Troubleshooting
Problem
Note: Only applies if Guardium Resource Monitor service is used and is running prior to any S-TAP restarts.
Following a restart, Windows S-TAP service becomes inactive/stops (shows as red status on S-TAP control page/shows status as 'stopped' on Services page on Windows) a few seconds after starting up.
Cause
Guardium Resource Monitor Service (resmon) is designed to monitor the S-TAP agent performance and take actions when defined thresholds are crossed. It is highly configurable based on the needs of each server. For full details see - Monitoring with Guardium Agent Monitor
This problem can be caused due to the default value of NAMEDPIPE_INTERVAL parameter:
NAMEDPIPE_INTERVAL: The interval, in seconds, at which the S-TAP agent is pinged to verify responsiveness. Set to "0" to disable
In some cases it has been found that the S-TAP takes longer than usual to connect to Guardium Named Pipe driver. Resmon checks if this connection has been made with a default timeout period of 30 seconds. If connection is not made within this time, the default resmon configuration results in the S-TAP service being stopped.
Diagnosing The Problem
Note that resmon may stop the S-TAP for other reasons depending on its configuration (e.g. high CPU usage). Use these steps to confirm named pipes driver connection is the problem.
1. Guardium Resource Monitor Service is running
2. Restart Guardium S-TAP Service
3. After a short time the S-TAP Service has stopped
4. Stap.ctl log (<Guardium install dir>\Windows S-TAP\Log\Stap.ctl) shows a normal shutdown of the S-TAP "Shutdown: The STAP service version <version> has stopped"
5. Resource monitor log (<Guardium install dir>\Guardium Agent Monitor\Bin\resmon_log.txt) shows a message before S-TAP stop like "Info : namedPipe: no heart beat to the service"
Resolving The Problem
NAMEDPIPE_INTERVAL can be increased to avoid this problem. In general, all resmon parameters should be carefully checked and tuned on each system where resmon is in use.
1. Open the configuration file for the resmon service - <Guardium install dir>\Guardium Agent Monitor\Bin\resmon.ini
2. Increase the NAMEDPIPE_INTERVAL parameter up to 90 (seconds)
If increasing to 90 does not resolve the problem, log a ticket with IBM Support. Attach Windows S-TAP diag and details from your investigation based on this technote.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"v10.5, v10.6","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
04 April 2019
UID
ibm10879611