¿ªÊ¼Ö®Ç°
±¾Îļٶ¨Äú°²×°ÁË InfoSphere Guardium ÊÕ¼¯Æ÷²¢ÔÚÍøÂçÉϽøÐÐÁËÅäÖá£Õë¶Ô
MongoDB µÄ InfoSphere Guardium »î¶¯¼àÊÓÒªÇóʹÓà V9 GPU 50 »ò¸ü¸ß°æ±¾¡£Èç¹ûÄúÊÇ
InfoSphere Guardium ¿Í»§²¢ÓÐ×ʸñÉý¼¶µ½ V9.0£¬ÄÇôÄú¿ÉÒÔÏÈ´Ó Passport
Advantage ÏÂÔØ Guardium£¬È»ºóÔÙ°²×° GPU£¨Äú¿ÉÒÔ´Ó Fix Central »ñÈ¡Ëü£©¡£
Ö§³ÖµÄ MongoDB °æ±¾Îª 2.0¡¢2.2 ºÍ 2.4¡£´ÓÊý¾Ý°²È«µÄ½Ç¶È½²£¬½¨ÒéÄúÉý¼¶µ½
MongoDB 2.4 »ò¸ü¸ß°æ±¾£¬ÒòΪÕâЩ°æ±¾¿ÉÌṩ¼ò½éÖÐËùÊöµÄ°²È«ÔöÇ¿¹¦ÄÜ¡££¨Kerberos ÒªÇóʹÓÃÆóÒµ°æ¡££©
¼Ç¼ÒÔÏÂÐÅÏ¢£¬ÄúÐèҪʹÓÃÕâЩÐÅÏ¢À´Íê³É¸Ã½â¾ö·½°¸µÄ°²×°ºÍÅäÖãº
1.InfoSphere Guardium ÊÕ¼¯Æ÷µÄ IP µØÖ·ºÍÓÃÓÚÁ¬½ÓËüµÄ
¶Ë¿Ú (16016)
2.·ÖƬ·þÎñÆ÷ÉÏ mongod ËùʹÓõĶ˿ڣ¨Ä¬ÈÏֵΪ 27018£©ºÍ
IP µØÖ·
3.·ÓÉ·þÎñÆ÷ (mongo) ʹÓõĶ˿ڣ¨Ä¬ÈÏֵΪ 27017£©ºÍ IP
µØÖ·
ÔÚ MongoDB ½ÚµãÉϰ²×° S-TAP ´úÀí
Èçͼ 1 Ëùʾ£¬ÎÒÃǽ¨ÒéÔÚ mongod ·ÖƬ·þÎñÆ÷ºÍ·ÓÉ·þÎñÆ÷Éϰ²×°
S-TAP£¬ÒÔ±ã¼àÊÓÔÚ mongod ·ÖƬ·þÎñÆ÷ÉÏ¿ÉÄÜ·¢ÉúµÄÈκιÜÀíÔ±»î¶¯¡£

