Troubleshooting
Problem
IBM Guardium STAP stops collecting traffic for Oracle database after database patching.
Symptom
No traffic is being captured.
Cause
ORACLE_HOME environment variable value might change as a consequence of Oracle Server Patching.
Diagnosing The Problem
Following error can be seen in STAP Event logs:
MSG(879) MODULE(1) SEV(4) COUNT(1) Cant stat the db server executable
(/opt/app/oracle/product/18.11.0.0/db/bin/oracle), ORACLE BEQ traffic may not be captured and Cant stat the db server executable.
(/opt/app/oracle/product/19.8.0.0/db/bin/oracle), ORACLE BEQ traffic may not be captured, ACCEPT the configuration will not work, Please correct it!!! or set wait_for_db_exec > 0; Cant stat the db server executable.
Resolving The Problem
This issue can be resolved by one of the below mentioned options:-
Option 1:-
Run fresh "Database instance discovery" from the GUI and click the check box "Replace existing Inspection Engines".
(Manage > Activity Monitoring > S-TAP Control. Click , and select Run Database Instance Discovery)
Option 2:-
If you have already set to run db instance discovery every 24 hours.
(STAP_DISCOVERY_INTERVAL=24, STAP_DISCOVERY_ENABLED=1 in STAP guard_tap.ini file)
By default the discovery feature discovers database instances on the set interval and sends the information to GUI that can be seen in Discovered Databases report. From this report, the inspection engines have to be configured by invoking the grdapi command.
Inspection Engines are not overwritten automatically by default. This is to prevent overwriting any manually configured Inspection Engines.
Option 3:-
If database instance discovery is not in use, you have to manually edit the inspection engines from S-TAP control.
Additionally, in Guardium v11.2 you can use discovered instances rules to manage how database instance discovery is working. (click here to refer)
Related Information
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z0000001euvAAA","label":"INSPECTION ENGINE"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Product Synonym
Guardium STAP, ORACLE STAP, NO traffic
Was this topic helpful?
Document Information
Modified date:
04 December 2020
UID
ibm16374020