FREQUENTLY ASKED QUESTIONS

Installation

What are the system requirements for DataSunrise Database Security Suite?

DataSunrise can run on any commodity hardware. No special hardware requirements. If DataSunrise to be used in production, we suggest something like below:

  • CPU 8 cores
  • RAM 8-16GB is sufficient
  • No special storage requirements unless prospects want to test Audit.
  • 100GB for storing audit records could be sufficient for the purpose of data audit.
  • Linux or Windows Server OS.
I’m trying to run DataSunrise on Linux but getting an error message: “Data source name not found and no default driver specified”

Check ODBC driver availability. Execute:

odbcinst -j

to determine ODBC files location and ensure that they are not removed or modified.

Basically, the data source you are attempting to connect to does not exist on your machine. On Linux and UNIX, SYSTEM data sources are typically defined in

/etc/odbc.ini. USER data sources are defined in~/.odbc.ini

You should grant read access to the .ini file that contains the data source. You may need to set ODBCSYSINI, ODBCINSTINI or ODBCINI environment variables to pinpoint odbc.ini and odbcinst.ini

files location if it hasn’t been done before.

I am getting “Could not find libodbc.so.2 (unixODBC is requried)” error while trying to install DataSunrise on Ubuntu 14.04. UnixODBC is installed.

Run the following commands:

cd /usr/lib/x86_64-linux-gnu/ >cd ln -s libodbc.so.1.0.0 libodbc.so.2
I am getting a “Could not find "setcap"” error while trying to install DataSunrise on OpenSUSE 42.1.

Install libcap-progs. To do this, run the following command:

sudo zypper install libcap-progs

Instance Creation and Using

I am not able to create a new Oracle instance on Ubuntu.

Most likely Oracle can’t find a missing libaio.so.1 file. Run the following command to install it on Ubuntu:

sudo apt-get install libaio1

I’m trying to add a new Oracle database via Configuration menu, but the connection is failing because of a “Couldn't load oci.dll” error.

Probably you installed the 32-bit version of Oracle Database Instant Client or did not set system variables correctly. You need to install 64-bit version of Oracle Database Instant Client and add its home directory path to the %ORACLE_HOME% system variable. Then you need to add the same directory path to %PATH% system variable.

I am trying to run PostgreSQL on Linux machine, but database connection is failed: Missing server name, port, or database name in call to CC_connect. (error code 201)
  1. Check ODBC driver availability by executing the following command:

    odbcinst -q -d
  2. Locate and configure ODBC.ini file in the following way:

    [postgres_i] Description = Postgres Database Driver = PostgreSQL Database = postgres Servername = 127.0.0.1 Port = 5432
  3. Check PostgreSQL connection by executing the following command:

    isql postgres_i username password
I’m working on Linux and trying to establish connection between DataSunrise and MySQL database, but it fails because of missing ODBC MySQL driver.

Certain Linux-type operating systems don’t add MySQL driver parameters into odbcinst.ini file, so you should do it manually.If necessary, install MySQL ODBC driver by running the following commands:

For Debian and Ubuntu:

sudo apt-get install libmyodbc libodbc1

For CentOS, Red-Hat and Fedora:

sudo yum install mysql-connector-odbc

Then edit odbcinst.ini file. Run the following command:

sudo nano /etc/odbcinst.ini

Paste the following code into odbcinst.ini and save the file:

[MySQL]

Description = ODBC for MySQLDriver = /usr/libx86_64-linux-gnu/odbc/libmyodbc.soSetup = /usr/libx86_64-linux-gnu/odbc/libodbcmyS.soFileUsage = 1Update configuration files that control ODBC access to database servers by running the following command:

sudo odbcinst -I -d -f /etc/odbcinst.ini

Sniffer Mode

I’m deploying DataSunrise on Windows OS: I installed the database server, client database and the firewall on one host. I’m trying to run DataSunrise in Sniffer mode, but it is not listening for the traffic.

In this case, DataSunrise can’t capture traffic sent from host machine to that same host machine. You should use DataSunrise Proxy mode only or install database server and database client on separate hosts.

When I am trying to run DataSunrise in sniffer mode, it displays a message: “Can not to parsing SSL connection in sniffer mode”.

In order to run the firewall in sniffer mode, you should disable SSL support in your client application settings (SSL Mode -> Disable).You can also switch application’s SSL Mode to “Allow” or “Prefer” but disable SSL support in database server settings first.

When running DataSunrise in the sniffer mode, I get an error: 'DS_31037E: Crypto {ha-05:1433}'

Can not determine the username with Kerberos or local NTLM authentication in the Sniffer mode. Until the parameters of the crypto provider are properly configured, we can not identify the login/user. The UNKNOWN LOGIN account will be used as the current user. Rules checks may not work correctly until this error is resolved. Refer to subs. 4.7.2 of the Administration Guide for details. And we cannot define name of user for NTLM if the client and the server are installed on the same host.

Rules

I’m creating a Dynamic Data Masking rule and I want to mask different columns (for example: name, email address) of a table, but I can select only one masking method for all the columns. Is it possible to use different masking methods for different columns of the same table?

Available masking methods depend on the column’s data type. You can assign only one masking method to a column, so you might need to create multiple rules to mask multiple columns that contain various data types. You can assign the same rule to columns of the same data type or use a custom function for multiple columns with various data types, only if the custom function logic is capable of dealing with multiple data types.

Common

I’m trying to enter the web interface after program update, but it displays “Internal System Error” message.

