FREQUENTLY ASKED QUESTIONS
DataSunrise can run on any commodity hardware. No special hardware requirements. If DataSunrise to be used in production, we suggest something like below:
- CPU 8 cores
- RAM 8-16GB is sufficient
- No special storage requirements unless prospects want to test Audit.
- 100GB for storing audit records could be sufficient for the purpose of data audit.
- Linux or Windows Server OS.
Check ODBC driver availability. Execute:
to determine ODBC files location and ensure that they are not removed or modified.
Basically, the data source you are attempting to connect to does not exist on your machine. On Linux and UNIX, SYSTEM data sources are typically defined in
You should grant read access to the .ini file that contains the data source. You may need to set
ODBCSYSINI, ODBCINSTINI or ODBCINI environment variables to pinpoint
files location if it hasn’t been done before.
Run the following commands:
cd /usr/lib/x86_64-linux-gnu/ >cd ln -s libodbc.so.1.0.0 libodbc.so.2
Install libcap-progs. To do this, run the following command:
sudo zypper install libcap-progs
Instance Creation and Using
Most likely Oracle can’t find a missing libaio.so.1 file. Run the following command to install it on Ubuntu:
sudo apt-get install libaio1
Probably you installed the 32-bit version of Oracle Database Instant Client or did not set system variables correctly. You need to install 64-bit version of Oracle Database Instant Client and add its home directory path to the %ORACLE_HOME% system variable. Then you need to add the same directory path to %PATH% system variable.
Check ODBC driver availability by executing the following command:
odbcinst -q -d
Locate and configure ODBC.ini file in the following way:
Description = Postgres Database
Driver = PostgreSQL
Database = postgres
Servername = 127.0.0.1
Port = 5432
Check PostgreSQL connection by executing the following command:
isql postgres_i username password
Certain Linux-type operating systems don’t add MySQL driver parameters into odbcinst.ini file, so you should do it manually.If necessary, install MySQL ODBC driver by running the following commands:
For Debian and Ubuntu:
sudo apt-get install libmyodbc libodbc1
For CentOS, Red-Hat and Fedora:
sudo yum install mysql-connector-odbc
Then edit odbcinst.ini file. Run the following command:
sudo nano /etc/odbcinst.ini
Paste the following code into odbcinst.ini and save the file:
Description = ODBC for MySQLDriver = /usr/libx86_64-linux-gnu/odbc/libmyodbc.soSetup = /usr/libx86_64-linux-gnu/odbc/libodbcmyS.soFileUsage = 1Update configuration files that control ODBC access to database servers by running the following command:
sudo odbcinst -I -d -f /etc/odbcinst.ini
In this case, DataSunrise can’t capture traffic sent from host machine to that same host machine. You should use DataSunrise Proxy mode only or install database server and database client on separate hosts.
In order to run the firewall in sniffer mode, you should disable SSL support in your client application settings (SSL Mode -> Disable).You can also switch application’s SSL Mode to “Allow” or “Prefer” but disable SSL support in database server settings first.
Can not determine the username with Kerberos or local NTLM authentication in the Sniffer mode. Until the parameters of the crypto provider are properly configured, we can not identify the login/user. The UNKNOWN LOGIN account will be used as the current user. Rules checks may not work correctly until this error is resolved. Refer to subs. 4.7.2 of the Administration Guide for details. And we cannot define name of user for NTLM if the client and the server are installed on the same host.
Available masking methods depend on the column’s data type. You can assign only one masking method to a column, so you might need to create multiple rules to mask multiple columns that contain various data types. You can assign the same rule to columns of the same data type or use a custom function for multiple columns with various data types, only if the custom function logic is capable of dealing with multiple data types.
Most likely you kept web interface tab opened in your web browser while updating the firewall. Log out the web interface if necessary and press Ctrl + F5 to reload the page.
