Troubleshooting
Problem
The IBM Security Guardium STAP agent has a new feature which sends diagnostic files to the collector and Central Manager when the STAP restarts. In some cases STAP may restart often enough that these files fill the disk on the collector or Central Manager.
This applies to v10.5 STAP agents for Windows. With v10.1.4 STAP diagnostic files are sent to the collector only.
Symptom
Disk usage reports in the GUI show the Guardium unit is filling up, but the database is not full and there are no very large files on the system.
Cause
This new feature was designed to help troubleshoot STAP issues in a more centralized manner. Files are sent to the CM to help with cases where load balanced STAPs might connect to any of several different collectors.
Situations where a new STAP upgrade is restarting repeatedly either due to a crash or load-balancing failover can fill the disk on the CM or collector.
Environment
IBM Security Guardium version 10.5 STAP agents.
Diagnosing The Problem
From CLI run:
support show large_files 30 0
If this shows a very long list of files in the /var/IBM/Guardium/log/stap_diagnostic directory this is likely going to be a problem. Each CTL file is about 40 MB.
Resolving The Problem
Temporarily disable the feature by setting UPLOAD_FEATURE=0 in the STAP's guard_tap.ini file.
For all v10 GIM clients, push the WINSTAP_CMD_LINE parameter with a value of UPLOAD_FEATURE=0 to add or set that string in the guard_tap.ini.
Files can be deleted with this CLI command, one at a time.
support clean log_files <exact path/filename>
Was this topic helpful?
Document Information
Modified date:
20 February 2019
UID
ibm10738819