Professional Documents
Culture Documents
SPAN Port Mirroring - Tech PDF
SPAN Port Mirroring - Tech PDF
SPAN Port Mirroring - Tech PDF
1. OVERVIEW.........................................................................................................3
2. PORT MIRRORING............................................................................................3
2.1 Physical Setup...........................................................................................3
2.2 Network Inspection Engine Configuration.................................................4
3. REFERENCES...................................................................................................6
2
1. Overview
The preferred way for monitoring databases with Guardium is by setting up S-TAP on
the database servers. However, for some platforms such as iSeries and NCR UNIX,
there currently does not exist a S-TAP package. For these platforms, database
monitoring of network traffic can still still be achieved through port mirroring. Local traffic
can be monitored via the "Custom Data Upload" facility of Guardium. Port mirroring
should also be used if a performance impact on the database server is a huge concern
as S-TAP does have a slight performance impact on the database server.
2. Port Mirroring
– For network traffic, we can use port mirroring, which is mirroring through SPAN
(Switched Port Analyzer) ports.
– A physical setup and configuration of the inspection engine is needed to make port
mirroring work.
– The LAN containing the desktop used for connecting to the Guardium collector GUI
should be connected to the eth0 port on the Guardium collector appliance.
– The SPAN port from the network switch should be connected to the eth1 port of the
Guardium collector appliance. You can also connect additional SPAN ports to the
remaining ethernet ports of the Guardium appliance, in order.
– The network switch must then be configured to mirror all traffic to and from the
databases to be monitored, to a port on which the appliance is connected. A
network administrator should be able to perform this configuration. You may need to
consult the switch vendor's documentation on the exact process for setting up this
configuration.
3
Conceptual overview of port mirroring for network traffic. The SPAN port of the network switch is
connected to the eth1 port of the appliance.
1. Log into the Guardium user interface as the admin user. Click on the
Administration Console tab, then click on Inspection Engines from the
Configuration menu on the left hand panel.
4
2. Expand the Add Inspection Engine section. Fill out the required fields and
click on the Add button. A description of the required fields follows:
• Name – Enter an unique name and its recommended to only use letters and
numbers in the name.
• Protocol – Select the database protocol (IBM iSeries, DB2, etc).
• DB Client IP/Mask – Enter a list of clients to be monitored by specifying their
IP and subnet masks.
• DB Server IP/Mask – Enter a list of database servers (database host
machines) to be monitored by specifying their IP and subnet masks.
• Port – Enter a single or a range of ports over which traffic between the listed
clients and database servers will be monitored.
• Active on startup – Mark this box if the inspection engine should be
automatically started on start-up.
• Exclude DB Client IP – Mark this box if you want the inspection engine to
monitor traffic from all clients except for those listed in the DB Client IP/Mask
list.
3. References
5
© Copyright IBM Corporation 2011
All Rights Reserved.
IBM Canada
8200 Warden Avenue
Markham, ON
L6G 1C7
Canada