Please, check your setup:
Windows 8.1 (64-bit)
DataSunrise Database Security Suite
Database client: EMS SQL Manager for DB2
VirtualBox 5.0.X virtual machine (running on the host):
Guest OS: Windows 7 Professional (64-bit)
Database Server: DB2
If you’re using VirtualBox 5.0.2, for instance, DataSunrise will likely fail to capture data packets between database client running on the host and database server running on the guest OS. This problem can occur under various network connection settings such as NAT, bridged and host-only. However, if you run the DB client on the guest OS and DB server — on the host, DataSunrise will be able to capture network packets. This issue is caused by VirtualBox 5.0.X virtual network adapter (VirtualBox NDIS Bridged Network Driver). Try to install an older version of VirtualBox and check if DataSunrise captures data packets between the host and guest OS.
DataSunrise supports load balancers. For example, we support the Classic Load Balancer on AWS. You can also use a certain load balancer when deploying DataSunrise on premises in a HA configuration. DataSunrise supports various types of load balancers. For example, DataSunrise supports AWS-based application being fully integrated with AWS Classic Load Balancer. Additionally, DataSunrise can be configured to use a certain load balancer like HAProxy, etc. Note: DataSunrise Supports load balancers when operating in HA mode only.
1. Check the state of proxies using DataSunrise GUI.
- Open DataSunrise web UI and go to Configurations > Databases subsection.
- Click Edit on the database instance you want to check.
- Click the Test Сonnection button.
- Enter the password and click the Test All button. If the status of all ports is OK, go to the next step of this guide.
2. Test the connection with Nmap (Linux) or Telnet Client (Windows).
|To enable Telnet client, run the command prompt with administrative privileges and perform the following command:|
dism /online /Enable-Feature /FeatureName:TelnetClient
Wait until the operation finishes. You will have to restart your computer in order to implement system changes.
|If you don’t have Nmap installed on your machine, open the command line and perforn the following command:|
sudo apt-get install nmap
|Launch Telnet Client and use the o command with the required hostname and port as shown below:|
o 192.168.1.100 3306
|After the installation perform the nmap command with the required hostname:|
This error can be caused by unavailable SMTP server. Please refer to the User Guide, subs. 5.8.1 for SMTP server configuration description.
DataSunrise supports both SSL and non-SSL authentication for LDAP. To run DataSunrise with SSL, navigate to System Settings → LDAP servers and check the “SSL” checkbox in the server’s settings.
A self-signed certificate should have an exception added to it as a trusted certificate on each client machine’s browser. If a certificate gets updated, you will need to add another exception for it as a trusted certificate on each client machine’s browser again. If your client machines are administered under Domain Controller, you’d have the option to install the certificate into the client machines via the domain controller. Refer to this link for detailed instructions:https://docs.microsoft.com/en-us/previous- versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732625(v=ws.11)
DataSunrise does not support creation of HA configuration unless you have initially installed it in HA mode. If you want to use your non-HA installation in the HA mode, you can create a dictionary backup, remove DataSunrise, install it in the HA mode and then import dictionary backup to the new DataSunrise installation. Here’s how you can do this:
- Create dictionary backup (Navigate to “System Settings” → “General”, click “Backup +”, select all checkboxes in the popup window).
- -Save the “backup” folder from the DataSunrise installation directory somewhere.
- Uninstall DataSunrise.
- -Install DataSunrise in the HA mode.
- Copy your “backup” folder to the DataSunrise installation directory.
- Restore the dictionary from the backup (“System Settings” -> “General”, “Restore”).
You can use any instant messenger if a comman line for this messenger exists. But DataSunrise doesn’t maintain external applications. You can see how to configure DataSunrise to be used with Slack here: https://www.datasunrise.com/blog/professional-info/sending_notifications-to-slack/
You can configure any other external application in the same manner. For example, you can use this client for WhatsApp: https://github.com/tgalal/yowsup/wiki/Command-line-client
Even after the license expiration, DataSunrise processes would continue to work until it is restarted. Upon restarting DataSunrise following the license expiration, users would not be able to login into the Web UI dashboard after. On a related note, DataSunrise is smart enough to identify fraud-lent license usage.
If you want to decrease the disk space threshold for this warning, navigate to the System Settings → Additional and change the “LogsDiscFreeSpaceLimit” parameter’s value from 10240 to 1024 Mb for example.