Implementing Oracle Audit Vault Activity Guide
D55406GC10 Edition 1.0 August 2010 D68649
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Disclaimer This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle. The information contained in this document is subject to change without notice. If you find any problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not warranted to be error-free. Restricted Rights Notice If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United States Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract. Trademark Notice Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
Author Donna Keesling Technical Contributors and Reviewers Tammy Bednar, Heinz-Wilhelm Fabry, Joel Goodman, Patricia Huey, Vipul M. Shah, Rodney Ward
This book was published using:
Oracle Tutor
Table of Contents Practices for Lesson 1 .....................................................................................................................................1-1 There are no practices for Lesson 1...............................................................................................................1-3 Practices for Lesson 2 .....................................................................................................................................2-1 Practices for Lesson 2....................................................................................................................................2-3 Practice 2-1: Installing Oracle Audit Vault Server ...........................................................................................2-4 Practice 2-2: Installing Oracle Audit Vault Patch Set 2...................................................................................2-18 Practice 2-3: Verifying the Availability of Oracle Audit Vault Server ...............................................................2-33 Practice 2-4: Logging In to the Audit Vault Console .......................................................................................2-36 Practice 2-5: Managing the Audit Vault Database Instance ...........................................................................2-38 Practices for Lesson 3 .....................................................................................................................................3-1 Practices for Lesson 3....................................................................................................................................3-3 Practice 3-1: Creating a Collection Agent User and Registering the Collection Agent ...................................3-4 Practice 3-2: Installing the Oracle Audit Vault Collection Agent .....................................................................3-5 Practice 3-3: Installing Oracle Audit Vault Patch Set 2...................................................................................3-13 Practice 3-4: Using Audit Vault Console to View Agent Information ...............................................................3-25 Practices for Lesson 4 .....................................................................................................................................4-1 Practices for Lesson 4....................................................................................................................................4-3 Practice 4-1: Setting Environment Variables ..................................................................................................4-4 Practice 4-2: Creating a User Account on the Source Database ...................................................................4-5 Practice 4-3: Verifying Source Database Compatibility ..................................................................................4-7 Practice 4-4: Registering the Source Database with Oracle Audit Vault ........................................................4-11 Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault ...................................................................4-13 Practice 4-6: Enabling the Agent to Run the Collectors .................................................................................4-17 Practice 4-7: Starting the Collectors ...............................................................................................................4-18 Practices for Lesson 5 .....................................................................................................................................5-1 Practices for Lesson 5....................................................................................................................................5-3 Practice 5-1: Retrieving Audit Settings ...........................................................................................................5-4 Practice 5-2: Viewing and Activating Audit Settings .......................................................................................5-10 Practice 5-3: Creating a Capture Rule ...........................................................................................................5-14 Practice 5-4: Configuring Fine-Grained Auditing Policies...............................................................................5-17 Practices for Lesson 6 .....................................................................................................................................6-1 Practices for Lesson 6....................................................................................................................................6-3 Practice 6-1: Creating an Email Notification Profile ........................................................................................6-4 Practice 6-2: Creating Templates for Notification ...........................................................................................6-6 Practices for Lesson 7 .....................................................................................................................................7-1 Practices for Lesson 7....................................................................................................................................7-3 Practice 7-1: Generating Audit Records .........................................................................................................7-4 Practice 7-2: Viewing Audit Vault Default Reports .........................................................................................7-5 Practice 7-3: Viewing Entitlement Audit Data .................................................................................................7-10 Practice 7-4: Using Ad Hoc Reporting Features.............................................................................................7-13 Practice 7-5: Using Compliance Reports .......................................................................................................7-19 Practice 7-6: Creating and Scheduling PDF Reports .....................................................................................7-21 Practice 7-7: Attesting Reports.......................................................................................................................7-25 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Guide Table of Contents
