IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  S-Tap logs storage

    Posted Fri April 28, 2023 03:18 AM

    Hi Everyone,

    If any Collector becomes down and no failover configured for S-Tap. It will not be able to send logs to Guardium Collector.
    Please help me with the below questions.

    Will S-Tap stores logs for sometime in the local Server?
    If it is so, how much time can it store?
    Is there any S-Tap parameter to add for storing logs locally?

    Thanks,
    Panendar Rao.C



    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: S-Tap logs storage

    Posted Fri April 28, 2023 09:08 AM

    Good morning,
    The STAP buffer size, by default, is 50MB. You can increase it but that won't really help.
    If the primary is down with no secondary, you will not get the records.
    That is the beauty of Guardium so you don't fill a database audit trail or operating system file systems.
    So, for Production, you really should have a failover collector if you need to capture all of the traffic.
    Hope this helps.
    Jennifer



    ------------------------------
    Jennifer Dodson
    Data Protection Managed Services
    Converge Technology Solutions Corp.
    Formerly Information Insights LLC
    _____________
    m: 469.502.8850
    convergetp.com | Jennifer.Dodson@convergetp.com
    ------------------------------

    Original Message


  • 3.  RE: S-Tap logs storage

    Posted Tue May 02, 2023 02:23 AM

    Hi Jennifer,

    Thanks for your answer.
    Is there any document? so that we can give it for customers.

    Thanks,
    Panendar Rao.C



    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------

    Original Message


  • 4.  RE: S-Tap logs storage

    Posted Thu May 04, 2023 12:45 PM

    Panendar,
    Here are some links that might help fill in the blanks. I don't know which OS you are speaking about so I will give you several links that will get you close. 
    https://www.ibm.com/docs/en/guardium/11.5?topic=performance-windows-log-debug-files
    Configuring S-TAP in the S-TAP Control page - IBM Documentation
    S-TAP Control: Details - IBM Documentation
    Editing the protocol 7 S-TAP configuration parameters - IBM Documentation
    Protocol 7 General parameters - IBM Documentation

    The old redbook sums it up by saying that there is an interruption in monitoring where there is no failover collector for the STAP.
    https://www.redbooks.ibm.com/redbooks/pdfs/sg248129.pdf  (page 32).

    If you have another collector, you can make it a secondary, otherwise, you won't get the records.
    Jennifer



    ------------------------------
    Jennifer Dodson
    Data Protection Managed Services
    Converge Technology Solutions Corp.
    Formerly Information Insights LLC
    _____________
    m: 469.502.8850
    convergetp.com | Jennifer.Dodson@convergetp.com
    ------------------------------

    Original Message


Related Content