IBM Security Guardium: STAP stops collecting traffic from ORACLE database after DB patching

Troubleshooting

Problem

IBM Guardium STAP stops collecting traffic for Oracle database after database patching.

Symptom

No traffic is being captured.

Cause

ORACLE_HOME environment variable value might change as a consequence of Oracle Server Patching.

Diagnosing The Problem

Following error can be seen in STAP Event logs:


MSG(879) MODULE(1) SEV(4) COUNT(1) Cant stat the db server executable 

(/opt/app/oracle/product/18.11.0.0/db/bin/oracle), ORACLE BEQ traffic may not be captured and Cant stat the db server executable.

(/opt/app/oracle/product/19.8.0.0/db/bin/oracle), ORACLE BEQ traffic may not be captured, ACCEPT the configuration will not work, Please correct it!!! or set wait_for_db_exec > 0; Cant stat the db server executable.

Resolving The Problem

This issue can be resolved by one of the below mentioned options:-

Option 1:-

Run fresh "Database instance discovery" from the GUI and click the check box "Replace existing Inspection Engines".

(Manage > Activity Monitoring > S-TAP Control. Click Send command

, and select Run Database Instance Discovery)

Option 2:-

If you have already set to run db instance discovery every 24 hours.

(STAP_DISCOVERY_INTERVAL=24, STAP_DISCOVERY_ENABLED=1 in STAP guard_tap.ini file)

By default the discovery feature discovers database instances on the set interval and sends the information to GUI that can be seen in Discovered Databases report. From this report, the inspection engines have to be configured by invoking the grdapi command.

Inspection Engines are not overwritten automatically by default. This is to prevent overwriting any manually configured Inspection Engines.

Option 3:-

If database instance discovery is not in use, you have to manually edit the inspection engines from S-TAP control.

Additionally, in Guardium v11.2 you can use discovered instances rules to manage how database instance discovery is working. (click here to refer)

Related Information

Linux-UNIX: Discovery parameters

Database discovered instances rules

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z0000001euvAAA","label":"INSPECTION ENGINE"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Product Synonym

Guardium STAP, ORACLE STAP, NO traffic

Was this topic helpful?

Document Information

Modified date:
04 December 2020

UID

ibm16374020

Tips