IFXGUARD configuration parameter

The IFXGUARD configuration parameter enables auditing with IBM® Security Guardium® and sets the actions of the database server if the IBM Security Guardium server does not respond in the timeout period.

onconfig.std value
Not present in the onconfig.std file
value if not present
IFXGUARD enable=1,timeout=-1
values
See the Usage section.
takes affect

After you edit your onconfig file and restart the database server.

When you reset the value dynamically in your onconfig file by running the onmode -wf command.

When you reset the value in memory by running the onmode -wm command.

Usage

Use the IFXGUARD configuration parameter to control the behavior of the database server when a user session requires a response from IBM Security Guardium.

Read syntax diagramSkip visual syntax diagram
>>-IFXGUARD----------------------------------------------------->

>--+-enable--=--0--------------------------------------+-------><
   '-enable--=--1--timeout--=--+- -1-----------------+-'   
                               '-seconds--:--actions-'     
Table 1. IFXGUARD configuration parameter options
Field Purpose
enable Specifies whether auditing is enabled:
  • 0 = Connections from the ifxguard agent are rejected and auditing is disabled.
  • 1 = Connections from the ifxguard agent are allowed and auditing is enabled.
timeout Specifies the behavior when a user session is attempting an action that is audited:
  • -1 = The user session waits indefinitely for the ifxguard agent to get a response from the IBM Security Guardium server.
  • seconds = The user session waits for the number of seconds for the ifxguard agent to get a response from the IBM Security Guardium server and the database server takes the specified action.
seconds The timeout period, in seconds, for the ifxguard agent to get a response from the IBM Security Guardium server.
actions Specifies the action for the database server to take after the ifxguard agent timeout period:
  • ignore = The database server ignores the failure of the ifxguard agent and the user session continues.
  • alarm = The database server raises the event alarm 87003 for the timeout of the ifxguard utility and continues to wait for an ifxguard agent before it continues to process the user session connection.
  • kill = The database server shuts down the ifxguard agent and accepts the user session connection without auditing. IBM Security Guardium is disabled.
  • shutdown = The database server shuts down.

Example

The following entry enables IBM Security Guardium and specifies that if the ifxguard agent does not get a response from the IBM Security Guardium server within 5 seconds for the user session, the database server shuts down the ifxguard agent:

IFXGUARD enable=1,timeout=5,kill
Parent topic: Auditing with IBM Security Guardium (UNIX, Linux)
Related information:
onmode -wf, -wm: Dynamically change certain configuration parameters
Event alarm IDs
Copyright© 2020 HCL Technologies Limited