Hi Segun,
- Did you check the ports and IPs that databases listen to? You should configure them in the server group. Sometimes those ports are different from the default.
- Have you been able to check that GWs have connections from the high port you configured in the listener?
- Did you check the IPs configured in the server group? Confirm this information with the DBA.
- Have you been able to check if Imperva supports the Operation System and DB version using the Imperial tool? https://www.imperva.com/data-security-coverage-tool/?_ga=2.184797423.712597911.1598186313-512917704.1597662214. Sometimes when you run the WhichRagent script, it comes up with a possible agent version compatible with the server, but it's not true. Make sure Imperva supports that version with the link above.
If the configuration above is corrected, you can manually configure the ports and IPs in the Data Interfaces section and check if you see any traffic in the ports and Ips configured.
Lastly, could you check if you see traffic in the GWS using a tcpdump? I sometimes downgrade a previous agent version, which usually works for me.
I hope these tips help you to figure out why the agent is not detecting traffic.
------------------------------
Danilo Garces
Support Engineer
RSec Colombia S.A.S.
Bogota
------------------------------
Original Message:
Sent: 02-11-2023 01:31
From: Segun Aderibigbe
Subject: Agent not detecting traffic
Hi Friends,
I need help in understanding why Agent is not detecting traffic. The right agent is installed, agent settings is well configured (Set to blocking, sniffing, Servergroup is okay). Security policy is configured and applied on the server group. We detect traffic on the MSSQL servers but we can't detect traffic on the OEL_EUK and the AIX servers even though everything looks fine
#DatabaseActivityMonitoring
#ImpervaAgent
------------------------------