Professional Documents
Culture Documents
Oracle Audit Vault can also collect audit data produced by the following database products(other than Oracle
RDBMS):
Audit Vault Server A stand-alone stacked application that contains a data warehouse built on a customized
installation of Oracle Database. Oracle Database Vault is protecting the Audit Vault datawarehouse. The Audit
Vault Server contains also the OC4J components that support the Audit Vault Console.
Audit Vault Collection Agent The Agent is responsible for managing the collectors, which are specific to an
audit source and act as the middleman between the source database and the Audit Vault Server by pulling
the audit trail data from the source and sending it to the Audit Vault Server over SQL*Net.
Database Client
Configuration and
Description
Oracle container for Web applications consisting of:
Audit Vault Administrator's Console User interface to manage Audit Vault. Collection
Agents, Collectors, and so forth
Audit Vault Auditor's Console - User interface to manage Audit Vault. Audit Policy
Manager, Reports, Alerts, and so forth
Oracle Enterprise Manager Database Control console User interface to manage the
raw audit data store or audit repository database
Management Framework Sends management commands to the Audit Vault Collection
Agent to start or stop collection agents and collectors, collect metrics, receive
management commands from AVCTL, AVCA, AVORCLDB, and AVMSSQLDB commandline interfaces using HTTP protocol or HTTPS mutual certificate-based authentication
Audit Policy System A service to retrieve and provision audit settings on the Oracle
Database source; and a system to create and manage alerts raised by audit events from
all sources as they are stored in the audit event repository
Infrastructure to communicate to the audit repository, consisting of:
Oracle Wallet Contains credentials to authenticate Audit Vault users
Configuration Files Files used by Audit Vault for networking, preferences, and so
forth.
Utilities used to configure and manage Oracle Audit Vault, such as the AVCA, AVCTL,
Audit repository
Database Client
Configuration and
Management
Tools
Collectors
Description
Oracle container for Web applications consisting of:
Audit Vault Collector Manager Receives management commands from Audit Vault
Server to start and stop collectors, collect and return metrics, and so forth.
Audit Settings Manager Receives commands from Oracle Audit Vault to extract audit
settings from an Oracle Database source.
Infrastructure to communicate to the audit repository, consisting of:
Oracle Wallet Contains credentials to authenticate Audit Vault users
Configuration Files Files used by Audit Vault for networking, preferences, and so forth.
Utilities used to configure and manage Audit Vault, such as the AVCA, AVCTL, AVORCLDB, and
AVMSSQLDB command-line utilities
A collector is specific to an audit source and acts as the middleman between the source and the
Audit Vault Server by pulling the audit trail data from the source and sending it to the Audit
Vault Server over SQL*Net
Collector Type Audit Source Audit Trail
OSAUD
Oracle
On Linux and UNIX platforms: the operating system logs
Database
(audit logs) (SYS$AUD) (.aud) and XML (.xml) files)
On Linux and UNIX-based platforms: the operating system
logs or syslog
On Windows platforms: the operating system Windows
event log and operating system logs (audit logs) XML (.xml)
files
DBAUD
Oracle
Oracle Database audit trail, where standard audit events are
Database
written to the SYS.AUD$ dictionary table
Oracle Database fine-grained audit trail, where audit events
are written to the SYS.FGA_LOG$ dictionary table
Oracle Database Vault audit trail, where audit events are
written to the DVSYS.AUDIT_TRAIL$ dictionary table
REDO
Oracle
Logical change records (LCRs) from the REDO logs
Database
MSSQLDB
Microsoft
C2 audit logs, Server-side trace logs, and Windows Event log
SQL Server
groupadd oinstall
groupadd dba
mkdir -p /export/home/oracle
mkdir /u01
useradd -d /export/home/oracle -g oinstall -G dba -s /bin/ksh oracle
chown oracle:dba /export/home/oracle /u01
passwd oracle
Use a text editor and add the lines listed below to /etc/security/limits.conf, /etc/pam.d/login, and /etc/profile
/etc/security/limits.conf
oracle
oracle
oracle
oracle
soft
hard
soft
hard
nproc 2047
nproc 16384
nofile 1024
nofile 65536
/etc/pam.d/login
session required /lib/security/pam_limits.so
session required pam_limits.so
/etc/profile
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
Use a text editor and add the lines listed below to /etc/sysctl.conf.