ͼ 1. S-TAP ±»ÅäÖÃΪÕìÌý MongoDB
¶Ë¿Ú
S-TAP ÊÇÌØ¶¨ÓÚ²Ù×÷ϵͳµÄ£¬Òò´ËÄúÐèҪΪÿ¸öÏàÓ¦µÄ½Úµã°²×° Linux?
S-TAP¡£¿ÉÒÔ²ÉÓÃÁ½ÖÖ²»Í¬µÄ·½·¨À´Íê³É´Ë²Ù×÷£º
1.ʹÓà Guardium Installation Manager (GIM)¡£½èÖú
GIM£¬Äúʵ¼ÊÉÏÊÇÔÚ°²×° GIM ´úÀíºÍ S-TAP¡£Í¨¹ýʹÓà GIM£¬¿ÉÒÔ´Ó Web ¿ØÖÆÆ÷¿ØÖÆËùÓÐ
S-TAP Éý¼¶ºÍδÀ´°²×°£¬ÎÞÐèÔٴηÃÎÊ·þÎñÆ÷¡£ÓÉÓÚ¹ÜÀíºÍ¸üзdz£¼òµ¥£¬ËùÒÔ´ó¶àÊýÆóÒµ¶¼»áʹÓà GIM¡£ÓйØ
GIM µÄÏêϸÐÅÏ¢£¬Çë²ÎÔÄ InfoSphere Guardium ÐÅÏ¢ÖÐÐÄ¡£ÓйصÄÁ´½Ó£¬Çë²ÎÔÄ ²Î¿¼×ÊÁÏ¡£
2.ʹÓÃÄú´Ó Fix Central ÏÂÔØµÄ S-TAP shell °²×°³ÌÐò¡£¿ÉÒÔ²ÉÓ÷ǽ»»¥Ê½Íê³É¸Ã²Ù×÷£¬ÕâÑùÄú¾Í¿ÉÒÔʹÓÃͬһ¸öÃüÁîÔںܶà½ÚµãÉϰ²×°¡£
¸Ã¹ý³ÌµÄÏêϸÐÅÏ¢²»ÔÚ±¾ÎĵÄÌÖÂÛ·¶Î§Ö®ÄÚ£¬µ«ÊÇÄú¿ÉÒÔ²ÎÔÄ InfoSphere
Guardium ÐÅÏ¢ÖÐÐÄ£¬»ñµÃÓйصÄÏêϸÐÅÏ¢¡£
Èç¹ûÄúµÄ S-TAP ±»ÕýÈ·ÅäÖÃΪÁ¬½Óµ½ InfoSphere Guardium
ÊÕ¼¯Æ÷£¬ÄÇô¹ÜÀí¿ØÖÆÌ¨ÖеÄϵͳÊÓͼ½«ÏÔʾΪÂÌÉ«£¬Èçͼ 2 Ëùʾ¡£

ͼ 2. ÏÔʾ S-TAP ÓëÊÕ¼¯Æ÷ÕýÔÚͨÐŵÄϵͳÊÓͼ
ÅäÖüì²éÒýÇæ
½ÓÏÂÀ´£¬ÄúÐèҪΪÿ¸ö S-TAP ÅäÖüì²éÒýÇæ¡£¼ì²éÒýÇæÌṩÁËÄú¶¨Òå S-TAP
ʹÓÃÄĸöÐÒé½øÐмàÊÓ (MongoDB) ÒÔ¼°Òª¼àÊÓÄÄЩ¶Ë¿ÚµÄ·½Ê½¡£Ä¬ÈÏÇé¿öÏ£¬Èç ͼ 1 Ëùʾ£¬ÓÃÓÚ
mongo µÄ¶Ë¿ÚΪ 27017£¬¶øÓÃÓÚ mongod£¨·ÖƬ£©µÄ¶Ë¿ÚΪ 27018¡£ÄúµÄ¶Ë¿Ú¿ÉÄÜÓÐËù²»Í¬¡£
ÒªÅäÖüì²éÒýÇæ£¬ÇëÒÔ¹ÜÀíÔ±Éí·ÝµÇ¼ InfoSphere Guardium£¬²¢µ¼º½µ½
Administration Console¡£´Ó×ó²àµÄ²Ëµ¥´°¸ñÖУ¬Ñ¡Ôñ Local Tap s>
S-TAP Control¡£ÕÒµ½ Mongos ·þÎñÆ÷µÄ S-TAP£¬µ¥»÷ Modify£¬È»ºóÑ¡Ôñ Add
Inspection engine ÏÂÁв˵¥¡£
ÊäÈëËùÐèµÄ¶Ë¿ÚÐÅÏ¢¡£ÄúµÄ mongos ¼ì²éÒýÇæÅäÖÃÓ¦Èçͼ 3 Ëùʾ¡£

