The default S-Tap configuration file contains extensive comments, explaining each of the configuration file properties. Each comment begins with a semi-colon (;) character. In the actual configuration file, all or some of the comments may be stripped out during the process of updating the configuration.
If you need to edit the S-TAP configuration file on the database server, we suggest that you use the default version of the file (reproduced below) as a reference. There is an unused copy of the default S-TAP configuration file installed on the database server. When you make changes, be sure that you make your changes to the actual configuration file, and not to the default version.
;S-TAP Configuration File
; Guardium guard_tap.ini file example.
;[VERSION]
;STAP_CLIENT_BUILD=7, 0, 0, 37
;PROTOCOL_VERSION=7.0.0
; Lines starting with a semi-colon (;) are comments.
; ??? indicates that you must supply a value.
; Default values are noted in the comments.
; Section and property names are not case-sensitive.
; Within each section, properties are listed alphabetically.
; TAP Section
; There must be exactly one section named tap. It contains
; the properties described below. If a property is required for
; your operating system only, you must uncomment that property
; and supply a value.
[TAP]
;TAP_VERSION=7, 0, 0, 37
; alert_on_shared_memory_enabling
; Windows only – Set to 1 to have S-TAP alert if a shared memory
; connection for MS SQL Server Query Analyzer is enabled.
; The default is 0 (zero) – no alert.
;alert_on_shared_memory_enabling=0
; alternate_ips
; List any additional IP addresses for the S-TAP host. These are
; in addition to the value determined from software_tap_host (Windows)
; or specified in tap_ip (Unix). No defaults.
;alternate_ips=???
; debug_file_name
; Windows only – Identifies the file to use for debugging output. The
; amount of information written here depends on the debuglevel
; property (see below). There is no default.
debug_file_name=c:/guardium/stap.txt
; debuglevel
; Windows only - Sets the debugging level. Leave at 0 (zero)
; unless directed to do otherwise by Guardium Support.
; Debug level:
; 0 – only critical error information
; 1 – all above plus repeatable not ctitical error information
; 2 – all above plus lost data information (discontinued from version 4.03 and above)
; 3 - all above plus brief information about packets sent to a Guardium
; 4 - all above plus local sniffing log
; 5 – all above plus network sniffing log
; 6 - all above plus heartbeat receiving log
; 7 - all above plus miscellaneous debugging information
debuglevel=0
; devices
; Which interfaces to listen on. There are no defaults.
; For Windows: If omitted, S-TAP will find devices itself.
; Otherwise specify the device. For example:
; \Device\NPF_{DC24F406-DA63-4976-A5EA-7F39DDC0AC43}
;devices=???
; disable_shared_memory_if_turned_on
; Windows only - Set to 1 to have S-TAP disable shared memory
; connections opened for MS SQL Server Query Analyzer.
; The default is 0 (zero), meaning no action will be taken.
;disable_shared_memory_if_turned_on=0
;named_pipes_driver_installed=0
; file_sniffer_frequency
; Windows only – In seconds, determines how often STAP checks for
; new SQL trace login information. Also, this value defines the
; frequency for registration attempts with a Guardium unit if a
; previous attempt was not successful. In addition, this value defines
; the frequency for checking MS SQL Server configuration parameters
; (see the description of the alert_on_shared_memory_enabling and
; disable_shared_memory_if_turned_on properties, below.
; Default is 300.
;file_sniffer_frequency=300
; maximum_buffer_size
; Windows only – When the TEE is used, the maximum buffer size in KB
; for the STAP TCP server receiving messages from the TEE.
; Otherwise, not used. The default is 1024.
;maximum_buffer_size=1024
; minimum_heartbeat_interval
; Windows only - The number of seconds for S-TAP to wait for a
; heartbeat from the active Guardium host before attempting to switch
; to the next server on its list of Guardium hosts. The default is 180.
;minimum_heartbeat_interval=180
; remote_messages
; Set to 1 to send messages to the active Guardium
; host (the default). Set to 0 (zero) to not send messages.
remote_messages=1
;SHARED_MEMORY_DRIVER_INSTALLED
;set to 1 for local sniffing of MSSQL server shared memory
:Windows only
SHARED_MEMORY_DRIVER_INSTALLED=1
; LHMON_DRIVER_INSTALLED={0|1}
LHMON_DRIVER_INSTALLED=1
; NAMED_PIPES_DRIVER_INSTALLED={0|1}
NAMED_PIPES_DRIVER_INSTALLED=1
;DB2_SHMEM_DRIVER_INSTALLED={0|1}
DB2_SHMEM_DRIVER_INSTALLED=1
;KRB_MSSQL_DRIVER_INSTALLED={0|1} required when mssql uses encryption and for kerberose , uses the “MSSQL monitor” service that needs to be started too
KRB_MSSQL_DRIVER_INSTALLED=0
;ORA_DRIVER_INSTALLED={0|1} required when oracle uses encryption(aso/ssl), uses the “Orcale monitor” service that needs to be started too
ORA_DRIVER_INSTALLED=0
;SYNCH_FLAG=1
;PARTICIPATE_IN_LOAD_BALANCING=0
;DISABLE_SHARED_MEMORY_IF_TURNED_ON=0
;KRB_MSSQL_DRIVER_ONDEMAND={0|1} if this is turned on next one will decide if the sync is done blocking or not
KRB_MSSQL_DRIVER_ONDEMAND=0
; KRB_MSSQL_DRIVER_NONBLOCKING={0|1}
KRB_MSSQL_DRIVER_NONBLOCKING=0
; LHMON_FOR_NETWORK={0|1} 0=use windows pcap 1=use lhmon network instead
LHMON_FOR_NETWORK=0
; software_tap_host
; Windows only – Identifies the database server host on which S-TAP is
; installed. It can be an IP address or a name recognized by the DNS
; server.
