IBM Guardium

View Only

STAP agent logs a lot of warning about the connections to collectors

Giuseppe D'Aponte posted Thu March 20, 2025 07:54 AM

Hello,

I recently came across an issue with a RHEL 7 DB server, on which the Guardium STAP agent keeps logging a lot of warning messages:

2025.03.14 16:21:29 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Primary Non-TLS main connection established with: 172.XX.XX.CC
2025.03.14 16:21:29 STAP_DAM INFO 238: sqlguard_manager.cc(514): connected to primary server 172.XX.XX.CC
2025.03.14 16:21:29 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Secondary Non-TLS main connection established with: 172.XX.XX.BB
2025.03.14 16:21:29 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Secondary Non-TLS main connection established with: 172.XX.XX.AA
2025.03.14 16:55:21 STAP_DAM WARNING 233: sqlguard_manager.cc(276): disconnected from primary server 172.XX.XX.CC
2025.03.14 16:55:21 STAP_DAM WARNING 234: sqlguard_manager.cc(277): disconnected from primary server 172.XX.XX.CC
2025.03.14 16:55:21 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.CC not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 16:55:21 STAP_DAM WARNING 235: sqlguard_manager.cc(279): disconnected from secondary server 172.XX.XX.BB
2025.03.14 16:55:21 STAP_DAM WARNING 236: sqlguard_manager.cc(280): disconnected from secondary server 172.XX.XX.BB
2025.03.14 16:55:21 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.BB not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 16:55:21 STAP_DAM WARNING 235: sqlguard_manager.cc(279): disconnected from secondary server 172.XX.XX.AA
2025.03.14 16:55:21 STAP_DAM WARNING 236: sqlguard_manager.cc(280): disconnected from secondary server 172.XX.XX.AA
2025.03.14 16:55:21 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.AA not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 16:55:21 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Primary Non-TLS main connection established with: 172.XX.XX.CC
2025.03.14 16:55:21 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Secondary Non-TLS main connection established with: 172.XX.XX.BB
2025.03.14 16:55:21 STAP_DAM INFO 238: sqlguard_manager.cc(514): connected to primary server 172.XX.XX.CC
2025.03.14 16:55:21 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Secondary Non-TLS main connection established with: 172.XX.XX.AA
2025.03.14 17:38:21 STAP_DAM WARNING 233: sqlguard_manager.cc(276): disconnected from primary server 172.XX.XX.CC
2025.03.14 17:38:21 STAP_DAM WARNING 234: sqlguard_manager.cc(277): disconnected from primary server 172.XX.XX.CC
2025.03.14 17:38:21 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.CC not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 17:38:21 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Primary Non-TLS main connection established with: 172.XX.XX.CC
2025.03.14 17:38:22 STAP_DAM INFO 238: sqlguard_manager.cc(514): connected to primary server 172.XX.XX.CC
2025.03.14 17:54:21 STAP_DAM WARNING 233: sqlguard_manager.cc(276): disconnected from primary server 172.XX.XX.CC
2025.03.14 17:54:21 STAP_DAM WARNING 234: sqlguard_manager.cc(277): disconnected from primary server 172.XX.XX.CC
2025.03.14 17:54:21 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.CC not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 17:54:21 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Primary Non-TLS main connection established with: 172.XX.XX.CC
2025.03.14 17:54:22 STAP_DAM INFO 238: sqlguard_manager.cc(514): connected to primary server 172.XX.XX.CC
2025.03.14 18:20:20 STAP_DAM WARNING 233: sqlguard_manager.cc(276): disconnected from primary server 172.XX.XX.CC
2025.03.14 18:20:20 STAP_DAM WARNING 234: sqlguard_manager.cc(277): disconnected from primary server 172.XX.XX.CC
2025.03.14 18:20:20 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.CC not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 18:20:20 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Primary Non-TLS main connection established with: 172.XX.XX.CC
2025.03.14 18:20:21 STAP_DAM INFO 238: sqlguard_manager.cc(514): connected to primary server 172.XX.XX.CC
2025.03.14 18:36:20 STAP_DAM WARNING 235: sqlguard_manager.cc(279): disconnected from secondary server 172.XX.XX.AA
2025.03.14 18:36:20 STAP_DAM WARNING 236: sqlguard_manager.cc(280): disconnected from secondary server 172.XX.XX.AA
2025.03.14 18:36:20 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.AA not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 18:36:20 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Secondary Non-TLS main connection established with: 172.XX.XX.AA
2025.03.14 19:01:21 STAP_DAM WARNING 233: sqlguard_manager.cc(276): disconnected from primary server 172.XX.XX.CC
2025.03.14 19:01:21 STAP_DAM WARNING 234: sqlguard_manager.cc(277): disconnected from primary server 172.XX.XX.CC
2025.03.14 19:01:21 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.CC not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 19:01:21 STAP_DAM WARNING 235: sqlguard_manager.cc(279): disconnected from secondary server 172.XX.XX.BB
2025.03.14 19:01:21 STAP_DAM WARNING 236: sqlguard_manager.cc(280): disconnected from secondary server 172.XX.XX.BB
2025.03.14 19:01:21 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.BB not heard from for 10 sec this attempt (10 sec total), re-opening
2025.03.14 19:01:21 STAP_DAM WARNING 237: sqlguard_manager.cc(315): server 172.XX.XX.AA not heard from for 20 sec this attempt (30 sec total), re-opening
2025.03.14 19:01:21 STAP_DAM WARNING 203: sqlguard_data_connection.cc(1929): Primary Non-TLS main connection established with: 172.XX.XX.CC

It doesn't seem to affect the tracing, but clearly something is wrong.

The agent is configured to send the logs to a primary collector, than there are two more collectors for failover (no load-balancing).

We have other DB servers with no issue, with the same OS version and STAP agent in the same network area.

Any idea on what can cause these warnings?

Thanks

Sachin Marawar posted Fri March 21, 2025 03:11 AM

What is the version of the S-TAP?

Even though other OS isn't encountering any issue yet, if you are using older version of S-TAP, most possibly you are hitting a known issue.
If there is a connectivity issue between collector and S-TAP Agent (DB server) then the S-TAP might fluctuate green/red in S-TAP Control GUI screen on collector.

DAM feature might not seem affected but actually you might be loosing traffic packets. Check any session reports of your choice that shows connection profile parameters. If DB user like fields are missing then - that is the impact.

IBM Guardium

STAP agent logs a lot of warning about the connections to collectors

Additional
Resources

Office

Quick Links

IBM Guardium

STAP agent logs a lot of warning about the connections to collectors

Related Content

How to make secondary CM as Primary CM.

Guardiu Session level Policy - Warning

Warning: review health check log file

Guardium Windows Must Gather V3.0 - Part 4 - Must Gather V3.0 command options

Join us at Guardium Data Security User Group at TechXchange 2024 in Las Vegas!

Additional Resources

Office

Quick Links

Additional
Resources