- All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault [Document 207959.1]
- Security Checklist: 10 Basic Steps to Make Your Database Secure from Attacks [Document 1545816.1]
- Master Note For Database Privileges And Roles [Document 1347470.1]
- Master Note For Oracle Database Authentication [Document 1349896.1]
- Master Note For Oracle Database Auditing [Document 1299033.1]
- Master Note For Oracle Database Vault [Document 1195205.1]
- Master Note For Oracle Audit Vault [Document 1199033.1]
- Master Note For Transparent Data Encryption (TDE) [Document 1228046.1]
- Master Note For Kerberos Authentication [Document 1375853.1]
- Master Note For Enterprise User Security (EUS) [Document 1376365.1]
- Master Note For Oracle Virtual Private Database ( VPD / FGAC / RLS ) [Document 1352641.1]
- Master Note For Audit Vault Server And Database Firewall [Document 2169653.1]
- Master Note For Oracle Key Vault [Document 2120572.1]
this Document
| Purpose |
| Scope |
| Details |
| Oracle Audit Vault Concepts and Overview |
| Oracle Audit Vault Installation |
| Oracle Audit Vault Configuration and Administration |
| Oracle Audit Vault Troubleshooting and Debugging |
| Oracle Audit Vault Best Practices |
| Oracle Audit Vault Patching |
| Oracle Audit Vault Documentation |
| Oracle Audit Vault Licensing |
| Using My Oracle Support Effectively |
| References |
APPLIES TO:
Oracle Audit Vault - Version 10.2.2.0 and laterInformation in this document applies to any platform.
PURPOSE
This Master Note is intended to provide an index and references to the most frequently used My Oracle Support Notes with respect to Oracle Audit Vault. This Master Note is subdivided into categories to allow for easy access and reference to notes that are applicable to your area of interest. This includes the following categories:
- Oracle Audit Vault Concepts and Overview
- Oracle Audit Vault Installation
- Oracle Audit Vault Configuration and Administration
- Oracle Audit Vault Troubleshooting and Debugging
- Oracle Audit Vault Best Practices
- Oracle Audit Vault Patching
- Oracle Audit Vault Documentation
- Oracle Audit Vault Licensing
- Using My Oracle Support Effectively
SCOPE
This document is meant for use as a guide by those who are installing/configuring or managing/troubleshooting Oracle Audit Vault.
This note applies to the following versions of the product:
Oracle Audit Vault versions 10.2.2.0 and later
This note applies to the following versions of the product:
Oracle Audit Vault versions 10.2.2.0 and later
DETAILS
Oracle Audit Vault Concepts and Overview
Oracle Audit Vault automates the collection and consolidation of audit data into a secure repository,
Oracle Audit Vault collects database audit data from the following Oracle audit sources:
- audit trail tables
- database audit files on the operating system
- syslog & EventLog
- archived redo log files to capture before/after value changes of transactions.
Oracle Audit Vault can also collect audit data produced by the following database products(other than Oracle RDBMS):
- Microsoft SQL Server
- IBM DB2 UDB
- Sybase ASE
The architecture of Audit Vault consists of two major components that work together to collect, store and secure the audit data:
- Audit Vault Server A stand-alone stacked application that contains a data warehouse built on a customized installation of Oracle Database. Oracle Database Vault is protecting the Audit Vault datawarehouse. The Audit Vault Server contains also the OC4J components that support the Audit Vault Console.
- Audit Vault Collection Agent The Agent is responsible for managing the collectors, which are specific to an audit source and act as the middleman between the source database and the Audit Vault Server by pulling the audit trail data from the source and sending it to the Audit Vault Server over SQL*Net.
Oracle Audit Vault Installation
Note 848408.1 - Oracle Audit Vault Server Platform Support
Note 848402.1 - Oracle Audit Vault Agent Platform Support
Note 731081.1 - Oracle Audit Vault 10.2.3.0.0 Installation fails intermittently in some environments
Note 871252.1 - Oracle Audit Configuration Assistant Fails With Java Errors
Note 1058184.1 - Oracle Audit Vault Configuration Assistant Fails While Installing The AV Server
Note 889346.1 - What To Do If Audit Vault Configuration Fails[AVCA] While Installing Audit Vault Server?
