SonarG 4.1

SonarG Overview

jSonar® SonarG is a system for storing, managing and providing access to the IBM® InfoSphere® Guardium® Database Activity Monitoring (DAM) system (referred to as "Guardium" throughout this documentation).

This section provides an overview of the SonarG system, including a high-level view of the system architecture, and a description of the data model.

SonarG Architecture

SonarG is a Big Data system that uses the SonarW NoSQL Data Warehouse to store data extracted from Guardium collectors. SonarG centralizes all Guardium data into a single database store, regardless of the number of collectors – thus eliminating the need for complex aggregation processes.

SonarG's advanced database architecture allows for unparalleled performance in reporting and analytics. The proprietary database also allows customers to retain Guardium data for long periods of time, without impacting performance.

SonarG includes the following components:

  • The SonarW NoSQL Data Warehouse.

  • The SonarCollector ETL layer and specific Guardium ETL algorithms.

  • The SonarG Application.

  • The SonarK discovery tool (based on Kibana).

  • SonarSQL, providing SQL access to Guardium data stored within SonarW.

  • JSON Studio, providing a graphical user interface (GUI) for advanced analytic query building and visualization.

UUID-8e7d8888-dfd1-a451-57f1-ae46aa0b0e2a.png

The SonarG software package is installed on a RHEL Linux server. SonarG can be installed on a physical server or a virtual machine.

It is strongly recommended that SonarG is the only application on the server, and not co-located with other applications. SonarG's Big Data workloads area resource-intensive, consuming all available compute, memory and I/O resources. It is therefore recommended to run SonarG on its own server.

SonarG receives data from Guardium collectors through an SCP process of compressed extraction files. These files are produced by the collectors and the mechanism is supported for Guardium versions 9.x and 10.x. For systems running version 9.5 collectors, the IBM data extraction patch 609 (or a cumulative later patch) must be installed. Consult your SonarG account manager for the precise IBM patch required. Guardium 10 has built-in support for producing these extract files.

Guardium data is copied to a staging server, where it is processed by SonarG ETL into SonarG using Guardium-specific processes. The staging server can be the SonarG server (preferred) or another server. When configuring data extraction in Guardium, the staging server should specified under “hostname.’

Guardium collectors produce and copy files on an hourly basis. The SonarG ETL process runs continuously and ingests these extract files on an ongoing basis. Data is therefore available in SonarG with a lag not longer than ~60-75 minutes.

Once the data is in SonarW, various tools provide access to the Guardium data. These include a SonarG custom-built reporting layer, JSON Studio for building queries, reports and visualizations directly over the Guardium data, a Web Services layer and a SQL layer. All these are installed on the SonarG server as part of the SonarG installer.