IBM Support

Guardium Null (Empty) S-TAP host appears automatically, re-appears when deleted

Troubleshooting


Problem

A Null (empty) S-TAP host appears on the collector automatically. This S-TAP has no information about it and can be found at the S-TAP Control panel.

The Null S-TAP remains inactive.

When deleted, it usually reappears automatically after one or more days.

Cause

The problem is likely to be caused by an internal query being run by the sniffer at same time as the S-TAP heartbeat.

The query usually runs a long time due to the large size of tables such as SOFTWARE_TAP_DB_SERVER_HISTORY and SOFTWARE_TAP_PROPERTY_HISTORY on the appliance.

Environment

This issue was found in 10.5. The resolution has been tested and confirmed for that version.

Diagnosing The Problem

Navigate to S-TAP Control: Manage > Activity Monitoring > S-TAP Control

Under S-TAP Control, you notice an entry with an empty value or the value “Null” under the S-TAP Host column.

You delete the entry for the Null S-TAP Host but the entry reappears after a particular time period (usually it reappears the next day).

Resolving The Problem

There are two options to attempt and resolve the issue.

  1. Optimize the tables which are causing a delay for this query. Optimising them will allow the query to run faster. These tables are “SOFTWARE_TAP_DB_SERVER” and “SOFTWARE_TAP_PROPERTY_HISTORY”.
  2. Change the purge period so that those tables are purged more often before reaching a very big size.

Steps to resolve:

You can try the following options to manage the tables and see if performance improves. Options go from least to most intrusive.

If A does not work move on to B. After each test, monitor overnight to see if the problem is resolved.

Before proceeding with the options, make sure to delete the Null S-TAP, to monitor if it reappears after the resolution steps have been taken.


A – Optimize the relevant tables
If the appliance is a collector, stop the inspection-core from the CLI using:
stop inspection-core

Optimize the tables:
support optimize tables TURBINE SOFTWARE_TAP_DB_SERVER_HISTORY
support optimize tables TURBINE SOFTWARE_TAP_PROPERTY_HISTORY

B - Purge the table more
store purge object age 6 3

Related Information

Reclaim DB Space with Optimize

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
07 May 2019

UID

ibm10879765

Page Feedback