Note 751085.1 - Errors While Installing Audit Vault Or While Applying An Audit Vault Patchset
Note 753920.1 - Availability of Oracle Audit Vault Server on Windows
Note 1362173.1 - Oracle Audit Vault Repository Creation Failed On 11gr2 Asm Stack
Note 1265058.1 - How To Install PSU 10.2.0.4.6/7 On Audit Vault Server Repository Database
Note 1051822.1 - How To Install The January 2010 CPU Patch To Audit Vault Version 10.2.3.2
Oracle Audit Vault Configuration and Administration
Note 788381.1 - Audit Vault Collection Agent Configuration for RAC Database - Step by Step Guide
Note 1362173.1- Oracle Audit Vault Repository Creation Failed On 11gr2 Asm Stack
Note 731908.1 - New Feature DBMS_AUDIT_MGMT To Manage And Purge Audit Information
Note 784383.1 - Source Not Mapped to an Active Agent While Retrieving Audit Settings from Source
Note 850170.1 - Error Executing Task add_agent OAV-46599
Note 764035.1 - Unable To Add Source To Audit Vault
Note 740657.1 - ORA-1017 While Adding an Agent Using AVCA
Note 783664.1 - Getting Error "Java.Sql.Sqlexception: Ora-27452: Om" While Adding A New Redo Collector
Note 746503.1 - While Provisioning The Audit Settings on The Source Database Huge Trace Files Get Created
Note 747843.1 - Audit Settings Provisioning fails with "Errors:<nnn> settings has been failed in this provision."
Note 958595.1 - What Ports Have To Be Opened In The Firewall To Allow The Communication Of The Audit Vault Agent With The Audit Vault Server ?
Note 1362173.1- Oracle Audit Vault Repository Creation Failed On 11gr2 Asm Stack
Note 731908.1 - New Feature DBMS_AUDIT_MGMT To Manage And Purge Audit Information
Note 784383.1 - Source Not Mapped to an Active Agent While Retrieving Audit Settings from Source
Note 850170.1 - Error Executing Task add_agent OAV-46599
Note 764035.1 - Unable To Add Source To Audit Vault
Note 740657.1 - ORA-1017 While Adding an Agent Using AVCA
Note 783664.1 - Getting Error "Java.Sql.Sqlexception: Ora-27452: Om" While Adding A New Redo Collector
Note 746503.1 - While Provisioning The Audit Settings on The Source Database Huge Trace Files Get Created
Note 747843.1 - Audit Settings Provisioning fails with "Errors:<nnn> settings has been failed in this provision."
Note 958595.1 - What Ports Have To Be Opened In The Firewall To Allow The Communication Of The Audit Vault Agent With The Audit Vault Server ?
Oracle Audit Vault Troubleshooting and Debugging
The Oracle Audit Vault troubleshooting guide can be found in the documentation.
Note 1360138.1 - Audit Vault Server Configuration Report and Health Check Script
Note 972983.1 - What To Check When The Audit Vault Server Cannot Be Started?
Note 1271707.1 - How To Investigate The "Http Communication errors" Encountered When Starting An Audit Vault Collector
Note 1355093.1 - The Redo Collector Does Not Retrieve Data When Collecting in 11g Databases
Note 986093.1 - How To Start The Collectors Directly From The AV Agent Environment ?
