Troubleshooting
Problem
Local connections to an Oracle database using the Bequeath Protocol are not being collected by the Oracle S-TAP
Cause
Local (Bequeath) connection traffic, where the client and server reside on the same machine, may not be collected if the S-TAP configuration is incorrect.
Diagnosing The Problem
To determine if the problem is with the S-TAP do the following:
1. On the machine hosting the database server and S-TAP run the following as root:
[root]# tcpdump -i eth0 -nn host <host ip address> -X -s0 | grep dual
2. Also on the machine hosting the database server and S-TAP open a new console window, login as user oracle and run the following to generate a local oracle connection:
sqlplus "/ as sysdba"
select * from sys.dual;
It is not important if the table sys.dual exists on your database. If the S-TAP is working correctly it will capture the sql statement within the tcpdump output.
Here is an example of the output from a tcpdump that successfully capture the sql.:
[root]# tcpdump -i eth0 -nn host 192.168.0.2 -X -s0 |grep dual
0x00e0: 202a 2066 726f 6d20 7379 732e 6475 616c .*.from.sys.dual
If there is no tcpdump output for the select statement then the S-TAP is not collecting local connection traffic.
NOTE: If tcpdump is not available use and alternative tool applicable to your operating system like snoop.
Resolving The Problem
Amend the S-TAP configuration file , guard_tap.ini, to include the following parameter values:
[TAP]
ktap_installed=1
[DB_x]
db_exec_file=/<Oracle installation path>/bin/oracle
db_install_dir=/<Oracle installation path>
tee_listen_port=0
The above parameters assume that the K-Tap is being used to monitor local traffic and not the Tee functionality.
[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0;7.0;8.0;8.2;9.0;9.1;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21567989