Guardium FAM traffic blocked by DAM Policy Rule

Troubleshooting

Problem

After installing a DAM policy rule with Ignore STAP Session action, you can no longer see FAM traffic being logged

Cause

The DAM Ignore STAP Session policy rule action blocks all traffic from the STAP. Since the STAP also sends the FAM traffic this can incorrectly block FAM traffic if the policy is not properly defined.

Diagnosing The Problem

To determine if this is the issue do the following:
1. Install just the FAM policy by itself and check you can log FAM data
2. Install the DAM policy rule with the Ignore STAP Session action and check again if the FAM traffic can be logged

If the traffic can be logged with only a FAM policy but is not logged with both FAM and DAM policies then this is most likely the cause

Resolving The Problem

To resolve the problem, make sure that any DAM Ignore STAP Session policy rule actions do not block traffic from the file server

Related Information

IBM Security Guardium for Files

File Activity Monitoring

What licenses do I need to setup a Guardium Version 10

What is StapAT.ctl? or why is FAM log called StapAT.ctl

IBM Security Guardium: How to uninstall File Activity M

Guardium v10.0/ v10.1 FAM Support

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium for Files","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.0;10.0.1;10.1;10.1.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Guardium FAM traffic blocked by DAM Policy Rule

Troubleshooting

Problem

Cause

Diagnosing The Problem

Resolving The Problem

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?