fs.file-max = 65536
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
net.core.rmem_default = 1048576
net.core.rmem_max = 1048576
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_local_port_range = 1024 65000
The /etc/hosts file must contain a fully qualified name for the server:
<IP-address> <fully-qualified-machine-name> <machine-name>
[oracle@oravaultserver log]$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1
localhost.localdomain
localhost
192.168.1.60
192.168.1.65
oravaultserver.oracle.com oravaultserver
oravaultagent.oracle.com oravaultagent
/export/home/oracle/.profile
umask 022
ORACLE_BASE=/u01/app/oracle
ORACLE_HOME=/u01/app/oracle/product/ 10.2.3/av_1
ORACLE_SID=avtest
LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
TMP=/tmp
TEMP=/tmp
TMPDIR=/tmp
PATH=$ORACLE_HOME/bin:$PATH
export PATH ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH
export TMP TEMP TMPDIR
Check from below URL Depending on OS version ( in this note Im using Oracle Enterprise Linux 5)
http://docs.oracle.com/cd/E11062_01/install.1023/e11055/avinl_preinstall.htm#BABCGHAI
package_name.rpm
On the Select Installation Type screen, select the Advanced Installation option, then click Next.
Enter the following information on the Database Vault User Credentials screen.
Database Vault Owner and Database Vault Account Manage Accounts
Review the installation prerequisite checks on the Prerequisite Check screen, then click Next
On the Specify Database Storage Options screen, you can select one of the following storage options: File system,
Automatic Storage Management (ASM), or Raw Devices.
If you select the File System, specify or browse to the database file location for the data files. If you select Raw
Devices, specify the path or browse to the Raw Devices mapping file. If you select Automated Storage Management
(ASM), you must have already installed ASM. Make a selection and click Next.
Then On the Specify Backup and Recovery Options screen, you can choose either to not enable automated backups or
to enable automated backups.
Ahmed Fathi - Senior Oracle Consultant
P ag e |7
Email: ahmedf.dba@gmail.com Blog: http://ahfathi.blogspot.com LinkedIn: http://linkedin.com/in/ahmedfathieg
On the Specify Database Schema Passwords screen, you can choose to enter different passwords for each privileged
database account or select the Use the same passwords for all account
Review the installation summary information on the Advanced Installation Summary screen. After reviewing this
installation information, click Install to begin the installation procedure. The installation will copy files, link binaries,
apply patches, run configuration assistants, including DBCA to create and start the Audit Vault Server, DVCA to secure
the server, and AVCA to configure and start Audit Vault Console
Run scripts as the root user when prompted by Oracle Universal Installer
After the installation completes, take note of the Oracle Enterprise Manager Database Control URL and the Audit
Vault Console URL. On the Exit page, click Exit. Then, on the Confirmation message box, click Yes to exit Oracle
Universal Installer.
Specify the following information on the Agent Details page, then click Next:
1) Audit Vault Agent Name The name of the agent (created in preinstallation)
2) Audit Vault Agent Home Specify the path to the Audit Vault Agent home where you want to install Oracle
Audit Vault Agent
3) Agent User Name The account name of the Audit Vault Agent User (created in preinstallation)
4) Agent User Password The password for the Audit Vault Agent user
5) Specify the Audit Vault Server Connect String that takes the form hostname:port:service name in that order
using a (:) colon delimiter between each item
Review the installation prerequisite checks on the Prerequisite Check screen, then click Next
On the installation Summary page, review the installation summary information. After reviewing this installation
information, click Install to begin the installation procedure.
Run scripts as the root user when prompted by Oracle Universal Installer
After the installation completes, on the Exit page, click Exit. Then, on the Confirmation message box, click Yes to exit
Oracle Universal Installer.
Registering Oracle Database Sources and Collectors with Audit Vault Server
Create a user on source database server.
SQL> create user avuser identified by oracle;
The source user avuser, must have a set of required privileges and roles granted to it. The required privileges and
roles are listed in $ORACLE_HOME/av/scripts/streams/source/zarsspriv.sql. This script is located in both the Audit
Vault Server and the Audit Vault Collection Agent Oracle home.
Run this script on the source database as SYS user to grant this user avuser the required privileges using the following
syntax:
SQL> zarsspriv.sql srcusr mode
SETUP For OSAUD and DBAUD collectors, and for policy management
REDO_COLL For the REDO log collector; includes all privileges that are granted using the argument mode SETUP.