ͼ 3. Mongos£¨²éѯ·ÓÉÆ÷·þÎñÆ÷£©¼ì²éÒýÇæÅäÖÃ
ÔÚ·ÖÆ¬·þÎñÆ÷ÉÏ£¬ÅäÖÿ´ÆðÀ´»áÉÔÓв»Í¬¡£ÒòΪÄú¿ÉÄÜÖªµÀ£¬´ó¶àÊý ¡°Õý³£¡±
»î¶¯¶¼ÊÇͨ¹ý mongos ½øÐзÓÉ£¬È»ºó·Óɵ½·ÖƬ·þÎñÆ÷É쵀 mongods¡£Èç¹ûÄú¼àÊÓÁË·ÖÆ¬·þÎñÆ÷ÉϵÄËùÓÐÁ÷Á¿£¬ÄÇô
Guardium ÊÕ¼¯Æ÷»á´Ó mongos ÒÔ¼°¸ÃÃüÁî·Óɵ½µÄËùÓÐ·ÖÆ¬·þÎñÆ÷ÊÕµ½Í¬Ò»¸öÏûÏ¢¡£ÎªÁ˱ÜÃâÕâÖÖ
¡°Ë«ÖؼÆË㡱£¬Í¬Ê±ÈÔÈ»Äܹ»¼àÊÓͨ¹ý mongos µÄËùÓÐÁ÷Á¿£¬¿É½«·ÖƬ·þÎñÆ÷É쵀 STAP ÅäÖÃΪÅųýËùÓÐ
mongos Á÷Á¿¡£

ͼ 4. Mongod£¨·ÖƬ£©¼ì²éÒýÇæÅäÖÃ
ʹÓà API ÅäÖüì²éÒýÇæ
Èç¹ûÄúÓкܶà½Úµã£¬ÄÇôÄú¿ÉÄÜ»áÏ£ÍûʹÓà Guardium API ÏòÖ¸¶¨µÄ
S-TAP ÖÐÌí¼Ó¼ì²éÒýÇæ¡£Ö»ÄܴӸà S-TAP µÄ»î¶¯ Guardium Ö÷»úÐÞ¸Ä S-TAP ÅäÖ㬲¢ÇÒÖ»ÄÜÔÚ
S-TAP ´¦ÓÚÁª»ú״̬£¨ÔÚϵͳ¸ÅÊöÖÐÏÔʾÂÌÉ«£©Ê±ÐÞ¸Ä S-TAP ÅäÖá£
¶ÔÓÚ mongos£º
grdapi create_stap_inspection_engine client=0.0.0.0/0.0.0.0 protocol=MongoDB ktapDbPort=27017 portMax=27017 portMin=27017 stapHost=<ip of Mongos server where associated STAP is installed> |
¶ÔÓÚ mongod£º
grdapi create_stap_inspection_engine protocol=MongoDB ktapDbPort=27018 portMax=27018 portMin=27018 stapHost=<ip of mongod server where STAP is installed> client=0.0.0.0/0.0.0.0 excludeClient=<ip of Mongos> |
ÑéÖ¤ÊÇ·ñÕýÔÚ²¶»ñÁ÷Á¿
Óм¸ÖÖ·½·¨ÅжÏÊÇ·ñÕýÔÚÏò Guardium ÊÕ¼¯Æ÷·¢ËÍÁ÷Á¿¡£ÓоÑéµÄ Guardium
Óû§¿ÉÒÔÈ·±£°²×°Á˽«²¶»ñËùÓÐÁ÷Á¿²¢²é¿´±¨¸æµÄ²ßÂÔ¡£
1.Èç¹ûÒÔÓû§Éí·ÝµÇ¼£¬ÄÇôÔÚ View Ñ¡ÏÉÏ£¬Äú»á¿´µ½Ò»¸öÃûΪ Number
of db per type µÄÌõÐÎͼ¡£Äú¿ÉÒÔË«»÷¸Ã±¨¸æÏÂ×ê»ñÈ¡Êý¾Ý£¬ÒÔ±ã²é¿´ÊÇ·ñÓл¡£