; There is no default.
;software_tap_host=???
; syslog_messages
; Set to 1 to send messages to syslog (for Unix) or the EventViewer
; (for Windows).
; Set to 0 (zero) to not send messages.
; The default is 1.
syslog_messages=1
; tap_hb_udp_port
; Windows only - Defines the UDP port number on which heartbeats and
; data are sent to S-TAP from any Guardium host that will act as an
; Guardium appliance for this S-TAP. The default is 8075.
;tap_hb_udp_port=8075
; tap_ip
; IP address of the database server system on which
; S-TAP is installed. There is no default.
;tap_ip=???
; tee_debug_file_name
; Windows only – Identifies the file to use for TEE debugging output.
; There is no default.
;tee_debug_file_name=???
; tee_installed
; Windows only – Set to 1 to enable monitoring via the TEE.
; The default is 0 (zero), meaning the TEE is not used.
; If the TEE is not installed, and you want to get local traffic
; immediately after installation, you must reboot the system or
; restart all database servers.
tee_installed=0
; tee_msg_buffer_len
; The number of TEE buffers.
; The default is 128.
tee_msg_buffer_len=128
; tee_reserved_port
; Windows only – For internal use by the TEE. This port number
; must be greater than 1000. The default is 9729.
;tee_reserved_port=9729
; tee_server_port
; Windows only – The port used for S-TAP and TEE communications.
; This port number must be greater than 1000. The default is 9501.
;tee_server_port=9501
; tracefiles_dir
; The Directory in which access tracer files will be stored.
; The default is INSTALLDIR.
;tracefiles_dir=INSTALLDIR
; SQLGUARD_??? Sections
; There must be one SQLGUARD_??? section for each Guardium unit that
; will serve as a host for this S-TAP. Replace ??? in the section name
; with a meaningful name for the Guardium unit. The name used here will
; be used in messages. There must be at least one SQLGUARD_??? section.
; There are three required properties for each SQLGUARD_??? section.
;[SQLGUARD_???]
; primary
; Indicates if this is the primary Guardium appliance (1) or a secondary
; server (0). There must be exactly one primary server.
;primary=1
; sqlguard_ip
; The IP address or name of the Guardium unit. For Windows, it can be
; a name recognized by the DNS server.
; There is no default.
;sqlguard_ip=???
; sqlguard_port
; The port used to communicate with S-TAP.
; The Windows default is 9500.
;sqlguard_port=????
; DB_??? Sections
; Each DB_??? Section identifies a databases S-TAP should monitor.
; There must be at least one DB_??? section. Replace ??? in the section
; name with a meaningful name for the database. The name used here will
; be used in messages. The properties for each DB_??? section are
; described below.
;[DB_???]
; db_type
; The database type. It must be: ORACLE, MSSQL, DB2, SYBASE or MYSQL.
; There is no default.
;db_type=???
; port_range_end
; The ending port number of a range of ports on which to monitor
; traffic for this database. There is no default.
;port_range_end=???
; port_range_start
; The beginning port number of a range of ports on which to monitor
; traffic for this database. There is no default.
;port_range_start=???
; networks
; Identifies the clients to be monitored, using a list of addresses
; in IP address/mask format: n.n.n.n/m.m.m.m.
; To select all clients, omit the list of addresses.
; To select local traffic only, use 127.0.0.1/255.255.255.255
; If an improper IP address/mask is entered, S-TAP will not start.
; There is no default.
;networks=???
; real_db_port
; If a TEE is used, the port onto which the TEE will forward messages
; (and from which the database server will retreive them).
; There is no default.
;real_db_port=???
; tap_db_process_names
; For Windows only, when the db_type is Oracle, and the port_range_start
; and port_range_end specify more than one port. If this is the case,
; enter the following process names: oracle.exe and tnslsnr.exe
; There is no default.
; tee_listen_port
; If a TEE is used, the port on which the TEE will accept DB client
; connections. The default is 0 (zero), indicating there is no TEE.
; tee_listen_port=0
;NAMED_PIPE=?? place your own name pipe name to look for here
; TAP_DB_PROCESS_NAMES=?? Place your database process name when monitoring encrypted traffic