Note : After successful execution of 'avorcldb add_source', you can notice an entry being created in tnsnames.ora file
for the source database. It is located in $ORACLE_HOME/network/admin directory on the Audit Vault Server Oracle
Home
Collector Configurations
Verify if the source database is ready for DBAUD collector. This can be done from both Audit Vault Server and the
Agent home. The same for REDO and OSAUD collectors
From the Audit Vault Server home shell, execute 'avorcldb add_collector' to add DBAUD collector.
From the Audit Vault Server home shell, execute 'avorcldb add_collector' to add OSAUD collector.
From the Audit Vault Server home shell, execute 'avorcldb add_collector' to configure REDO collector. If you want to
add REDO collector
$ avorcldb add_collector -srcname
oravaultagent:1521:ORCL
Starting Collectors
Using the AVCTL start_collector command to start collectors
DBAUD Collector
OSAUD Collector
Registering Microsoft SQL Server Database Sources and Collector with Audit Vault Server
-
Oracle Audit Vault requires a JDBC connection to the SQL Server database. Audit Vault supports Microsoft SQL Server
JDBC Driver version 1.2. Ensure that you have downloaded the JDBC driver (sqljdbc.jar) to the $ORACLE_HOME/jlib
directories in both the Audit Vault Server and Audit Vault collection agent homes.
http://msdn.microsoft.com/en-us/data/aa937724.aspx
The collector must use this user account to access audit data from the Microsoft SQL Server source database
instance. After you create the user account, the privileges that you assign to this user depend on whether the source
database instance is Microsoft SQL Server 2000, 2005, or 2008.
Create the user account:
1. Log in to the Microsoft SQL Server source database instance.
2. Create a user account. for example, to create a user account named srcuser_mss:
EXEC sp_addlogin srcuser_mss, password
For a Microsoft SQL Server 2005 or 2008 database, grant this user the alter_trace privilege.
1. Log in as the SYSADMIN user.
2. Run the following command to grant the alter trace privilege to the user.
GRANT ALTER TRACE TO srcuser_mss
For a Microsoft SQL Server 2000 database instance, grant the user the SYSADMIN fixed server role.
1. Click Security.
2. Click Logins.
3. Right-click the login you created (srcuser_mss).
4. Click Properties.
5. On the left pane, click Server Roles.
6. Select the sysadmin option setting, and then click OK.
-
Register the SQL Server Source Database Instance with Audit Vault
To register the SQL Server source database instance with Oracle Audit Vault, Run the avmssqldb add_source
command.
avmssqldb add_source -src 'hrdb.example.com\hr_db' -srcname mssqldb1 -desc 'HR Database'
Enter a username: srcuser_mss
Enter a password : password
-
To add the MSSQLDB collector to Oracle Audit Vault, Run the avmssqldb add_collector command.
avmssqldb add_collector -srcname mssqldb1 -agentname agent1
Enter a username: srcuser_mss
Enter a password: password
-
To enable the Oracle Audit Vault agent to run the MSSQLDB collector, Run the avmssqldb setup command.
avmssqldb setup -srcname mssqldb1
Enter a username : srcuser_mss
Enter a password : password
Ahmed Fathi - Senior Oracle Consultant
P a g e | 16
Email: ahmedf.dba@gmail.com Blog: http://ahfathi.blogspot.com LinkedIn: http://linkedin.com/in/ahmedfathieg
avca.log
av_client-%g.log.n
Description
This log file tracks the commands issued by the
avorcldb facility. Avorcldb facility is used during the
initial configuration of audited sources and Audit
Vault agents and collectors.
This log file tracks the creation of collectors and the
starting and stopping of Audit Vault agents and
collectors.
This log file contains information about collection
metrics from the Audit Vault Collection Agent. The
%g is a generation number that starts from 0 (zero)
and increases once the file size reaches the 10 MB
limit.
Maintenance
It is safe to delete this file at any
time.
Description
Contains a log of all errors encountered in agent
initialization and operation.
Contains a log of all primary agent-related
operations and activity.
Maintenance
It is safe to delete this file at any
time.
This file may only be deleted after
the Audit Vault Collection Agent is
shutdown.
It is safe to delete this file at any
time.
avca.log
avorcldb.log
<CName><SName><SI
d>.log
av_client-%g.log.n
sqlnet.log