ͼ 5. ±¨¸æÏÂ×ê
2.Èç¹ûÄúÕýÔÚ½øÐÐ Guardium 9.0.0.50 µÄȫа²×°£¬»òÕßÉý¼¶²¢°²×°ÁËеÄĬÈϲßÂÔ£¨ÃûΪ
Default-Ignore Data Activity for Unknown Connections£©£¬ÄÇôÄú²»»á¿´µ½ÏêϸµÄ»î¶¯¡£µ«ÊÇ£¬ÄúÐèÒª½øÈë
Connection Profile List ±¨¸æ£¬¸Ã±¨¸æ½«Ö»ÏÔʾÈκÎδ֪Á¬½ÓµÄ¸ß¼¶»á»°ÐÅÏ¢£¬ÆäÖаüÀ¨À´×Ô
MongoDB µÄÄÇЩÁ¬½ÓµÄ»á»°ÐÅÏ¢£¬´ËʱÕâЩÁ¬½ÓÓ¦¸ÃÈ«¶¼ÊÇδ֪Á¬½Ó¡£×÷Ϊһ¸öÓû§£¬Äú¿ÉÒÔÔÚ DB Activities
Ï嵀 View Ñ¡ÏÉÏÕÒµ½¸Ã±¨¸æ£¬Èçͼ 6 Ëùʾ¡£

ͼ 6. Connection Profile
List
×÷ΪһÃû¹ÜÀíÔ±£¬Äú»áÔÚ Daily Monitor Ñ¡ÏÉÏÕÒµ½¸Ã±¨¸æ¡£
¸Ã±¨¸æÈçͼ 7 Ëùʾ¡£Ëü°üº¬Êý¾Ý¿âÓû§Ãû¡¢¿Í»§¶Ë IP ÒÔ¼°Õû¸öÁ¬½ÓÐÅÏ¢
¡°Ôª×顱£¬Ëü±êʶÁËÁ¬½ÓÐÅÏ¢£¬±ÈÈç¿Í»§¶Ë IP¡¢Ô´Ó¦ÓóÌÐò¡¢Êý¾Ý¿âÓû§Ãû¡¢·þÎñÆ÷ IP ÒÔ¼°·þÎñÃû³Æ¡£

ͼ 7. Connection Profile
List
Èç¹ûÄúÈ·¶¨×Ô¼ºµÄ²ßÂÔÅäÖÃÕýÈ·£¬µ«ÈÔȻû¿´µ½Á÷Á¿£¬ÄÇôÇëÈ·±£ÄúÓµÓб¨¸æµÄÕýÈ·ÈÕÆÚºÍʱ¼ä·¶Î§¡£Èç¹ûÕâҲûÓÐÎÊÌ⣬ÄÇô¿ÉÄÜÊÇÒòΪÔÚÄúµÄ
S-TAP
´´½¨ÒªÔÚ²ßÂԺͱ¨¸æÖÐʹÓõÄ×é
ÎÒÃǽøÐеÄÒ»ÏîÖØÒªµÄ¹æ»®Á·Ï°ÊÇ´´½¨×飬´´½¨×é¿ÉÒÔ´ó´óÌá¸ßЧÂÊ¡£ÀýÈ磬Äú¿ÉÒÔ´´½¨¹ÜÀíÔ±£¨ÌØÈ¨Óû§£©Óû§×é¡¢Ãô¸ÐÊý¾Ý¶ÔÏó×é¡¢ÌØ¶¨ÃüÁ±ÈÈç·ÖÅäÓû§ºÍȫеÄÃüÁ×éºÍÆäËûÈκÎÊÂÏî¡£¶ÔÓÚ±¾ÎÄ£¬ÎÒÃǽ«½éÉÜһЩ¼àÊÓÓÃÀý£¬ÒÔ¼°ÈçºÎ´´½¨²ßÂÔ¹æÔòÒÔ´¦ÀíÄÇЩÓÃÀý¡£¼¸ºõËùÓÐÕâЩ¹æÔò¶¼ÒªÇóʹÓÃ×é¡£±í
1 ÊÇÎÒÃǽ«Òª´´½¨µÄ¹æÔòµÄÕªÒªÒÔ¼°Ã¿¸ö¹æÔòÖÐҪʹÓõÄ×é¡£
±í 1. ÓÃÓÚ´´½¨ÎÒÃǵÄÑùÀý²ßÂÔ¹æÔòµÄ¹æÔòºÍ×é

