IBM Security Guardium: Guardium Test Message repeats every 5-10 minutes

Question & Answer

Question

After upgrading the appliances to v11.2, we are getting some test messages from Guardium.

These messages repeat every 5-10 minutes and also going to SIEM side.

How can we disable them?

Cause

The TEST_RSYSLOG ability is new and introduced from v11.2 and is 1 by default
NANNY checks frequently if syslog service is active or stopped.

grdapi get_guard_param paramName=NANNY_TEST_RSYSLOG

Answer

To disable writing the test messages to syslog, please follow the screenshot

grdapi modify_guard_param paramName=NANNY_TEST_RSYSLOG paramValue=0

If the messages keep coming after the change, please open a case with IBM Security Guardium Technical Support team and provide the must_gathers

--> support must_gather system
--> supp must_gather alert_issues
--> grdapi get_guard_param paramName=NANNY_TEST_RSYSLOG

Get tcpdumps while reproducing the issue

support store tcpdump on raw 15m 1 <SIEM_IP> <SIEM_PORT>

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z0000001ermAAA","label":"ALERTS"},{"code":"a8m0z0000001erwAAA","label":"SIEM"}],"ARM Case Number":"TS004619225","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.2.0;11.3.0"}]

Tips

IBM Security Guardium: Guardium Test Message repeats every 5-10 minutes

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?