Note 1098463.1 - Audit Vault Collector Errors While Parsing XML Audit File with Errorcode 7
Note 828231.1 - Unable To Delete Alert In Audit Vault
Note 1302465.1 - The AV Console Is Not Working When Trying To Connect As AVAUDITOR. Logs Are Filled With ORA-1017 Errors
Note 1383634.1 - Internal Error On The Warehouse Tab Of AV_ADMIN GUI Console
Note 1304612.1 - Logging into Audit Vault Console with AV_AUDITOR role fails with "The webpage cannot be displayed" or "Internal server error"
Note 1184984.1 - Dropping An Audit Vault Alert Is Failing With "OAV-46599 Internal Error Drop Alert Rule 2"
Note 748202.1 - "Java.sql.SQLException: Exceeded maximum VARRAY limit" While Retrieving the Audit Settings From Source
Note 1335238.1 - How To Deploy the Audit Vault Console After Recreating The DB Console Running From The Oracle Home Of The Audit Vault Server?
Note 972880.1 - DBAUD Collector Crashes With ORA-904
Note 764058.1 - Audit Vault Data Warehouse Refresh Fails With ORA-1031
Note 970625.1 - Audit Reports Page Does Not Work - Can Not Display The Webpage
Note 958640.1 - Av Server Does Not Start After Reboot
Note 947114.1 - OS Collectors Are Working But Nothing Is Collected
Note 811753.1 - Cannot View Single Row In Audit Vault Reports Due To ORA-20001 Errors
Note 779797.1 - DBAUD Collector Fails After Applying Patchset 10.2.3.1.0
Note 986105.1 - Error Executing Task Start_Collector: Internal Collector
Note 731593.1 - Error ORA-01729 Encountered While Adding A REDO Collector
Note 972868.1 - Audit Vault Collector Error: OCIStmtExecute Failed For OCI Set Timestamp:4294967295
Note 1129657.1 - Internal Error While Starting A Mssql Collector
Note 1303076.1 - Audit Vault: "VALIDATE_AGENT_CMD must be declared ORA-06550" While Starting Up A Collector
Note 1359255.1 - Audit Vault Notifications On Alerts Are Not Dispatched
Note 1471024.1 - Increased CPU usage for avoscoll process after applying Audit Vault Bundle Patch 10.2.3.2.7 or 10.3.0.0.1
Oracle Audit Vault Best Practices
The following document will make you aware of Oracle Audit Vault Best Practices:
http://www.oracle.com/technetwork/testcontent/twp-auditvault-bestpractices-200711-1-130326.pdf
http://www.oracle.com/technetwork/testcontent/twp-auditvault-bestpractices-200711-1-130326.pdf
Oracle Audit Vault Patching
Make sure that the same patchsets and bundle patches are applied on the agents and the AV Server because some of these patches are changing the way the agents interact with the server( in some versions new procedures/functions are created and used and if they are not present/used by the other party there will be some errors).
Starting with Audit Vault 10.2.3.2 the bug fixes for Audit Vault are delivered via cumulative bundle patches. The following AV version 10.2.3.2 bundle patches are available:
Patch 9590005 - AUDIT VAULT 10.2.3.2.0 BUNDLE PATCH 1 (10.2.3.2.1)
Patch 9958865 - AUDIT VAULT 10.2.3.2.0 BUNDLE PATCH 2 (10.2.3.2.2)
Patch 10240229 - AUDIT VAULT 10.2.3.2.0 BUNDLE PATCH 3 (10.2.3.2.3)
Patch 10647596 - AUDIT VAULT 10.2.3.2.0 BUNDLE PATCH 4 (10.2.3.2.4)
Patch 11887343 - AUDIT VAULT 10.2.3.2.0 BUNDLE PATCH 5 (10.2.3.2.5)
Patch 12703193 - AUDIT VAULT 10.2.3.2.0 BUNDLE PATCH 6 (10.2.3.2.6)
Patch 13087259 - AUDIT VAULT 10.2.3.2.0 BUNDLE PATCH 7 (10.2.3.2.7)
AV Server 10.3 was released in December 2011. For more information see Note 1387082.1.
