IBM Security Guardium: Sessions are not being Ignored as expected

Question & Answer

Question

Why aren't my sessions being marked as ignored?

Cause

The session has no SQL statement.

Answer

One possible reason is if a session has no SQL in it, but is not empty. In this case, Guardium cannot mark the sessions as "ignored" because policy rules require some SQL to evaluate and trigger them.

Some applications will open sessions that have data in them but no SQL, e.g. the session issues a COMMIT and an internal ROLLBACK and nothing else.

On a related note, Guardium does not record empty sessions by default. However, there is a way to override this with the Inspection Engine setting "Record Empty Sessions". Check this setting if you think Guardium is recording empty sessions.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.0;10.0.1;10.1;10.1.2;10.1.3;10.1.4;10.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

IBM Security Guardium: Sessions are not being Ignored as expected

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?