Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

Hi Igor, 
1. What is your operating system? 
2. You have special parameters to be configured for DB2. Look here - https://www.ibm.com/support/knowledgecenter/SSMPHH_11.0.0/com.ibm.guardium.doc.stap/stap/r_stapparmsu_ie.html

------------------------------
Sincerely,
Alexey Saltovski
Tech Department Manager
Tangram-Soft LTD
Israel

IBM Champion
------------------------------

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

Hi Alexey.
Operating system: Red Hat Enterprise Linux 6.10 64 bit
Inspection engine was created and all those DB2 related parameters mentioned in the article you sent had been set before but it didn't help. We still don't see any information in the report.

------------------------------
Igor Volkov
------------------------------

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

Do you use KTAP or DB EXIT?

DB Exit should be preferred.

I think that encryption is always on in case of DB2 so in case of KTAP configuration you must also implement ATAP

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Międzyrzecz
------------------------------

Original Message:
Sent: Thu December 03, 2020 02:29 AM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hi Alexey.
Operating system: Red Hat Enterprise Linux 6.10 64 bit
Inspection engine was created and all those DB2 related parameters mentioned in the article you sent had been set before but it didn't help. We still don't see any information in the report.

------------------------------
Igor Volkov

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

I installed S-TAP with KTAP enabled. Do we need to disable KTAP if we decide to use EXIT?

------------------------------
Igor Volkov
------------------------------

Original Message:
Sent: Thu December 03, 2020 02:33 AM
From: Zbigniew (Zibi) Szmigiero
Subject: issue with capturing DB2 traffic

Do you use KTAP or DB EXIT?

DB Exit should be preferred.

I think that encryption is always on in case of DB2 so in case of KTAP configuration you must also implement ATAP

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Międzyrzecz

Original Message:
Sent: Thu December 03, 2020 02:29 AM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hi Alexey.
Operating system: Red Hat Enterprise Linux 6.10 64 bit
Inspection engine was created and all those DB2 related parameters mentioned in the article you sent had been set before but it didn't help. We still don't see any information in the report.

------------------------------
Igor Volkov

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

Correct, KTAP should be disabled.

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Międzyrzecz
------------------------------

Original Message:
Sent: Thu December 03, 2020 02:39 AM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

I installed S-TAP with KTAP enabled. Do we need to disable KTAP if we decide to use EXIT?

------------------------------
Igor Volkov

Original Message:
Sent: Thu December 03, 2020 02:33 AM
From: Zbigniew (Zibi) Szmigiero
Subject: issue with capturing DB2 traffic

Do you use KTAP or DB EXIT?

DB Exit should be preferred.

I think that encryption is always on in case of DB2 so in case of KTAP configuration you must also implement ATAP

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Międzyrzecz

Original Message:
Sent: Thu December 03, 2020 02:29 AM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hi Alexey.
Operating system: Red Hat Enterprise Linux 6.10 64 bit
Inspection engine was created and all those DB2 related parameters mentioned in the article you sent had been set before but it didn't help. We still don't see any information in the report.

------------------------------
Igor Volkov

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

Hi,

Correct me if I'm wrong, for using DB2 Exit or Informix Exit, it was somehow depend on DB audit trails or the configuration is managed by DBA?

------------------------------
TS Teh
------------------------------

Original Message:
Sent: Thu December 03, 2020 02:33 AM
From: Zbigniew (Zibi) Szmigiero
Subject: issue with capturing DB2 traffic

Do you use KTAP or DB EXIT?

DB Exit should be preferred.

I think that encryption is always on in case of DB2 so in case of KTAP configuration you must also implement ATAP

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Międzyrzecz

Original Message:
Sent: Thu December 03, 2020 02:29 AM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hi Alexey.
Operating system: Red Hat Enterprise Linux 6.10 64 bit
Inspection engine was created and all those DB2 related parameters mentioned in the article you sent had been set before but it didn't help. We still don't see any information in the report.

------------------------------
Igor Volkov

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

No, DB2 Exit does not rely on native audit logs. It works like the STAP.

https://www.ibm.com/support/knowledgecenter/SSMPHH_11.0.0/com.ibm.guardium.doc.stap/stap/db2_stap_integrate.html

------------------------------
Jody Hair
Data Security Architect
Sirius Computer Solutions
Crystal Beach FL
------------------------------

Original Message:
Sent: Thu December 03, 2020 08:11 AM
From: TS Teh
Subject: issue with capturing DB2 traffic

Hi,

Correct me if I'm wrong, for using DB2 Exit or Informix Exit, it was somehow depend on DB audit trails or the configuration is managed by DBA?