Here is the list of AV version 10.3 bundle patches:
Patch 13578994 - AUDIT VAULT 10.3.0.0.0 BUNDLE PATCH 1 (10.3.0.0.1)
Patch 14489418 - AUDIT VAULT 10.3.0.0.0 BUNDLE PATCH 2 (10.3.0.0.2)
Patch 16025987 - AUDIT VAULT 10.3.0.0.0 BUNDLE PATCH 3 (10.3.0.0.3)
Patch 17722092 - AUDIT VAULT 10.3.0.0.0 BUNDLE PATCH 4 (10.3.0.0.4)
It is important to note that besides the patches for Audit Vault you might have to install patches for the built in Oracle Database. AV Server 10.2.3.0 uses a 10.2.0.3 repository database. When the AV Server is upgraded to AV patchset 10.2.3.2 the repository database is automatically upgraded to 10.2.0.4 and when the AV Server is upgraded to 10.3 the repository database is upgraded to 11.2.0.3 . To make sure that you have the latest recommended RDBMS bug fixes applied you have to install the database PSU patches as soon as they are released.
Note 1382446.1 - Audit Vault Server Bundle Patches, Database Patch Set Updates (PSUs), and Critical Patch Updates (CPUs)
Note 1265058.1 - How To Install PSU 10.2.0.4.6/7 On Audit Vault Server Repository Database
Note 974818.1 - How To Install The October 2009 CPU Patch To Audit Vault Version 10.2.3.2
Note 1051822.1 - How To Install The January 2010 CPU Patch To Audit Vault Version 10.2.3.2
Note 1085315.1 - How To Install The April 2010 CPU Patch To Audit Vault Version 10.2.3.2
Note 1155026.1 - How To Install The July 2010 CPU Patch On Audit Vault Version 10.2.3.2
Note 1265058.1 - How To Install PSU 10.2.0.4.6/7 On Audit Vault Server Repository Database
Note 974818.1 - How To Install The October 2009 CPU Patch To Audit Vault Version 10.2.3.2
Note 1051822.1 - How To Install The January 2010 CPU Patch To Audit Vault Version 10.2.3.2
Note 1085315.1 - How To Install The April 2010 CPU Patch To Audit Vault Version 10.2.3.2
Note 1155026.1 - How To Install The July 2010 CPU Patch On Audit Vault Version 10.2.3.2
Note 1496564.1 - How To Relink The Agent Home Binaries In Case Of An OS Upgrade
Note 971704.1 - AV Upgrade Fails Due To A DBUA Failure
Note 971704.1 - AV Upgrade Fails Due To A DBUA Failure
Attention:
To define a MS SQL Server collector one needs the sqljdbc driver. The link given in AV Admin Guide E14457-05 p3.10 doesn't work anymore. (http://www.microsoft.com/downloads/details.aspx?FamilyID=c47053eb-3b64-4794-950d-81e1ec91c1ba&displaylang=en)
AV 10.2.3.2 ships with JDK 1.4. The version of Java shipped with the Agent is inherited from the underlying Oracle Database Client which, for 10.2.3.2, is DB 10.2.0.3. The DB stack does not support upgrading the JDK in the ORACLE_HOME, except to a later patch in the same JDK version, so there is no supported way to upgrade that JDK to 1.5. Microsoft has de-supported the original JDBC driver a while ago, and it is no longer available for download from Microsoft. Hence the broken link.
AV 10.3 is shipped with JDK 1.5, and supports later versions of the SQL Server JDBC Driver, which are still supported by Microsoft.
At this juncture, the customer has a couple of choices. If they have access to the original JDBC driver, either from an earlier download, or as part of the SQL Server client component in SQL Server 2000, they can use it with AV 10.2.3.2 agents. If not, the recommendation would be to upgrade to AV 10.3.0.0.2 to get the latest stack support.