ÔÚ´ËÎÄÕÂϵÁÐµÄµÚ 3 ²¿·ÖÖУ¬ÎÒÃǽ«»á½éÉÜÁíÒ»¸ö¸ß¼¶¹¦ÄÜ£¬Äú¿ÉÒÔʹÓòßÂÔ¹æÔò¼°Ê±×èÖ¹·ÃÎÊ¡£¸Ã¹¦ÄÜÐèÒªÒ»¸öÐí¿ÉÖ¤²ÅÄܽøÐи߼¶»î¶¯¼àÊÓ¡£
Òª´´½¨Ò»¸ö×飬Çë·ÃÎÊ Group Builder¡£Èç¹ûÄúÒÔ¹ÜÀíÔ±µÄÉí·Ý½øÐеǼ£¬Çëµ¥»÷
Tools Ñ¡Ï£¬²¢´Ó×ó²à²Ëµ¥´°¸ñÖÐÑ¡Ôñ Config & Control > Group
Builder¡£ÔÚ ÎÒÃǵIJßÂÔ¹æÔòʾÀýÖ®Ò» Öн«»áÃèÊö Group Builder ½çÃæµÄÏêϸÐÅÏ¢¡£
ÅäÖð²È«²ßÂÔ
»ùÓÚ¹æÔòµÄ°²È«²ßÂÔÊÇ InfoSphere Guardium ¹¤×÷ÔÀíµÄºËÐÄ¡£ÕýÊÇͨ¹ýÕâЩ¹æÔò£¬Äú¿ÉÒÔÖ¸¶¨
InfoSphere Guardium Òª¼Ç¼ÄÄЩÁ÷Á¿¡¢ÔÚÄÄЩÌõ¼þÏ»ᷢ³ö¾¯¸æÒÔ¼°Òª×èÖ¹ÄÄЩÁ¬½Ó¡£
9.0.0.50 µÄȫРInfoSphere Guardium °²×°½«»á°üº¬Ò»¸öºöÂÔËùÓÐÁ÷Á¿µÄĬÈϲßÂÔ¡£¸ÃĬÈϲßÂԿɰïÖú±£»¤ÄúµÄÍøÂ磬·ÀÖ¹ÔÚ¼¤»î
S-TAP ºÍ¿ªÊ¼¼àÊÓÊý¾Ý¿âʱ³öÏÖ¹ýÔØ¡£
ÎÒÃÇÎÞ·¨ÔÚ±¾ÎÄÖнéÉÜËùÓи÷ʽ¸÷ÑùµÄ²ßÂÔ¹æÔòÀàÐͼ°ÆäÐÐΪ¡£ÎÒÃÇÑ¡ÔñÁËһЩ³£ÓõļàÊÓÓÃÀý£¬²¢½éÉÜÁËÈçºÎΪÕâЩÓÃÀýÅäÖòßÂÔ¹æÔò¡£ÎÒÃǽ«ÔÚ±¾ÎĵÄÏÂһС½ÚÖнéÉÜÕâЩÓÃÀý¡£
ÏÖÔÚ£¬ÈÃÎÒÃÇ´´½¨Ò»¸öеIJßÂÔ£¬Äú¿ÉÒÔʹÓøòßÂÔ¿ªÊ¼Ìí¼Ó¹æÔò¡£
µ¥»÷ Tools Ñ¡Ï£¬²¢´Ó×ó²àµÄ²Ëµ¥´°¸ñÖÐÑ¡Ôñ Config &
Control > Policy Builder¡£
´Ó Policy Finder Öе¥»÷ New¡£

