Oracle Audit Vault 10g 10.2.3 Installation and Configuration

For this excersie  we will install Oracle Audit Vault Server 10.2.3.0 on a Solaris 10 SPARC-64 Box. The Agent will be added on a windows server 2003 running Oracle 10gR2 10.2.0.4. The agent and source db is one physical server. Important terms tomake sure whatever we do henceforth makes sense.

ecc – name of the agent. -agentname refers to this value

eccdbtest.online.com – Host name of the agent server and source database. -hostname refers to this value

av – SID of Oracle Audit vault server

primary - SID of the source db

172.20.4.220 – ip of audit vault server

172.20.4.82 – ip of source database

1521 – port of access for lsitener on both audit vault server and source database

avsrc_prod – name of the schema user created on source DB. This user sort of acts as a conduit between the agent and the audit vault server. ######THIS IS YOUR SOURCE NAME USED FOR ADDING SOURCE AND COLLECTORS#######

PRIMARY – name of the source (it is case-sensitive)   -srcname refers to this value . This is actually not Source Name but the absolute SOurce after creatting the sources.

Sorry for the confusing language, But Oracle Document itself is very confusing on Source, Source Name and Collectors. Theseterms are specially difficult for DBA’s to grasp. But once you get a hold of it. It’s a breeze walk :)

Refer to these links below. Very Helpful :

1. http://oracledoug.com/serendipity/index.php?/archives/1466-Adding-a-new-Oracle-host-to-Audit-Vault.html
2. http://download.oracle.com/docs/cd/E11062_01/admin.1023/e11059/avadm_mng_config.htm#CEGBIGDF
3. http://download.oracle.com/docs/cd/E11062_01/admin.1023/e11059/avadm_mng_config.htm#CEGFGEDA

1. [AV Server] Install Oracle Audit vault server on a new server

2. [AV Server] After the AV server is installed and started. Access the web interface and make sure everything working

3. [Source Database] Now select an oracle db server which has to be audited. Download the colelction agent for the OS onwhich this oracle db is running. In our case we will do it on an Oracle DB running on Windows Server 2003

Before installing the agent. Add the agent on the audit vault server (see below step for this)

Also edit the .profile of the user from which the audit vault server was installed and make sure you set ORACLE_HOME and ORACLE_SID parameter.

3. [AV Server]

./avca add_agent -agentname ecc -agenthost eccdbtest.online.com

# make sure you edit the /etc/hosts file to have the ip:host mapping for the server

4. [Source Database] Now go back to the collection agent server and run the setup and provide the details asked. the audit vault connection string will be as below:

172.20.4.220:1521:av

where 172.20.4.220 is ip of audit vault server

1521 is the listening port for audit vault server

av is the sid of the audit vault server

And the login credentials of the agent is as created above

5. [Source Database] Create an account in the database that you want to collect audit data from and then assign the correct privileges to it. (Note that you only need to run the last command if you’ll be using the Redo Collector)

create user avsrc_prod identified by avpwd1;
@/oem/oracle/product/av/scripts/streams/source/zarsspriv.sql avsrc_prod setup;
@/oem/oracle/product/av/scripts/streams/source/zarsspriv.sql avsrc_prod redo_coll;

6. [AV Server] Verify that source database configuration is ok.

$ avorcldb verify -src 172.20.4.82:1521:primary -colltype ALL

7. [AV Server] Add Source

$ avorcldb add_source -src 172.20.4.82:1521:primary -desc primary -agentname ecc

Enter Source user name: avsrc_prod
Enter Source password:
Adding source…
Source added successfully.
source successfully added to Audit Vault

remember the following information for use in avctl
Source name (srcname): PRIMARY
Storing user credentials in wallet…
Create credential oracle.security.client.connect_string3
done.
Mapping Source to Agent…

8. [AV Server] Add Collector OS AUD

E:\oracle\product\10.2.0\db_1

$ avorcldb add_collector -srcname PRIMARY -agentname ecc -colltype OSAUD -orclhome E:\oracle\product\10.2.0\db_1

source PRIMARY verified for OS File Audit Collector collector
Adding collector…
Collector added successfully.
collector successfully added to Audit Vault

remember the following information for use in avctl
Collector name (collname): OSAUD_Collector

# remember source name is case-sensitive. To confirm source name login to web interface as admin user and check the source name

[AV Server] ADD COLLECTOR DB AUD

$ avorcldb add_collector -srcname PRIMARY -agentname ecc -colltype DBAUD

source PRIMARY verified for Aud$/FGA_LOG$ Audit Collector collector
Adding collector…
Collector added successfully.
collector successfully added to Audit Vault

remember the following information for use in avctl
Collector name (collname): DBAUD_Collector

If you added REDO as part of the source collection at Step 5. Then add a redo collector as well

[AV Server] Adding the REDO Collector to Audit Vault

$ avorcldb add_collector -srcname PRIMARY -agentname ecc -colltype REDO -orclhome E:\oracle\product\10.2.0\db_1

source PRIMARY verified for REDO Log Audit Collector collector
Adding collector…
Collector added successfully.
collector successfully added to Audit Vault

remember the following information for use in avctl
Collector name (collname): REDO_Collector
initializing REDO Collector
setting up APPLY process on Audit Vault server
setting up CAPTURE process on source database

9. [SOURCE DB] [Agent] Complete Source configuration. This sets up tnsnames.ora and Wallet entries on the Agent machine.

avorcldb setup -srcname PRIMARY

Enter Source user name: avsrc_prod
Enter Source password:
adding credentials for user avsrc_prod for connection [SRCDB1]
Storing user credentials in wallet…
Create credential oracle.security.client.connect_string3
done.
updated tnsnames.ora with alias [SRCDB1] to source database
verifying SRCDB1 connection using wallet

### Make sure the ORACLE_HOME and ORACLE_SID parameter is not set. Open a new shell or new windows command shell and then

execute this command #####

10. [AV Server] Start Agent if in stopped State

avctl start_agent -agentname ecc

11. [AV Server] Start Collectors if in Stopped state. The name of the collectors you can get from the information you saved before above after adding the collectors. In case you dont have the collector names saved. Go to web interface and collect this information. Also you can start collectors from web interface.

At AV server. Check AVCTL is up

$ avctl start_av_status

If the avctl show_status command indicates that the Audit Vault Console is not running, enter the following command:

$ avctl start_av

[ AGENT] Run the following AVCTL command in the Oracle Audit Vault Agent home to check its status.

$ avctl show_oc4j_status

If the agent OC4J not running, run the avctl start_oc4j command.

$ avctl start_oc4j

[AV SERVER] Start Collectors

avctl start_collector -collname OSAUD_Collector -srcname PRIMARY
avctl start_collector -collname DBAUD_Collector -srcname PRIMARY

The Audit Vault Server configuration is now complete and you can access the web intrface with AV_AUDITOR role and start pulling the reports from Audit Vault.

About these ads

One comment on “Oracle Audit Vault 10g 10.2.3 Installation and Configuration

  1. Dear, thanks for ur usefull post,
    but while installation of Audit vault agent on DB source, I’m getting error:
    Error1: SQL Error: ORA-29257: hot xxx.com unknown
    ORA-06512: at “SYS.UTL_INADDR”, line 12
    ORA-06512: at “SYS.UTL_INADDR”, line 40
    ORA-06512: at “AVSYS.DBMS_AUDIT_VAULT_AGENT_INSTALL” line 55
    ORA-06512: at line 1

    source db is on 11g R2
    agent 10.2.3
    avs 10.2.3

    need urgent, if u can ..

    Thanks,
    Amit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s