Oninit Logo
The Down System Specialists
+1-913-732-8892
+44-2081-337529
Introduction Health Check Standby Admin Remote Admin Remote Monitoring Backup and Restore Custom Support Down Systems
Introduction BenchIt Toolkit Business Logic Extractor Forensic Tools Grafana Data Sources Logwalker Nexus QueryLens Snooper
Unix SQL Advanced SQL 4GL Applications Advanced 4GL IDS Admin Migrating to V14 IDS Performance Managing & Optimising SPL and Triggers IDS V14 Upgrading Very Old Versions Custom Training
Onstat Guide Error Code Guide Reference Datablades The Dumb DBA Sysmaster Fault Finder Firewall Protocols OpenSSH on Solaris
Unix & Web Services Co-Location Web Hosting Managed Servers Web Development
BenchMark Tookkit RegExp Datablade
Partnerships
Overview Terms of Service Privacy Policy Acceptable Use DMCA Policy Security Overview Data Processing Addendum AI Services Contact
Contact
Overview Operations Output Schema Examples Troubleshooting
Install & Download
Install Download
Solution Overview
Summary For DBAs For Architects For Management
Reference
Glossary

Oninit® Snooper — Install

Requirements

ComponentNotes
Linux x86-64 Any kernel 3.2 or later. Other architectures on request.
POSIX threads Linked statically into the binary — no system libpthread required at runtime.
IBM Informix CSDK Not required. The snoop talks SQLI on the wire directly via the embedded Oninit® SQLI library; no libifsql.so, no setcsdk, no INFORMIXDIR at the deployment host.
IBM Informix server Reachable from the snoop host on its TCP port. Any IDS version that speaks SQLI 9.0342 or later (most modern IDS releases).
tcpdump / wireshark Not required. The snoop reads its own forwarded byte stream — no packet capture, no CAP_NET_RAW, no privileged interfaces.

Install

oni_snoop is a single statically linked, stripped ELF binary. There is no package, no shared library, no config file. Drop it on the host, mark it executable, run it. 

sudo install -m 0755 oni_snoop /usr/local/bin/
oni_snoop --help

Verify the binary is fully self-contained: 

$ file /usr/local/bin/oni_snoop
oni_snoop: ELF 64-bit LSB executable, x86-64, statically linked, stripped

$ ldd /usr/local/bin/oni_snoop
        not a dynamic executable

Where to run it

The snoop runs on whatever host the operator wants to observe traffic on — typically the same host as the IDS server, or a dedicated proxy host that sits between the application tier and the database tier. There are three common deployments:

DeploymentUse case
Same host as IDS Loopback observation. Move IDS to an alternate port (or bind it to 127.0.0.1 on a different interface alias) and bind oni_snoop --listen to the original IDS port. Apps reach the well-known port unchanged. Lowest setup cost.
Dedicated proxy host Separate machine in front of IDS. Apps point at the snoop host; the snoop forwards to the real IDS. Useful when IDS reconfiguration is undesirable or when the snoop output benefits from isolation.
Per-environment debug Spin the snoop up only when an issue needs investigating. Run for a few minutes, capture the log, kill the snoop. Apps continue talking to IDS directly the rest of the time via the original sqlhosts entry.

No sqlhosts edits required

The transparent-NAT model is deliberate. The application's $INFORMIXSQLHOSTS entry, $INFORMIXSERVER environment variable, and connect strings stay exactly as configured for the production server. The only change is that whatever address that sqlhosts entry resolves to is now the snoop's listen address; the real IDS lives somewhere else (a different port, a different bind IP, or behind an iptables PREROUTING rule).

This is by design: editing sqlhosts on a production application tier is invasive, often requires app restarts, and is exactly the kind of change operators want to avoid when investigating a transient slowness.

To discuss how Oninit ® can assist please call on +1-913-732-8892 or alternatively just send an email specifying your requirements.


You get all this for free.. think about what you get if you pay us