i
Practices for Lesson 8 .....................................................................................................................................8-1 Practices for Lesson 8....................................................................................................................................8-3 Practice 8-1: Verifying that Alert Processing is Enabled ................................................................................8-4 Practice 8-2: Creating an Alert Status Value ..................................................................................................8-5 Practice 8-3: Creating Alerts ..........................................................................................................................8-7 Practice 8-4: Responding to Alerts .................................................................................................................8-9 Practices for Lesson 9 .....................................................................................................................................9-1 Practices for Lesson 9....................................................................................................................................9-3 Practice 9-1: Changing the AV_ADMIN User Password ................................................................................9-4 Practice 9-2: Updating the Password Credentials in the Wallet .....................................................................9-5 Practices for Lesson 10 ...................................................................................................................................10-1 Practices for Lesson 10..................................................................................................................................10-3 Practice 10-1: Viewing the Audit Vault Collection Agent Log Information ......................................................10-4 Practice 10-2: Viewing Audit Vault Collector Log Information ........................................................................10-5 Practices for Lesson 11 ...................................................................................................................................11-1 Practices for Lesson 11..................................................................................................................................11-3 Practice 11-1: Setting the Audit Vault Data Warehouse Retention Period .....................................................11-4 Practice 11-2: Purging Data from the Data Warehouse .................................................................................11-5
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Guide Table of Contents
ii
Practices for Lesson 1 Chapter 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1 Chapter 1 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1 Chapter 1 - Page 2
Practices for Lesson 1 Practices Overview There are no practices for Lesson 1.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1 Chapter 1 - Page 3
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1 Chapter 1 - Page 4
Practices for Lesson 2 Chapter 2
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2 Chapter 2 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2 Chapter 2 - Page 2
Practices for Lesson 2 Practices Overview In these practices, you will install Oracle Audit Vault Server 10.2.3.2. In addition you will launch Oracle Audit Vault Console and begin to explore its capabilities.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2 Chapter 2 - Page 3
Practice 2-1: Installing Oracle Audit Vault Server Overview In this practice you install Oracle Audit Vault Server.
Assumptions Oracle Audit Vault software has been staged in the $HOME/av_installmedia directory.
Tasks 1.
Open a terminal window and verify the settings for the following environment variables. Log in as the oracle user if the terminal window does not default to the oracle user. You can use the $HOME/labs/setavs_vars.sh script to set the environment variables properly or you can manually set them as necessary. Note that the environment variables have been set for your Oracle Database 11g source database, so you must “unset” them prior to installing Oracle Audit Vault.
Environment Variable
Setting
ORACLE_SID
Null
ORACLE_HOME
Null
TNS_ADMIN
Null
PATH
No ORACLE_HOME components
LD_LIBRARY_PATH
No ORACLE_HOME components
$ echo $ORACLE_SID $ orcl $ echo $ORACLE_HOME $ /u01/app/oracle/product/11.2.0/dbhome_1 $ echo $TNS_ADMIN $ $ echo $PATH /usr/kerberos/bin:/u01/app/oracle/product/11.2.0/dbhome_1/bin:/u sr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/loca l/bin:/usr/X11R6/bin:/usr/NX/bin $ echo $LD_LIBRARY_PATH $ $ cd labs $ . ./setavs_vars.sh $ echo $LD_LIBRARY_PATH $ echo $PATH /usr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/lo cal/bin:/usr/X11R6/bin $ echo $ORACLE_SID Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-1: Installing Oracle Audit Vault Server Chapter 2 - Page 4
$ echo $ORACLE_HOME $ echo $ORACLE_BASE /u01/app/oracle $ echo $TNS_ADMIN $ 2.
Change to the $HOME/av_installmedia/avserver directory and invoke the Oracle Universal Installer (OUI).
Note: When you invoke the OUI you may receive an error and prompt as follows:
>>> Could not execute auto check for display colors using command /usr/X11R6/bin/xdpyinfo. Check if the DISPLAY variable is set. Failed shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. SQL> exit Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 18
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production With the Partitioning, Oracle Label Security, OLAP, Data Mining and Oracle Database Vault options $ 5.
Stop the listener.
$ lsnrctl stop LSNRCTL for Linux: Version 10.2.0.3.0 - Production on 18-MAY2010 11:25:16 Copyright (c) 1991, 2006, Oracle.
All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1))) The command completed successfully $ 6.
Confirm that the NLS_LANG , ORACLE_HOME and TNS_ADMIN environment variables are not set. Unset any that are set.
$ echo $NLS_LANG $ echo $ORACLE_HOME /u01/app/oracle/oracle/product/10.2.3/av_1 $ unset ORACLE_HOME $ echo $ORACLE_HOME $ echo $TNS_ADMIN $ 7.
Change directories to the $HOME/av_installmedia/avpatch/Disk1 directory where Oracle Audit Vault Patch Set 2 (10.2.3.2.0) is staged.
$ cd $HOME/av_installmedia/avpatch/Disk1 [Disk1]$ 8.
Invoke the Oracle Universal Installer.
9.
On the Welcome page, click Installed Products.
