IBM Security Guardium

 View Only

Overview of Windows S-TAP Must Gather V2

By SATOSHI KAWASE posted Wed June 17, 2020 09:20 AM


Windows S-TAP Must Gather (diag.bat) is a troubleshooting utility that gathers Windows S-TAP logs and configurations as well as the Windows system configurations. This utility has huge improvements in V2, and it's released in Guardium V11.2.

Key Concepts of the Windows S-TAP Must Gather Improvements

1. Rich Content

New Windows S-TAP Must Gather gathers much more logs and configuration files. It's not just from Windows S-TAP and GIM, but also from other Guardium Agents for Windows such as File Activity Monitor (FAM), Guardium Agent Monitor (GAM), Configuration Auditing System (CAS), etc.

It also gathers more information from Windows registry and some other Windows repositories using Windows commands.

2. Easy to read

Legacy Windows S-TAP Must Gather output files such as tasks.txt, system.txt, reg.exe etc are a set of Windows Commands output, but it doesn't include each command itself. New Windows S-TAP Must Gather provides each command followed by the command output, so it's easier for engineers to read the must gather files.

3. Traceable when diag.bat doesn't work

New Windows S-TAP Must Gather provides diag.log, which reports details about the diag.bat script executions and the results. If there is any issue in running the script, we can look at the diag.log file and know the reason of the script failure.

How to Use New Windows S-TAP Must Gather?

Nothing is changed in the usage of the script. You can use it as you're using before.

Run from Windows Start Menu

You can run Windows S-TAP Must Gather script (diag.bat) from Windows Start Menu > IBM Windows S-TAP > Run Diagnostics. The script will generate a zip file under %WINSTAP%\Bin\zipTmp directory, where %WINSTAP% is the Windows S-TAP installed directory (the default is C:\Program Files\IBM\Windows S-TAP), and send it to the collector.


Another way of running the script in DB server is to open a Windows Command Prompt as Administrator and run %WINSTAP%\bin\diag.bat. The result will be the same.

Run from Guardium GUI

You can also run Windows S-TAP Must Gather from Guardium GUI.

  1. Logon to the GUIManage > Activity Monitoring > S-TAP Control.
  2. Press Send Command button on the target DB Server
  3. Select STAP Logging in Command field
  4. Make sure to check Run Diagnostics checkbox and then press the Apply button.


The result will be the same as you did in Windows Command Prompt on the DB server. You'll find the output zip file in the DB server and it'll also be sent to the collector. You can see the file from the GUIManage > Maintenance > Support Information Results.

The content of the zip file generated by New Windows S-TAP Must Gather in Guardium V11.2 is much richer than before.

My next blog post will show details about the contents in the Must Gather zip file. See you soon!