ͼ 8. ´´½¨Ð²ßÂÔ
ÌṩÏà¹ØËµÃ÷£¬È»ºóµ¥»÷ Apply¡£

ͼ 9. Ϊ¸Ã²ßÂÔÌṩһ¸ö˵Ã÷
¿ÉÑ¡£ºµ¥»÷ Roles ÒÔÌáʾÄÄЩ½ÇÉ«¿ÉÒÔʹÓÃÕâ¸öвßÂÔ¡£ÀýÈ磬Èç¹ûÄúÑ¡Ôñ¹ÜÀíÔ±£¬ÄÇô¾ßÓйÜÀíÔ±½ÇÉ«µÄÈκÎÈ˶¼¿ÉÒÔÔÚϵͳÖÐʹÓøòßÂÔ¡£
µ¥»÷ Back¡£
ÏÖÔÚ£¬Äú¿ÉÒÔͨ¹ýÌí¼ÓËùÐèµÄ¹æÔòÀ´±à¼¸Ã²ßÂÔ¡£ÎÒÃǽ«ÔÚÏÂһС½ÚÖнéÉÜһЩµäÐ͵ĹæÔò¡£½öµ±Äú×¼±¸ºÃÑé֤ij¸öйæÔò»òÒ»×鹿ÔòµÄÐÐΪʱ£¬²ÅÓ¦°²×°Õâ¸öвßÂÔ¡£
¼àÊÓÓÃÀý
ÔÚÕâһС½ÚÖУ¬ÎÒÃǽ«»á½éÉÜÉæ¼°ÆäËûÓÃÀýµÄһЩ¶îÍâµÄ²ßÂÔ¹æÔò£¬ÕâЩÓÃÀý¿ÉÄÜÊÊÓÃÓÚÄúµÄ×éÖ¯»ú¹¹£¬Ò²¿ÉÄܲ»ÊÊÓ㬵«ÕâЩÓÃÀý»áÈÃÄúÁ˽âһЩÆô¶¯·½·¨¡£
Èç¹ûÒÔǰ´ÓδʹÓùý InfoSphere Guardium£¬ÄÇôÄúÐèÒªÁ˽âµÄÒ»¸öÖØÒª¸ÅÄî¾ÍÊDzßÂÔ¿ÉÒÔ°üº¬ÈÎÒâÊýÁ¿µÄ¹æÔò¡£Ã¿¸ö¹æÔò¶¼ÓÐ˵Ã÷¡¢Ìõ¼þ£¨¸ù¾ÝÕâЩÌõ¼þÆÀ¹ÀÊܼàÊӵĻ£©ÒÔ¼°ÔÚ´¥·¢¹æÔòʱ½«ÒªÆô¶¯µÄ²Ù×÷¡£
ÓÐÈýÖÖÀàÐ͵ĹæÔò£º
1.Access£ºÓÃÓÚÊý¾Ý¿â¿Í»§¶ËºÍ·þÎñÆ÷Ö®¼äµÄ½»»¥¡£
2.Exception£ºÓÃÓÚÊý¾Ý¿â·þÎñÆ÷Ïò¿Í»§¶Ë·µ»ØµÄÈκÎÒì³£¡£Çë×¢Ò⣬Èç¹ûÄú¶Ô
MongoDB Á¬½ÓʹÓà write concern =0 »ò -1£¨²»°²È«£©£¬ÄÇôÄú½«ÎÞ·¨¼Ç¼ºÍ±¨¸æÈκβåÈë¡¢¸üлòÒÆ³ý£¨É¾³ý£©·µ»ØµÄ´íÎóÌõ¼þ¡£
3.Extrusion£ºÓ¦ÓÃÓÚ·µ»ØµÄÊý¾Ý¼¯¡£ÕâÊÇÒ»¸ö¸ß¼¶¹¦ÄÜ£¬ÔÚ±¾ÎÄÖÐÎÒÃDz»´òËãÌÖÂÛÕâ¸öÎÊÌâ¡£
ÔÚÉí·ÝÑé֤ʧ°Ü´ÎÊý¹ý¶àʱ·¢³öʵʱ¾¯¸æ
·À·¶¿ÉÄÜͨ¹ýËã·¨Éú³ÉÃÜÂëµÄºÚ¿ÍµÄ³£¼ûÒªÇóÊÇ£ºÔÚij¸ö»á»°Öг¢ÊÔʧ°ÜµÄÊýÁ¿³¬¹ýÄú¶¨ÒåµÄij¸öãÐֵʱ·¢³ö¾¯¸æ£¬±ÈÈçÔÚ
3 ·ÖÖÓÄÚ³¢ÊÔ´ÎÊý³¬¹ý 5 ´Î¡£
¶ÔÓÚ±¾¹æÔò£¬½«»á¶¨ÒåÒ»¸öÒì³£¹æÔò¡£
´Ó Policy Finder ÖÐÑ¡ÔñÄúµÄвßÂÔ²¢µ¥»÷ Edit Rules¡£