[Disk1]$ ./runInstaller
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 19
10. Review the information and make note of the Oracle Audit Vault Server home. Click Close to return to the Welcome page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 20
11. Click Next on the Welcome page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 21
12. On the Specify Home Details page, select your Oracle Audit Vault Server home from the Name field list. Click Next.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 22
13. Deselect “I wish to receive security updates via My Oracle Support.” Click Next. This option is deselected in the Oracle University classroom because email support is not provided. In your own configuration, you should supply your email address and password, and select the option to receive security updates.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 23
14. Click Yes to confirm that you do not wish to receive updates in the classroom.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 24
15. The Product-Specific Prerequisite Checks page appears. Click Next when the checks complete.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 25
16. The Summary page is displayed. Click Install.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 26
17. The Install progress page is displayed.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 27
18. The Configuration Assistants page is displayed. Note that it takes 45–50 minutes for the configuration assistants to execute, so your instructor may choose to present the next lesson while the configuration assistants execute.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 28
19. The “Execute Configuration scripts” window is displayed.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 29
20. Open a terminal window and log in as the root user. Execute the root.sh script as instructed. Do not overwrite the files. $ su Password: ****** # cd /u01/app/oracle/oracle/product/10.2.3/av_1 # ./root.sh
Running Oracle 10g root.sh script... The following environment variables are set as: ORACLE_OWNER= oracle ORACLE_HOME= /u01/app/oracle/oracle/product/10.2.3/av_1 Enter the full pathname of the local bin directory: [/usr/local/bin]: The file "dbhome" already exists in /usr/local/bin. it? (y/n) [n]: The file "oraenv" already exists in /usr/local/bin. it? (y/n) Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 30
Overwrite
Overwrite
[n]: The file "coraenv" already exists in /usr/local/bin. it? (y/n) [n]:
Overwrite
Entries will be added to the /etc/oratab file as needed by Database Configuration Assistant when a database is created Finished running generic part of root.sh script. Now product-specific root actions will be performed. # exit $ exit 21. Return to the “Execute Configuration scripts” window. Click OK.
22. The End of Installation page is displayed. Click Exit to exit from the Oracle Universal Installer.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 31
23. Click Yes to confirm that you want to exit the Oracle Universal Installer.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-2: Installing Oracle Audit Vault Patch Set 2 Chapter 2 - Page 32
Practice 2-3: Verifying the Availability of Oracle Audit Vault Server Overview In this practice you verify that Oracle Audit Vault Server is available.
Assumptions Practices 2-1 and 2-2 were successfully completed.
Tasks 1.
Use the oraenv utility to set your ORACLE_SID and ORACLE_HOME environment variables.
$ . oraenv ORACLE_SID = [av] ? av The Oracle base for ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is /u01/app/oracle 2.
Log in to SQL*Plus and connect as the SYSTEM user. Verify that the Oracle Audit Vault Server database instance is started and that the database is open. Recall that the password for SYSTEM is oracle_4U. Exit from SQL*Plus.
$ sqlplus /nolog SQL*Plus: Release 10.2.0.4.0 - Production on Tue May 18 13:53:44 2010 Copyright (c) 1982, 2007, Oracle.
All Rights Reserved.
SQL> connect system Enter password: ********* Connected. SQL> select open_mode from v$database; OPEN_MODE ---------READ WRITE SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production With the Partitioning, Oracle Label Security, OLAP, Data Mining, Oracle Database Vault and Real Application Testing options $ 3.
Verify that the listener is started.
[av Disk1]$ lsnrctl status Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-3: Verifying the Availability of Oracle Audit Vault Server Chapter 2 - Page 33
LSNRCTL for Linux: Version 10.2.0.4.0 - Production on 18-MAY2010 14:01:53 Copyright (c) 1991, 2007, Oracle.
All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1))) STATUS of the LISTENER -----------------------Alias LISTENER Version TNSLSNR for Linux: Version 10.2.0.4.0 - Production Start Date 18-MAY-2010 12:21:36 Uptime 0 days 1 hr. 40 min. 17 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /u01/app/oracle/oracle/product/10.2.3/av_1/network/admin/listene r.ora Listener Log File /u01/app/oracle/oracle/product/10.2.3/av_1/network/log/listener. log Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=edp1.us.oracle.com)(PO RT=1522))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=edp1.us.oracle.com)(PO RT=5707))(Presentation=HTTP)(Session=RAW)) Services Summary... Service "PLSExtProc" has 1 instance(s). Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service... Service "av.us.oracle.com" has 1 instance(s). Instance "av", status READY, has 1 handler(s) for this service... Service "avXDB.us.oracle.com" has 1 instance(s). Instance "av", status READY, has 1 handler(s) for this service... Service "av_XPT.us.oracle.com" has 1 instance(s). Instance "av", status READY, has 1 handler(s) for this service... Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-3: Verifying the Availability of Oracle Audit Vault Server Chapter 2 - Page 34
The command completed successfully $ 4.
