IBM Support

IBM Security Guardium DB2_EXIT getting error shmem reader_worker bucket 3, Number of dropped packets

Troubleshooting


Problem

IBM Security Guardium DB2_EXIT getting error on STAP events report for the server where DB2_EXIT is being used.:

shmem reader_worker: bucket 3, Number of dropped packets

Symptom

On the STAP events report and the syslog of database server getting messages like:

LOG_NOTICE MSG(469) MODULE(1) SEV(2) COUNT(1) shmem reader_worker: bucket 3, Number of dropped packets: 7048 - 307463747 bytes 2018-10-08 13:26:22.0
LOG_WARNING MSG(468) MODULE(1) SEV(3) COUNT(1) shmem reader_worker: bucket 3, Number of dropped packets: 7048 - 307463747 bytes 2018-10-08 13:21:34.0
LOG_WARNING MSG(468) MODULE(1) SEV(3) COUNT(1) shmem reader_worker: bucket 3, Number of dropped packets: 6782 - 291896719 bytes 2018-10-08 13:21:17.0
LOG_NOTICE MSG(469) MODULE(1) SEV(2) COUNT(1) shmem reader_worker: bucket 3, Number of dropped packets: 6782 - 291896719 bytes 2018-10-08 13:21:17.0

Cause

This increase in dropped packets is from db2 exit shmem reader_worker process its equivalent to KTAP dropped packets but its from the exit driver.  This is happening due to excessive amount of local shared memory traffic which DB2_EXIT is not able to process and in turn dropping the packets.

Resolving The Problem

Decreasing the traffic captured by exit driver can help, for example by:

  • Ignoring traffic with Ignore S-TAP Session actions in the policy
  • Ignoring responses with Ignore Responses actions in the policy
  • Ignoring traffic at the S-TAP level with client_ip or db_ignore_response parameters in guard_tap.ini

If decreasing traffic is not enough to resolve the problem, increase max size for shmem traffic:

  • Add the parameter exit_lib_shmem_size=52428800 on the guard_tap.ini then restart the Guardium STAP service
    • Please note that the existing shared memory segments need to be shutdown and restarted in this case and as such the DB2 Database service needs to be restarted AFTER the parameter change in order to pick up the new shared memory parameters correctly which will allow the traffic to be logged properly to the Guardium Collector

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"STAP DB2_EXIT","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
19 February 2020

UID

ibm10737693

Page Feedback