To define a MS SQL Server collector one needs the sqljdbc driver. The link given in AV Admin Guide E14457-05 p3.10 doesn't work anymore. (http://www.microsoft.com/downloads/details.aspx?FamilyID=c47053eb-3b64-4794-950d-81e1ec91c1ba&displaylang=en)
AV 10.2.3.2 ships with JDK 1.4. The version of Java shipped with the Agent is inherited from the underlying Oracle Database Client which, for 10.2.3.2, is DB 10.2.0.3. The DB stack does not support upgrading the JDK in the ORACLE_HOME, except to a later patch in the same JDK version, so there is no supported way to upgrade that JDK to 1.5. Microsoft has de-supported the original JDBC driver a while ago, and it is no longer available for download from Microsoft. Hence the broken link.
AV 10.3 is shipped with JDK 1.5, and supports later versions of the SQL Server JDBC Driver, which are still supported by Microsoft.
At this juncture, the customer has a couple of choices. If they have access to the original JDBC driver, either from an earlier download, or as part of the SQL Server client component in SQL Server 2000, they can use it with AV 10.2.3.2 agents. If not, the recommendation would be to upgrade to AV 10.3.0.0.2 to get the latest stack support.
Oracle Audit Vault Documentation
The Oracle Audit Vault documentation can be accessed from the following URL:
http://download.oracle.com/docs/cd/E14472_01/index.htm
Oracle Audit Vault Licensing
Oracle Audit Vault is a complete stacked application. As part of the Oracle Audit Vault installation, an Oracle Database with the Database Partitioning, Oracle Advanced Security, and Oracle Database Vault options is installed. The stacked application, database, installed options, and Oracle Audit Vault components may not be used or deployed for other purposes.
Oracle Application Server Containers for J2EE (OC4J) is included with Oracle Audit Vault. This embedded version is provided solely to support Oracle Enterprise Manager (Database), Advanced Queuing Servlet, Audit Vault Console, and may not be used or deployed for other purposes.
The Oracle Audit Vault home software use is restricted to support the Oracle Audit Vault database repository and no other databases created using the Oracle Audit Vault executables are supported.
Using My Oracle Support Effectively
- Note 166650.1 - Working Effectively With Global Customer Support
REFERENCES
NOTE:1335238.1 - How To Deploy the Audit Vault Console After Recreating The DB Console Running From The Oracle Home Of The Audit Vault Server?NOTE:1355093.1 - The Redo Collector Does Not Retrieve Data When Collecting in 11g Databases.
NOTE:1359255.1 - Audit Vault Notifications On Alerts Are Not Dispatched
NOTE:788381.1 - Audit Vault Collection Agent Configuration for RAC Database - Step by Step Guide
NOTE:811753.1 - Cannot View Single Row In Audit Vault Reports Due To ORA-20001 Errors
NOTE:848408.1 - Oracle Audit Vault Server Certification
NOTE:751085.1 - Errors While Installing Audit Vault Or While Applying An Audit Vault Patchset
NOTE:753920.1 - Availability of Oracle Audit Vault Server AV 10.2.3.2 on Windows
NOTE:970625.1 - Audit Reports Page Does Not Work - Can Not Display The Webpage
NOTE:971704.1 - AV Upgrade Fails Due To A DBUA Failure
NOTE:1058184.1 - Oracle Audit Vault Configuration Assistant Fails While Installing The AV Server
NOTE:1382446.1 - Audit Vault Server Bundle Patches, Database Patch Set Updates (PSUs), and Critical Patch Updates (CPUs)
NOTE:1085315.1 - How To Install The April 2010 CPU Patch To Audit Vault Version 10.2.3.2
NOTE:871252.1 - Oracle Audit Configuration Assistant Fails With Java Errors
NOTE:1383634.1 - Internal Error On The Warehouse Tab Of AV_ADMIN GUI Console
NOTE:1387082.1 - Oracle Audit Vault 10.3 is now available
NOTE:166650.1 - Working Effectively With Oracle Support - Best Practices
NOTE:1051822.1 - How To Install The January 2010 CPU Patch To Audit Vault Version 10.2.3.2
NOTE:740657.1 - ORA-1017 While Adding an Agent Using AVCA
NOTE:1265058.1 - How To Install PSU 10.2.0.4.6/7 On Audit Vault Server Repository Database
NOTE:764058.1 - Audit Vault Data Warehouse Refresh Fails With ORA-1031
NOTE:1271707.1 - How To Investigate The "Http Communication errors" Encountered When Starting An Audit Vault Collector
NOTE:1302465.1 - The AV Console Is Not Working When Trying To Connect As AVAUDITOR. Logs Are Filled With ORA-1017 Errors
NOTE:974818.1 - How To Install The October 2009 CPU Patch To Audit Vault Version 10.2.3.2
NOTE:986093.1 - How To Start The Collectors Directly From The AV Agent Environment ?
