IBM Support

How to set the CLI command "store ALP_TROTTLE" when Analyzer Lost Packet happens

Question & Answer


Question

The Flat Log option is a process to allow the Guardium appliance to log information without immediately parsing it in real time. The CLI command "store alp_throttle <num>" is to enable the Flat Log by throttling feature. How to set <num> with this command?

Answer

If a given analyzer/parser queue exceeds 80% of its capacity, the sniffer will turn off parsing and log raw SQL to the GDM_FLAT_LOG table. The sniffer will continue logging to GDM_FLAT_LOG until the queue goes below 60%, at which point parsing will be turned back on for the thread. If after turning off the parser, the queue continues to grow past 95% full, the sniffer will turn off the analyzer as well and log packets directly to a flat file (similar to slonfiles) for later analysis. Sniffer will continue logging to a file until the queue recovers below 60%, at which point both the analyzer and parser are reactivated.

ALP throttling is enabled from the CLI interface:

image-20180726093044-1

The configuration parameter is an integer:

- 0 means throggling is off (default)

- Values > 0 log to GDM_FLAT_LOG at the frequency indicated. For example, a value of 1 logs every SQL statement to GDM_FLAT_LOG. A value of 10 only logs every 10th SQL statement to GDM_FLAT_LOG. 

- Values <0 log to both GDM_FLAT_LOG and create flat files (at 95% buffer full), at frequency indicated by the value.

 

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
04 September 2019

UID

ibm10718893

Page Feedback