Most likely you kept web interface tab opened in your web browser while updating the firewall. Log out the web interface if necessary and press Ctrl + F5 to reload the page.

DataSunrise Suite running on a host cannot capture data packets between database client running on the same host and database server running on an Oracle VirtualBox virtual machine.

Please, check your setup:

  • Host:

    • Windows 8.1 (64-bit)

    • DataSunrise Database Security Suite

    • WinPcap 4.1.3

    • Database client: EMS SQL Manager for DB2

  • VirtualBox 5.0.X virtual machine (running on the host):

    • Guest OS: Windows 7 Professional (64-bit)

    • Database Server: DB2

    If you’re using VirtualBox 5.0.2, for instance, DataSunrise will likely fail to capture data packets between database client running on the host and database server running on the guest OS. This problem can occur under various network connection settings such as NAT, bridged and host-only. However, if you run the DB client on the guest OS and DB server — on the host, DataSunrise will be able to capture network packets. This issue is caused by VirtualBox 5.0.X virtual network adapter (VirtualBox NDIS Bridged Network Driver). Try to install an older version of VirtualBox and check if DataSunrise captures data packets between the host and guest OS.

Can DataSunrise be paired with load balancers?

DataSunrise supports load balancers. For example, we support the Classic Load Balancer on AWS. You can also use a certain load balancer when deploying DataSunrise on premises in a HA configuration. DataSunrise supports various types of load balancers. For example, DataSunrise supports AWS-based application being fully integrated with AWS Classic Load Balancer. Additionally, DataSunrise can be configured to use a certain load balancer like HAProxy, etc. Note: DataSunrise Supports load balancers when operating in HA mode only.

DataSunrise fails to connect to the database.

1. Check the state of proxies using DataSunrise GUI.

  • Open DataSunrise web UI and go to Configurations > Databases subsection.
  • Click Edit on the database instance you want to check.
  • Click the Test Сonnection button.
  • Enter the password and click the Test All button. If the status of all ports is OK, go to the next step of this guide.

2. Test the connection with Nmap (Linux) or Telnet Client (Windows).

WindowsLinux
To enable Telnet client, run the command prompt with administrative privileges and perform the following command:

dism /online /Enable-Feature /FeatureName:TelnetClient

Wait until the operation finishes. You will have to restart your computer in order to implement system changes.
If you don’t have Nmap installed on your machine, open the command line and perforn the following command:

sudo apt-get install nmap

Launch Telnet Client and use the o command with the required hostname and port as shown below:

o 192.168.1.100 3306
After the installation perform the nmap command with the required hostname:

nmap 192.168.1.100
I’m trying to send emails to subscribers and get the following error: “Could not send email to XX@XXX.XXX Error: Operation timed out after 10000 milliseconds with 0 out of 0 bytes receive”

This error can be caused by unavailable SMTP server. Please refer to the User Guide, subs. 5.8.1 for SMTP server configuration description.

I’m planning to integrate DataSunrise with an LDAP server and I want to use the LDAP port 636 with SSL. How can I do that?

DataSunrise supports both SSL and non-SSL authentication for LDAP. To run DataSunrise with SSL, navigate to System Settings → LDAP servers and check the “SSL” checkbox in the server’s settings.

I’ve generated a new self-signed certificate and updated the appfirewall.pem, but the client browsers still deem it as an untrusted certificate.

A self-signed certificate should have an exception added to it as a trusted certificate on each client machine’s browser. If a certificate gets updated, you will need to add another exception for it as a trusted certificate on each client machine’s browser again. If your client machines are administered under Domain Controller, you’d have the option to install the certificate into the client machines via the domain controller. Refer to this link for detailed instructions:

https://docs.microsoft.com/en-us/previous- versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732625(v=ws.11)
I’m running DataSunrise on-premises and I want to move to HA configuration. How can I do it?

DataSunrise does not support creation of HA configuration unless you have initially installed it in HA mode. If you want to use your non-HA installation in the HA mode, you can create a dictionary backup, remove DataSunrise, install it in the HA mode and then import dictionary backup to the new DataSunrise installation. Here’s how you can do this:

  • Create dictionary backup (Navigate to “System Settings” → “General”, click “Backup +”, select all checkboxes in the popup window).
  • -Save the “backup” folder from the DataSunrise installation directory somewhere.
  • Uninstall DataSunrise.
  • -Install DataSunrise in the HA mode.
  • Copy your “backup” folder to the DataSunrise installation directory.
  • Restore the dictionary from the backup (“System Settings” -> “General”, “Restore”).
Can I configure another external application except Slack to receive DataSunrise messages?

You can use any instant messenger if a comman line for this messenger exists. But DataSunrise doesn’t maintain external applications. You can see how to configure DataSunrise to be used with Slack here:https://www.datasunrise.com/blog/sending_notifications-to-slack
You can configure any other external application in the same manner. For example, you can use this client for WhatsApp:https://github.com/tgalal/yowsup/wiki/Command-line-client

Why is DataSunrise still working after the License has expired?

Even after the license expiration, DataSunrise processes would continue to work until it is restarted. Upon restarting DataSunrise following the license expiration, users would not be able to login into the Web UI dashboard after. On a related note, DataSunrise is smart enough to identify fraud-lent license usage.

I'm getting the following warning: 'The free disk space limit for audit is reached. The current disc space amount is XXX MB. The disk space limit is 10240 MB'

If you want to decrease the disk space threshold for this warning, navigate to the System Settings → Additional and change the “LogsDiscFreeSpaceLimit” parameter’s value from 10240 to 1024 Mb for example.