IBM Security Guardium

  • 1.  STAP issue for 4.18.0-305.19.1.el8_4.x86_64 - RHEL -8.4

    Posted Thu October 07, 2021 07:54 AM
    HI Everyone,

    One of the Redhat Servers(8.4) running with Mysql-8.0. installed GIM & STAP agents. GIM is communicating with properly and STAP shows synchronizing in STAP status tab:

    Kernel: 4.18.0-305.19.1.el8_4.x86_64 - not listed in KTAP_11.3_List.csv in neither Exact or flexi

    Below are the error messages getting in STAP logs:
    • "MSG(311) MODULE(1) SEV(3) COUNT(1) ktap module not loaded for kernel: 4.18.0-305.19.1.el8_4.x86_64"
    • MSG(814) MODULE(1) SEV(6) COUNT(1) CONF_ERROR: Can not initialize PCAP, no data will be captured
    • MSG(826) MODULE(1) SEV(4) COUNT(1) There is a configuration error, please check SOFTWARE_TAP_EVENT table/STAP log for CONF_ERROR event_type/message
    • MSG(819) MODULE(1) SEV(6) COUNT(1) CONF_ERROR: IPC reader failed to initialize Opening pseudo device /dev/guard_ktap No such file or directory,will check if ktap is loaded every 15 minutes, ktap_install is set to 0, no data will be captured from KTAP
    -------------------------------------
    Kindly suggest the solution for this. Very urgent for me.

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: STAP issue for 4.18.0-305.19.1.el8_4.x86_64 - RHEL -8.4

    IBM Select
    Posted Fri October 08, 2021 10:26 AM
    Try this -- Three steps. Disable KTAP and STAP; Install; Enable KTAP; Install; Enable STAP; Install.
    Go to Collector and check status of STAP.  Should now show Active.
    Here is first of the three steps.  

    Log into GIM, select server, make sure GIM is green.

    Go to Setup by Client, select server.

    STEP 1:
    Go to next window (Bundles).
    Select STAP (latest Bundle).

    Click Next which takes you to Set up Parameters.
    Uncheck Enable_KTAP and Enable_STAP.

    Click Next, Make sure KTAP and STAP Enable are set to zero.

    Click Install. 

    Go to Bundles Window so you can watch the status.  Should say "Updating Parameters.
    Wait until Complete

    Do STEPS 2 and 3 like this but first enabling and installing KTAP, then enabling and installing STAP.

    ------------------------------
    Henry Stinson, Bank of America ADS Tools Team.
    ------------------------------



  • 3.  RE: STAP issue for 4.18.0-305.19.1.el8_4.x86_64 - RHEL -8.4

    Posted 13 days ago
    Hi Panendar,

    From the log, we could see ktap is not loaded. Did you install STAP with flex loading? If not, it is suggested to
    install the latest v11.3 STAP (Guardium_KTAP_11.3_rhel-8-linux-x86-64_r110195_2021-10-28) using flex loading, here's the reference link of flex loading:

    https://www.ibm.com/support/pages/stap-flex-loading-instructions-gim-and-non-gim-environments

    Thanks.



    ------------------------------
    Zimeng Zhang
    ------------------------------



  • 4.  RE: STAP issue for 4.18.0-305.19.1.el8_4.x86_64 - RHEL -8.4

    IBM Select
    Posted 13 days ago

    If doesn't work, run through the steps below again, first setting KTAP_ENABLE and STAP_ENABLE = 0.

     

    You may need to set STAP_USE_TLS = 1 as a final step.

    Also, in some cases, I find I need to first set KTAP_ALLOW_MODULE_COMBOS = Y

     

    Finally, open a case with IBM Guardium Support if none of that works.  I'm fortunate in that I have some Guardium experts

    in-house that I can ask for help if I get stuck.  I'm not at expert level yet, but this is one of my regular tasks – fixing inactive or synchronizing STAPs.

     

    Henry Stinson

    Application & Database Services (ADS) | Tools Management

    Bank of America

    TX2-984-01-05, 2380 Performance Dr., Richardson, TX 75082

    T 817-937-0840 | M 817-737-0840

    henry.stinson@bofa.com

     


    This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.