Question & Answer
Question
After upgrading the appliances to v11.2, we are getting some test messages from Guardium.
These messages repeat every 5-10 minutes and also going to SIEM side.
How can we disable them?
Cause
The TEST_RSYSLOG ability is new and introduced from v11.2 and is 1 by default
NANNY checks frequently if syslog service is active or stopped.
NANNY checks frequently if syslog service is active or stopped.
Answer
To disable writing the test messages to syslog, please follow the screenshot
If the messages keep coming after the change, please open a case with IBM Security Guardium Technical Support team and provide the must_gathers
--> support must_gather system
--> supp must_gather alert_issues
--> grdapi get_guard_param paramName=NANNY_TEST_RSYSLOG
Get tcpdumps while reproducing the issue
support store tcpdump on raw 15m 1 <SIEM_IP> <SIEM_PORT>
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z0000001ermAAA","label":"ALERTS"},{"code":"a8m0z0000001erwAAA","label":"SIEM"}],"ARM Case Number":"TS004619225","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.2.0;11.3.0"}]
Was this topic helpful?
Document Information
Modified date:
16 December 2020
UID
ibm16380746