------------------------------
TS Teh

Original Message:
Sent: Thu December 03, 2020 02:33 AM
From: Zbigniew (Zibi) Szmigiero
Subject: issue with capturing DB2 traffic

Do you use KTAP or DB EXIT?

DB Exit should be preferred.

I think that encryption is always on in case of DB2 so in case of KTAP configuration you must also implement ATAP

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Międzyrzecz

Original Message:
Sent: Thu December 03, 2020 02:29 AM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hi Alexey.
Operating system: Red Hat Enterprise Linux 6.10 64 bit
Inspection engine was created and all those DB2 related parameters mentioned in the article you sent had been set before but it didn't help. We still don't see any information in the report.

------------------------------
Igor Volkov

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

Hi Igor,
A few clarifying questions:
1. Can you see the database connection (session profile) in the standard Connection Profiles List report? That will at least tell you the S-TAP is seeing traffic and rule out if the policy is the issue.
2. Is this a local (ssh) connection to the database or remote using some other tool?

Back in the day, if I remember correctly, you needed the ATAP for DB2+RHEL regardless of encryption.  Things are better these days with the DB2 Exit (no more Db2 memory size calculations, etc.).  You might try configuring the DB2 Exit (just a quick db restart required) and see if it helps?

Here's the link: https://www.ibm.com/support/knowledgecenter/SSMPHH_11.2.0/com.ibm.guardium.doc.stap/stap/db2_stap_integrate.html

Ibm		remove preview
View this on Ibm >

Hope this helps, let us know!
Matt

------------------------------
Matt Simons
matthew.simons@infoinsightsllc.com
------------------------------

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

The Connection Profiles List report was empty. This was a local connection via ssh but Guardium S-TAP didn't see DB2 traffic. Guardium collector succeeded to sess DB2 traffic only after configuring ATAP/EXIT. It's strange, what is so specific with DB2 local traffic, is it encrypted by default? I didn't configure any encryption on DB2 side. It seems like IBM plans to replace ATAP for DB2 with EXIT soon and move ATAP for DB2 to deprecated state.

Matching module found - db2 is supported by /usr/lib64/libguard-atap-db2-any
Instance db2inst1/db2inst1 is not active
Installing library /usr/lib64/libguard-atap-db2-any-64.so in /usr/lib
Creating permissions
ATAP for DB2 will be deprecated soon and replaced with DB2 EXIT.
Set 723 bytes for 'executor/env' in file '/home/db2inst1/sqllib/adm/db2sysc-guard-executor'

------------------------------
Igor Volkov
------------------------------

Original Message:
Sent: Thu December 03, 2020 08:46 AM
From: Matt Simons
Subject: issue with capturing DB2 traffic

Hi Igor,
A few clarifying questions:
1. Can you see the database connection (session profile) in the standard Connection Profiles List report? That will at least tell you the S-TAP is seeing traffic and rule out if the policy is the issue.
2. Is this a local (ssh) connection to the database or remote using some other tool?

Back in the day, if I remember correctly, you needed the ATAP for DB2+RHEL regardless of encryption.  Things are better these days with the DB2 Exit (no more Db2 memory size calculations, etc.).  You might try configuring the DB2 Exit (just a quick db restart required) and see if it helps?

Here's the link: https://www.ibm.com/support/knowledgecenter/SSMPHH_11.2.0/com.ibm.guardium.doc.stap/stap/db2_stap_integrate.html

Ibm		remove preview
View this on Ibm >

Hope this helps, let us know!
Matt

------------------------------
Matt Simons
matthew.simons@infoinsightsllc.com

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

Hi Igor,
Yes, without either ATAP OR Exit you're not going to capture local traffic for RHEL+DB2.  DB2 Exit is the preferred method and is easier to deploy and maintain/upgrade than the ATAP.

Try to configure the DB2 Exit and let us know if it helps!

Matt

------------------------------
Matt Simons
matthew.simons@infoinsightsllc.com
------------------------------

Original Message:
Sent: Mon December 07, 2020 09:32 AM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

The Connection Profiles List report was empty. This was a local connection via ssh but Guardium S-TAP didn't see DB2 traffic. Guardium collector succeeded to sess DB2 traffic only after configuring ATAP/EXIT. It's strange, what is so specific with DB2 local traffic, is it encrypted by default? I didn't configure any encryption on DB2 side. It seems like IBM plans to replace ATAP for DB2 with EXIT soon and move ATAP for DB2 to deprecated state.