ͼ 10. ±à¼Ð²ßÂԵĹæÔò
ÔÚ Policy Rules Ò³ÃæµÄµ×²¿£¬µ¥»÷ Add Exception
Rule¡£
Ìîд²ßÂÔÌõ¼þ£¬ÒÔ±ã´Ó Excpt. Type ×ֶεÄÏÂÀ²Ëµ¥ÖÐÖ¸¶¨ LOGIN_FAILED¡£°üº¬×îС¼ÆÊý£¨ÔÚ±¾ÀýÖÐΪ
5£©²¢ÖØÖüä¸ô£¨ÔÚ±¾ÀýÖÐΪ 3 ·ÖÖÓ£©¡£

ͼ 11. Ö¸¶¨Òý·¢µÇ¼ʧ°Ü¹æÔòµÄÌõ¼þ
ÔÚÒ³Ãæµ×²¿£¬µ¥»÷ Add Action£¬È»ºó´ÓÏÂÀ²Ëµ¥ÖÐÑ¡Ôñ ALERT
ONCE PER SESSION¡£¸Ã²Ù×÷½«ÔÚijÈËÔÚ 3 ·ÖÖÓÄÚÉí·ÝÑé֤ʧ°Ü³¬¹ý 5 ´Î¶øÎÞ·¨³É¹¦ÊµÏÖÉí·ÝÑé֤ʱΪÿ¸ö»á»°Éú³ÉÒ»¸ö¾¯¸æ¡£

ͼ 12. Ñ¡ÔñÒ»¸ö»á»°Ò»´Î¾¯¸æ
Ñ¡Ôñ֪ͨÀàÐÍ¡£ÔÚÎÒÃǵÄʾÀýÖУ¬ÎÒÃÇÑ¡ÔñÁË SYSLOG ºÍĬÈϵÄÏûϢģ°å¡£µ¥»÷
Add£¬È»ºóµ¥»÷ Apply¡£

ͼ 13. Ñ¡Ôñ֪ͨÀàÐÍ
¾¯¸æÊ¾Àý£ºÍ¼ 14 ÏÔʾµ±ÄúÒÔ¹ÜÀíÔ±Éí·ÝµÇ¼ʱ Incident Management
Ñ¡ÏÉϵľ¯¸æÊ¾Àý¡£

ͼ 14. ¹ØÓڵǼʧ°Ü´ÎÊýµÄ¾¯¸æ£¨²¿·ÖÊä³ö£©
ºöÂÔ¹¦ÄÜÓû§»òÁ¬½ÓµÄ»î¶¯
һЩ×éÖ¯»ú¹¹ÓµÓж¨ÆÚÊÚȨ×÷Òµ£¬Ö´ÐÐһЩÀàËÆÓÚÅúÁ¿¸üлò¼ÓÔØµÄ¹¤×÷£¬ÕâЩ¹¤×÷ÐèÒªÔÚÒ¹¼ä»òÖ¸¶¨µÄÅú´¦Àí´°¿ÚÖнøÐС£ÕâЩӦÓóÌÐòͨ³£ÊǾ¹ý¾«ÌôϸѡµÄ£¬²¢ÇÒÔÚ¹¦ÄÜÓû§
ID ÏÂÔËÐС£ÎªÁ˱ÜÃâ InfoSphere Guardium ÊÕ¼¯Æ÷ÖÐÂú¶¼ÊÇÓëÉó¼ÆÎ޹صĻ£¬Ò»Ð©×éÖ¯»ú¹¹½«Ê¹ÓÃÒ»¸öÃûΪ
¡°Ignore S-TAP session¡± µÄ·ÃÎʹæÔò²Ù×÷¡£
Çë×¢Ò⣬ϵͳÈÔÈ»»á¼Ç¼»á»°¿ªÊ¼ºÍ½áÊøÐÅÏ¢£¨¼´£¬Ê±¼ä´Á¡¢¿Í»§¶Ë IP¡¢·þÎñÆ÷
IP¡¢Óû§ÃûµÈµÈ£©¡£¸Ã¹æÔòÖ»±íʾ»áºöÂÔÏêϸµÄÃüÁî»î¶¯¡£
|