IBM Support

How to alert on the Guardium internal database filling up

Question & Answer


Question

How can I tell when my Guardium internal database is getting full? What alert should I use to notify me when there is a problem?

Cause

The Guardium internal database can fill up for many reasons. For information on causes and solutions to that problem see:
What can I do if I see my Guardium Appliance getting full?
It is the responsibility of the Guardium administrator to ensure the appliance internal database is maintained at a stable level at all times.

Answer

To see the percentage used of the Guardium internal database use the command in CLI:


    support show db-status used %

It is recommended to keep your appliance database usage under 50% in normal operations. In order to react proactively if the usage is increasing you can define a correlation alert.

The Guardium Deployment Guide section 3.9.8 details self monitoring alerts that should be installed on appliances. The "Disk Space Alert" should be used for this case. The alert notifies receivers every 24 hours if the database space is 60% or higher.

For the alert to work, the buffer usage monitor on the appliance must be active. Use this link to ensure that it is: Guardium STAP is collecting data but request rate and buffer usage reports are empty.

Pre made alert definitions

Definitions are available to import into your v9 and v10 appliances. There will be a compatibility warning when importing into v10 but it will succeed. The definitions may not import for versions before 9.1. The required alert is different for collectors and aggregators.

Alert to DownloadUnit Type Alert will run onAlert Name / NotesQuery Name Alert is based onAlert will firePotential delay in receiving alerts?
MyCollectorMysqlDisk_alert.sqlMyCollectorMysqlDisk_alert.sqlCollector-My Collector Mysql Disk Usage Collector Mysql Disk UsageWhen unit Mysql disk usage is >=60%Dependant on the unit alert definition and polling interval.
MyAggregatorDisk_alert.sqlMyAggregatorDisk_alert.sqlAggregator-My Aggregator Disk UsageAggregator var disk usageWhen unit var disk usage is >=60%Dependant on the unit alert definition and polling interval.
MyCMMysqlDiskUsage_alert.sqlMyCMMysqlDiskUsage_alert.sqlCentral Manager-MyCM Mysql Disk Usage

Needs CM Buffer Usage Monitor scheduled for upload regularly :-

v9 Tools ->Report Building - Custom Table Builder-> upload data. v10 Comply -> Custom Reporting -> Custom Table Builder -> upload data. Simply set the schedule - eg restart every hour, do not repeat

*NB schedule at 5 minutes past the hour so as to include the full previous hour data.
-My CM Buffer Usage Mysql Disk SpaceWhen any managed unit has Mysql disk usage >=60%Dependant on CM Buffer Usage upload schedule - if as per the NB* - a maximum of 1.5 hour delay before notification
MyEnterpriseMysqlDiskUsage_alert.sqlMyEnterpriseMysqlDiskUsage_alert.sqlCentral Manager-MyEnterprise Mysql Disk Usage

Make sure Unit Utilisation is enabled -

Then schedule on the Central Manager ( v9 System View-> Unit Utilization. v10 Manage -> Unit Utilization ) eg restart every hour, do not repeat


*NB schedule at 10 minutes past the hour so as to include the full previous hour period of data obtained from the above 		-My Enterprise Mysql Disk SpaceWhen any managed unit has Mysql disk usage >=60% based on the units utilization report.Dependant on the Units Utilization schedule - if as per the NB* - a maximum of 1 hour 40 min delay before notification
  1. Import the .sql files above from the GUI v9 Administration Console->Guardium Definitions->Import. v10 Manage -> Data Management -> Definitions Import This must be done on the central manager if one exists in the environment.
  2. Activate the appropriate alert for the unit type from v9 Administration Console->Anomaly detection. v10 Setup -> Tools and Views -> Anomaly Detection

Note: The alert definitions above do not contain any receivers. You must add these yourself in the alert builder as appropriate.

In case pre made definitions do not import

Follow the step by step instructions on how to create the alerts in the Deployment Guide section 3.9.3 under "Disk Space Alert".

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"10.0;8.2;9.0;9.1;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21696915

Page Feedback