NOTE:1303076.1 - Audit Vault: "VALIDATE_AGENT_CMD must be declared ORA-06550" While Starting Up A Collector
NOTE:986105.1 - Error Executing Task Start_Collector: Internal Collector Error
NOTE:731081.1 - Oracle Audit Vault 10.2.3.0.0 Installation fails intermittently in some environments
NOTE:731593.1 - Error ORA-01729 Encountered While Adding A REDO Collector
NOTE:731908.1 - New Feature DBMS_AUDIT_MGMT To Manage And Purge Audit Information
NOTE:1098463.1 - Audit Vault Collector Errors While Parsing XML Audit File with Errorcode 7
NOTE:1129657.1 - Internal Error While Starting A Mssql Collector
NOTE:958640.1 - Av Server Does Not Start After Reboot
NOTE:1362173.1 - Oracle Audit Vault Repository Creation Failed On 11gr2 ASM Stack
NOTE:783664.1 - Getting Error "Java.Sql.Sqlexception: Ora-27452: Om" While Adding Redo Collector
NOTE:784383.1 - AUDIT VAULT : Error : Source Not Mapped to an Active Agent While Retrieving Audit Settings from Source
NOTE:850170.1 - Error Executing Task add_agent: OAV-46599
NOTE:1471024.1 - Increased CPU usage for avoscoll process after applying Audit Vault Bundle Patch 10.2.3.2.7 or 10.3.0.0.1
NOTE:1155026.1 - How To Install The July 2010 CPU Patch On Audit Vault Version 10.2.3.2
NOTE:848402.1 - Oracle Audit Vault Agent Platform Certification
NOTE:958595.1 - What Ports Have To Be Opened In The Firewall To Allow The Communication Of The Audit Vault Agent With The Audit Vault Server ?
NOTE:746503.1 - While Provisioning The Audit Settings on The Source Database Huge Trace Files Get Created
NOTE:747843.1 - Audit Settings Provisioning fails with "Errors:
NOTE:748202.1 - "Java.sql.SQLException: Exceeded maximum VARRAY limit" While Retrieving the Audit Settings From Source
NOTE:1184984.1 - Dropping An Audit Vault Alert Is Failing With "OAV-46599:Internal Error Drop Alert Rule 2"
NOTE:1360138.1 - Audit Vault Server Configuration Report and Health Check Script
NOTE:889346.1 - What To Do If Audit Vault Configuration Fails[AVCA] While Installing Audit Vault Server?
NOTE:947114.1 - OS Collectors Are Working But Nothing Is Collected
NOTE:828231.1 - Unable To Delete Alert In Audit Vault
NOTE:972983.1 - What To Check When The Audit Vault Server Cannot Be Started?
NOTE:972868.1 - Audit Vault Collector Error: OCIStmtExecute Failed For OCI Set Timestamp:4294967295
NOTE:972880.1 - DBAUD Collector Crashes With ORA-904
NOTE:1304612.1 - Logging into Audit Vault Console with AV_AUDITOR role fails with "The webpage cannot be displayed" or "Internal server error"
NOTE:779797.1 - DBAUD Collector Fails After Applying Patchset 10.2.3.1.0
NOTE:764035.1 - Unable To Add Source To Audit Vault
No comments:
Post a Comment