Manager CM)
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22001191