Question & Answer
Question
What's the difference between the following CLI commands? start inspection-core start inspection-engine What is inspection-core and What is inspection-engine? How can we control these tow things from GUI?
Answer
1. inspection-core
The inspection-core is sniffer itself. You can stop inspection-core by "stop inspection-core" CLI command and start it by "start inspection-core" CLI command.
2. inspection-engine
The inspection-engine which can be started by "start inspection-engine" CLI command is for capturing network traffic using SPAN port or Network TAP. Guardium recommends to use S-TAP instead, and you don't need to use this CLI command if you capture DB traffic by S-TAP only. It is used only when you have a clear requirement that you need to use SPAN port or Network TAP. Possible reason is that you're not allowed to install any software on your DB servers.
Note that S-TAP has its own inspection engine settings, which is in guard_tap.ini file in the S-TAP side.
3. Operating inspection-engines from Guardium GUI
You can see a list of inspection-engines from Guardium GUI at Administration Console > Configuration > Inspection Engines. Here is an example screen shot of this page. There is one inspection engine defined, which name is "test_engine1". You can start it by pressing Start button as well as issuing "start inspection-engine 1" CLI command, where 1 is the inspection-engine id that you can check by "show inspection-engines" CLI command.
You can add/delete inspection-engine from this GUI. Define a new inspection-engine in the Add Inspection Engine... section and press Add button to create a new inspection-engine. You can delete it by pressing Delete button.
Note that Inspection Engine Configuration section is effective to inspection-core (e.g. sniffer). All the parameters are applied to the inspection-core (e.g. sniffer), which means it's effective to both inspection-engines for network and S-TAP. If you press "Restart Inspection Engines" button, all the inspection-engines for network as well as inspection-core (e.g. sniffer) will be restarted.
S-TAP inspection-engines can be seen in a different page in Guardium GUI, at Administration Console > Local Taps > S-TAP Control.
You can edit (add/delete) S-TAP inspection-engines by pressing button in the GUI while the S-TAP is running, or directly edit guard_tap.ini file in the S-TAP side.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21691590