Matching module found - db2 is supported by /usr/lib64/libguard-atap-db2-any
Instance db2inst1/db2inst1 is not active
Installing library /usr/lib64/libguard-atap-db2-any-64.so in /usr/lib
Creating permissions
ATAP for DB2 will be deprecated soon and replaced with DB2 EXIT.
Set 723 bytes for 'executor/env' in file '/home/db2inst1/sqllib/adm/db2sysc-guard-executor'

------------------------------
Igor Volkov

Original Message:
Sent: Thu December 03, 2020 08:46 AM
From: Matt Simons
Subject: issue with capturing DB2 traffic

Hi Igor,
A few clarifying questions:
1. Can you see the database connection (session profile) in the standard Connection Profiles List report? That will at least tell you the S-TAP is seeing traffic and rule out if the policy is the issue.
2. Is this a local (ssh) connection to the database or remote using some other tool?

Back in the day, if I remember correctly, you needed the ATAP for DB2+RHEL regardless of encryption.  Things are better these days with the DB2 Exit (no more Db2 memory size calculations, etc.).  You might try configuring the DB2 Exit (just a quick db restart required) and see if it helps?

Here's the link: https://www.ibm.com/support/knowledgecenter/SSMPHH_11.2.0/com.ibm.guardium.doc.stap/stap/db2_stap_integrate.html

Ibm		remove preview
View this on Ibm >

Hope this helps, let us know!
Matt

------------------------------
Matt Simons
matthew.simons@infoinsightsllc.com

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------

After configuring EXIT mechanism Guardium started to see DB2 traffic. This issue has been solved.

------------------------------
Igor Volkov
------------------------------

Original Message:
Sent: Mon December 07, 2020 05:50 PM
From: Matt Simons
Subject: issue with capturing DB2 traffic

Hi Igor,
Yes, without either ATAP OR Exit you're not going to capture local traffic for RHEL+DB2.  DB2 Exit is the preferred method and is easier to deploy and maintain/upgrade than the ATAP.

Try to configure the DB2 Exit and let us know if it helps!

Matt

------------------------------
Matt Simons
matthew.simons@infoinsightsllc.com

Original Message:
Sent: Mon December 07, 2020 09:32 AM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

The Connection Profiles List report was empty. This was a local connection via ssh but Guardium S-TAP didn't see DB2 traffic. Guardium collector succeeded to sess DB2 traffic only after configuring ATAP/EXIT. It's strange, what is so specific with DB2 local traffic, is it encrypted by default? I didn't configure any encryption on DB2 side. It seems like IBM plans to replace ATAP for DB2 with EXIT soon and move ATAP for DB2 to deprecated state.

Matching module found - db2 is supported by /usr/lib64/libguard-atap-db2-any
Instance db2inst1/db2inst1 is not active
Installing library /usr/lib64/libguard-atap-db2-any-64.so in /usr/lib
Creating permissions
ATAP for DB2 will be deprecated soon and replaced with DB2 EXIT.
Set 723 bytes for 'executor/env' in file '/home/db2inst1/sqllib/adm/db2sysc-guard-executor'

------------------------------
Igor Volkov

Original Message:
Sent: Thu December 03, 2020 08:46 AM
From: Matt Simons
Subject: issue with capturing DB2 traffic

Hi Igor,
A few clarifying questions:
1. Can you see the database connection (session profile) in the standard Connection Profiles List report? That will at least tell you the S-TAP is seeing traffic and rule out if the policy is the issue.
2. Is this a local (ssh) connection to the database or remote using some other tool?

Back in the day, if I remember correctly, you needed the ATAP for DB2+RHEL regardless of encryption.  Things are better these days with the DB2 Exit (no more Db2 memory size calculations, etc.).  You might try configuring the DB2 Exit (just a quick db restart required) and see if it helps?

Here's the link: https://www.ibm.com/support/knowledgecenter/SSMPHH_11.2.0/com.ibm.guardium.doc.stap/stap/db2_stap_integrate.html

Ibm		remove preview
View this on Ibm >

Hope this helps, let us know!
Matt

------------------------------
Matt Simons
matthew.simons@infoinsightsllc.com

Original Message:
Sent: Wed December 02, 2020 01:07 PM
From: Igor Volkov
Subject: issue with capturing DB2 traffic

Hello.
I have installed DB2 10.5 (no ecnryption used) on RHEL 6 and then GIM+S-TAP 11.2
When I run db2 'select * from some_table' and other queries that match installed Security policy I don't see any information about that in reports. Inspection engine is configured correctly. Guarium database isn't full. I did the same thing in Oracle and all information is shown in reports. 
Are there any modifications/configuration that should be done on DB2 side in order to catch DB2 traffic by S-TAP agent?

------------------------------
Igor Volkov
------------------------------