About Windows Agent Must Gather V3.0

Guardium Windows Agent Must Gather V3.0 (a.k.a. Windows S-TAP Must Gather) is the latest must gather script, which is released in Guardium V11.5.

It's included in all Guardium Windows agents (GIM, S-TAP, GAM, CAS, FAM monitor, FAM crawler, FDEC for NAS/SP, FAM for NAS/SP) in V11.5, and will be back-ported to all supported versions.

Index

1. What's new in V3.0?
2. S-TAP mode and STANDALONE mode
3. How to run Must Gather V3.0?
4. Must Gather V3.0 command options
5. Where is the output of Must Gather?
6. What files are collected?
7. What if Must Gather doesn't generate output?

NOTE: This blog article covers the section 4. Click links to read other sections.

4. Must Gather V3.0 command options

When you run Must Gather from Windows Command Prompt as Administrator, you can specify one of the following options.

[NOTE] The options are similar to V2.x but the format was changed in V3.0, mainly because the script language has been changed to PowerShell.

• h, help, ? ... Display help (This must be the first parameter)
• v, version ... Display version
• k, keep    ... Keep files in ZIP source directory (Logs folder for S-TAP mode, diag folder for STANDALONE mode
• s, summary ... Create summary.txt only

4.1 Help

When you specify either of h, help, or ?, you will get the command options, without gathering diagnostic files.

C:\Program Files\IBM\Windows S-TAP\Bin>diag.bat help
Guardium Windows Agent Must Gather V3 - PowerShell version
DIAG VERSION V3.0.11 (2022/08/27)

Gather diagnostic information for Guardium Windows Agents (S-TAP, GIM, FAM, CAS and all others)

diag.ps1 [h|v|k|s]

h, help, ? ... Display help (This must be the first parameter)
v, version ... Display version
k, keep    ... Keep files in ZIP source directory (Logs folder for S-TAP mode, diag folder for STANDALONE mode
s, summary ... Create summary.txt only


C:\Program Files\IBM\Windows S-TAP\Bin>

4.2 Version

When you specify v or version, you will get the command version, without gathering diagnostic files.

C:\Program Files\IBM\Windows S-TAP\Bin>diag.bat version
Guardium Windows Agent Must Gather V3 - PowerShell version
DIAG VERSION V3.0.11 (2022/08/27)


C:\Program Files\IBM\Windows S-TAP\Bin>

4.3 Keep

In general, Must Gather gathers many files to one place (i.e. ZIP Source directory) before creating a zip file, and clean up copied files after that. When you specify k or keep, Must Gather will keep all files in ZIP Source directory.

This option is useful when you want to review the files soon after the must gather completed. You don't need to unzip the must gather zip file.

C:\Program Files\IBM\Windows S-TAP\Bin>diag.bat keep
Guardium Windows Agent Must Gather V3 - PowerShell version
DIAG VERSION V3.0.11 (2022/08/27)

KEEP options is enabled.
Running with Administrator role.

Diag Log   : C:\Program Files\IBM\Windows S-TAP\Bin\diag\diag.log
Start Time : 2022-09-05T03:49:16
End Time   : 2022-09-05T03:56:59


Completed! Created a zip file
Folder : "C:\Program Files\IBM\Windows S-TAP\Bin\zipTmp"
Name   : "WSTAP_DBSERVER01_2022-09-05T03-55-52-3365656-04-00.zip"
Size   : 23,000 [KB]

See "C:\Program Files\IBM\Windows S-TAP\Bin\diag\diag.log" for details.

C:\Program Files\IBM\Windows S-TAP\Bin>dir ..\Logs
 Volume in drive C has no label.
 Volume Serial Number is FA7A-AF4A

 Directory of C:\Program Files\IBM\Windows S-TAP\Logs

09/05/2022  03:57 AM    <DIR>          .
09/05/2022  03:57 AM    <DIR>          ..
09/05/2022  03:55 AM        41,943,040 Correlator.ctl
09/05/2022  03:52 AM        41,943,040 CorrelatorDllMSSQLINST1.ctl
09/05/2022  03:55 AM        41,943,040 CorrelatorDllMSSQLSERVER.ctl
09/05/2022  03:51 AM        20,971,520 Db2TAPDllx64.ctl
09/05/2022  03:55 AM        20,971,520 Db2TAPService.ctl
07/29/2022  01:05 AM         2,618,722 DbMonitor.ctl
09/05/2022  03:55 AM    <DIR>          diag
09/05/2022  03:50 AM    <DIR>          FAMCrawler
09/05/2022  03:50 AM    <DIR>          Guardium Agent Monitor
09/05/2022  03:50 AM    <DIR>          Guardium Installation Manager
09/05/2022  03:50 AM    <DIR>          ini
09/05/2022  03:55 AM    <DIR>          install
09/05/2022  03:55 AM        41,943,040 NmpMonitor.ctl
07/29/2022  01:05 AM           136,137 PrcMonitor.ctl
04/17/2022  11:25 PM                 0 snap.wstap.traffic.04_17_2022_21_32_04_573.txt
05/06/2022  03:17 PM                 0 snap.wstap.traffic.05_06_2022_04_32_37_763.txt
05/06/2022  04:34 AM                 0 snap.wstap.traffic.05_06_2022_04_34_11_068.txt
09/05/2022  03:55 AM        41,943,040 Stap.ctl
09/05/2022  03:49 AM        17,381,347 WfpMonitor.ctl
09/05/2022  03:50 AM    <DIR>          Windows Fam Monitor
09/05/2022  03:50 AM           124,616 wtap.dir.txt
09/05/2022  03:55 AM            62,986 ZipSource.dir.txt
              15 File(s)    271,982,048 bytes
               9 Dir(s)  45,574,705,152 bytes free

C:\Program Files\IBM\Windows S-TAP\Bin>

4.4 Summary

When you specify s or summary, Must Gather will create summary.txt with some additional files such as diag.log, and completes without generating a zip file. It may take 30 seconds or 1 minute. It's much faster than gathering full set of diag.

C:\Program Files\IBM\Windows S-TAP\Bin>diag.bat summary
Guardium Windows Agent Must Gather V3 - PowerShell version
DIAG VERSION V3.0.11 (2022/08/27)

SUMMARY ONLY options is enabled.
Running with Administrator role.

Diag Log   : C:\Program Files\IBM\Windows S-TAP\Bin\diag\diag.log
Start Time : 2022-09-05T04:03:47
End Time   : 2022-09-05T04:04:38

Summary Only option is enabled. Created summary.txt at "C:\Program Files\IBM\Windows S-TAP\Bin\diag\". Exiting the script.

C:\Program Files\IBM\Windows S-TAP\Bin>

What's next?