Verify that Enterprise Manager Database Control is started.
$ emctl status dbconsole TZ set to UTC Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0 Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved. http://edp1.us.oracle.com:5500/em/console/aboutApplication Oracle Enterprise Manager 10g is running. ---------------------------------------------------------------Logs are generated in directory /u01/app/oracle/oracle/product/10.2.3/av_1/edp1.us.oracle.com_av /sysman/log $ 5.
Verify that the Audit Vault Console is started.
$ avctl show_av_status TZ set to UTCOracle Audit Vault 10g Database Control Release 10.2.3.2.0 Copyright (c) 2006, 2009 Oracle Corporation. All rights reserved. http://edp1.us.oracle.com:5700/av Oracle Audit Vault 10g is running. -----------------------------------Logs are generated in directory /u01/app/oracle/oracle/product/10.2.3/av_1/av/log $
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-3: Verifying the Availability of Oracle Audit Vault Server Chapter 2 - Page 35
Practice 2-4: Logging In to the Audit Vault Console Overview In this practice you log in to the Audit Vault Console.
Assumptions Practice 2-3 was completed successfully.
Tasks 1.
Open a browser and enter the following URL:
http://:/av 2.
Enter the following information:
Field Name
Value
User Name
avadmin1
Password
oracle_1
Connect As
AV_ADMIN
Click Login.
3.
Click “I Agree” on the “Oracle Database 10g Licensing Information” page.
4.
The Collectors page is displayed. You have not yet configured any collectors. Click Configuration.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-4: Logging In to the Audit Vault Console Chapter 2 - Page 36
5.
The Source Configuration Management page is displayed. Click Agent.
6.
The Agent page is displayed. You will install the Oracle Audit Vault agent in the next lesson. Click Logout.
7.
Close the browser.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-4: Logging In to the Audit Vault Console Chapter 2 - Page 37
Practice 2-5: Managing the Audit Vault Database Instance Overview In this practice you log in to Enterprise Manager Database Control for the Audit Vault database instance and increase the size of the flash recovery area.
Assumptions Practices 2-1 and 2-2 were successfully completed.
Tasks 1.
Open a browser and enter the following URL:
http://:/em 2.
Field Name
Value
User Name
system
Password
oracle_4U
Connect As
Normal
Click Login.
3.
Click “I agree” on the “Oracle Database 10g Licensing Information” page.
4.
Navigate to the Recovery Settings page (Maintenance > Recovery Settings). Scroll to the Flash Recovery Area. Change the value in the Flash Recovery Area Size field to 5. Click Apply.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-5: Managing the Audit Vault Database Instance Chapter 2 - Page 38
5.
A message is displayed indicating that changes have been made. Log out of Enterprise Manager Database Control.
6.
Close the browser.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-5: Managing the Audit Vault Database Instance Chapter 2 - Page 39
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 2-5: Managing the Audit Vault Database Instance Chapter 2 - Page 40
Practices for Lesson 3 Chapter 3
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 2
Practices for Lesson 3 Practices Overview In these practices, you will install the Oracle Audit Vault Collection Agent.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3 Chapter 3 - Page 3
Practice 3-1: Creating a Collection Agent User and Registering the Collection Agent Overview In this practice you create an Audit Vault collection agent user in the Audit Vault Server database and register the collection agent with Audit Vault Server.
Assumptions The practices for Lesson 2 were completed successfully.
Tasks 1.
Open a terminal window. Use the oraenv utility to set the ORACLE_SID and ORACLE_HOME environment variables for your Audit Vault Server database. You may keep this terminal window open to use in later practices.
$ . oraenv ORACLE_SID = [av] ? The Oracle base for ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is /u01/app/oracle $ 2.
