IBM Security Guardium

 View Only
Expand all | Collapse all

Guardium CM - Search Dashboard Not Working

  • 1.  Guardium CM - Search Dashboard Not Working

    Posted Thu March 19, 2020 09:00 AM

    Hi All,

    We have Guardium Appliance (1 CM and 1 Collector). I will share the hardware details with you. 

    We have enabled quick search on CM and COL, however quick search dashboard only works on COL. Data is coming. But there is no data on CM. What is the reason of this? Can you help me?

    System Config;


    Quick Search from CM;

    Quick Search from COL;


    I also have another problem with CM. I create the audit process report with daily frequency. But my first report is not deleted, I checked and examined it, but still nothing has changed. New reports come every day, they are deleted, but the first report was never deleted.


    Thanks for your time!


    ------------------------------
    Regards,

    Fırat Bişkin
    System Security Specialist
    IBM Global Technology Services
    ------------------------------


  • 2.  RE: Guardium CM - Search Dashboard Not Working

    Posted Fri March 20, 2020 05:33 AM
    Hello Firat,

    What command line did you use when enabling quick search + from which system?

    For my part I issued the following command line on the Central Manager ONLY:

    grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE all=true includeViolations=true

    Also make sure you are using Distributed Search

    ------------------------------
    Sylvain Randier
    ------------------------------

    Original Message


  • 3.  RE: Guardium CM - Search Dashboard Not Working

    Posted Fri March 20, 2020 05:42 AM
    Hi Sylvain,

    Thanks for reply. 
    Yes, I used this command on both CM and COL. Should I just open it in CM?

    ------------------------------
    Regards,

    Fırat Bişkin
    System Security Specialist
    IBM Global Technology Services
    ------------------------------

    Original Message


  • 4.  RE: Guardium CM - Search Dashboard Not Working

    Posted Fri March 20, 2020 06:37 AM
    I ran it on the CM only, so not sure how it would behave if run on both CM and COL. You may try running the disable_quick_search  command on each unit, and then the following command on the CM only. But I am not sure that this would resolve your issue.
    grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE all=true includeViolations=true

    ------------------------------
    Sylvain Randier
    ------------------------------

    Original Message


  • 5.  RE: Guardium CM - Search Dashboard Not Working

    Posted Fri March 20, 2020 01:31 PM
    Did you open the firewall for the relevant port? The right way to enable it is to run the grdapi enable quick_search... from the CM and set it to enable for the whole cluster .

    Can you try the steps in the Help , look for "Troubleshooting the investigation dashboard and enterprise search" .
    Anyway, Rosa will try to help you, please let me know if it doesn't help.



    ------------------------------
    ODED SOFER
    ------------------------------

    Original Message


  • 6.  RE: Guardium CM - Search Dashboard Not Working

    Posted Fri March 20, 2020 07:46 AM
    Hi Sylvain,

    I tried but it's still the same.

    Thank you.

    ------------------------------
    Regards,

    Fırat Bişkin
    System Security Specialist
    IBM Global Technology Services
    ------------------------------

    Original Message


  • 7.  RE: Guardium CM - Search Dashboard Not Working

    Posted Sat March 21, 2020 04:50 AM

    I assume that your system is test one, because there is no need to setup CM with one collector.

    Here my suggestions:

    1 - network issues - check connectivity used by quick search, ports 8983, 9983

    2 - solr issues - execute these commands from cli:

    • grdapi restart_solr - collector and CM
    • grdapi refresh_quick_search_groups - collector only
    3 - resource issues - setup minimum 32 GB RAM and 8 cores for your appliances

    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Warsaw
    ------------------------------

    Original Message


  • 8.  RE: Guardium CM - Search Dashboard Not Working

    Posted Mon March 23, 2020 09:08 AM
    Hi Firat,
    let's start with configuring your system correctly:
    1. disable quick search on MU
    grdapi disable_quick_search
    2. disable quick search on CM
    grdapi disable_quick_search all=true
    3. enable quick search on CM
    grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE includeViolations=true all=true

    Please let us know if it solved the issue.

    Thanks,
    Rosa

    ------------------------------
    Rosa Miroshnikov
    ------------------------------

    Original Message


  • 9.  RE: Guardium CM - Search Dashboard Not Working

    Posted Mon March 23, 2020 09:16 AM
    Hello Firat,
    let's start from configuring your system correctly:
    1. disable quick search on MU
    grdapi disable_quick_search
    2. disable quick search on CM
    grdapi disable_quick_search all=true
    3. enable quick search on CM
    grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE includeViolations=true all=true

    Please let us now if it solved your issue.

    Regarding your Audit Process issue, do you mean the item is not deleted from TODO list?

    Could you please explain what exactly did you do?
    Did you modified the predefined Appliance Monitoring Audit process?

    Thanks,
    Rosa

    ------------------------------
    Rosa Miroshnikov
    ------------------------------

    Original Message


  • 10.  RE: Guardium CM - Search Dashboard Not Working
    Best Answer

    Posted Sat March 21, 2020 05:46 AM
    Hello

    The CM and the collector communicate using the full name resolution request and not the IP address. If your DNS server does not already contain this information, I suggest you add the following two commands on each appliance :

    support store hosts <IP_CM> <fully_qualified_domain_name_CM>
    support store hosts <IP_coll> <fully_qualified_domain_name_coll>

    Attention : the two lines on the collector and the CM


    Sincerely

    ------------------------------
    Mohamed AFEILAL
    ------------------------------

    Original Message


  • 11.  RE: Guardium CM - Search Dashboard Not Working

    Posted Mon March 23, 2020 06:49 AM
    Many thanks to everyone who responded.

    I solved the problem exactly with the Mohamed AFEILAL commands. Yes, the problem was from DNS. I entered an unreal Domain because this is a test system. It is working now.

    Thanks to everyone

    ------------------------------
    Regards,

    Fırat Bişkin
    System Security Specialist
    IBM Global Technology Services
    ------------------------------

    Original Message


  • 12.  RE: Guardium CM - Search Dashboard Not Working

    Posted Sat March 21, 2020 06:08 AM
    Hello

    A little remarke, Investigation Dashboard works on the CM and on the collector without any problem

    Command to be executed at CM (or collector) level

    grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE includeViolations=true all=true

    You need the minimum capacity required: 24 GB RAM and 4 core

    On the collector, you can see the details of the SQL command, if it is activated, which you can't see on the CM. That's the only difference

    Sincerely

    ------------------------------
    Mohamed AFEILAL
    ------------------------------

    Original Message


  • 13.  RE: Guardium CM - Search Dashboard Not Working

    Posted Mon March 23, 2020 09:08 AM
    Hello Firat,
    regarding your Audit Process issue, do you mean the item is not deleted from TODO list?

    Could you please explain what exactly did you do?
    Did you modified the predefined Appliance Monitoring Audit process?

    Thanks,
    Rosa

    ------------------------------
    Rosa Miroshnikov
    ------------------------------

    Original Message