Use the AVCA add_agent command to create the collection agent user and register the collection agent with Oracle Audit Vault. Specify the following information:
Argument
Value
agentname
avagent1
agenthost
hostname of your system
agent user name agent user password
avagentuser avagentpass
$ avca add_agent \ > -agentname avagent1 -agenthost Enter agent user name: avagentuser Enter agent user password: *********** Re-enter agent user password: *********** Agent added successfully. $
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-1: Creating a Collection Agent User and Registering the Collection Agent Chapter 3 - Page 4
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Overview In this practice you install the Oracle Audit Vault collection agent.
Assumptions Practice 3-1 was completed successfully.
Tasks 1.
Change to the $HOME/av_installmedia/avagent/linux_x32 directory.
$ cd $HOME/av_installmedia/avagent/linux_x32 [linux_x32]$ 2.
Invoke the Oracle Universal Installer.
3.
On the Agent Details page, specify the following information:
[linux_x32]$ ./runInstaller Field
Value
Audit Vault Agent Name
avagent1
Audit Vault Agent Home
/u01/app/oracle/oracle/product/10.2.3/av_agent_1
Agent User Name
avagentuser
Agent User Password
avagentpass
Connect String
:1522:av.us.oracle.com
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Chapter 3 - Page 5
Click Next. 4.
The Product-Specific Prerequisite Checks page is displayed. After the checks complete, click Next.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Chapter 3 - Page 6
5.
The Summary page is displayed. Click Install.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Chapter 3 - Page 7
6.
The Install page appears.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Chapter 3 - Page 8
7.
The Configuration Assistants page appears.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Chapter 3 - Page 9
8.
The “Execute Configuration scripts” page appears. Open another terminal window and log in as the root user. Execute the root.sh script as directed. Close this terminal window. $ su Password: ****** # cd /u01/app/oracle/oracle/product/10.2.3/av_agent_1 # ./root.sh
Running Oracle 10g root.sh script... The following environment variables are set as: ORACLE_OWNER= oracle ORACLE_HOME= /u01/app/oracle/oracle/product/10.2.3/av_agent_1 Enter the full pathname of the local bin directory: [/usr/local/bin]: The file "dbhome" already exists in /usr/local/bin. it? (y/n) [n]:
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Chapter 3 - Page 10
Overwrite
The file "oraenv" already exists in /usr/local/bin. Overwrite it? (y/n) [n]: The file "coraenv" already exists in /usr/local/bin. Overwrite it? (y/n) [n]: Entries will be added to the /etc/oratab file as needed by Database Configuration Assistant when a database is created Finished running generic part of root.sh script. Now product-specific root actions will be performed. # exit $ exit 9.
Return to the “Execute Configuration scripts” page and click OK.
10. The End of Installation page appears. Click Exit to exit the Oracle Universal Installer.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Chapter 3 - Page 11
11. Click Yes to confirm that you want to exit the Oracle Universal Installer.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-2: Installing the Oracle Audit Vault Collection Agent Chapter 3 - Page 12
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Overview In this practice you install Oracle Audit Vault Patch Set 2 on the Audit Vault Collection Agent.
Assumptions Practice 3-2 was completed successfully.
Tasks 1.
Open a new terminal window and set the following environment variables for the Audit Vault Collection Agent. You can use the $HOME/labs/setava_vars.sh script to set the environment variables or manually set them. You may keep this terminal window open to use in later practices.
Variable
ORACLE_HOME
Value
/u01/app/oracle/oracle/product/10.2.3/av_agent_1
LD_LIBRARY_PATH $ORACLE_HOME/lib PATH
$PATH:$ORACLE_HOME/bin
$ cd labs $ . ./setava_vars.sh $ echo $ORACLE_HOME /u01/app/oracle/oracle/product/10.2.3/av_agent_1 $ echo $LD_LIBRARY_PATH /u01/app/oracle/oracle/product/10.2.3/av_agent_1/lib $ echo $PATH /u01/app/oracle/product/11.2.0/dbhome_1/bin:/usr/kerberos/bin:/u sr/local/bin:/bin:/usr/bin:/usr/NX/bin:/usr/X11R6/bin:/usr/NX/bi n:/usr/NX/bin:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/b in $ 2.
Unset the following environment variables: ORACLE_SID, TNS_ADMIN, and TWO_TASK
$ unset ORACLE_SID $ echo $ORACLE_SID $ unset TNS_ADMIN $ echo $TNS_ADMIN $ unset TWO_TASK $ echo $TWO_TASK $
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 13
3.
Verify that all environment variables are set correctly by invoking the AVCTL utility. If the environment variables are not set correctly, you will not be able to invoke AVCTL.
$ avctl -help -------------------------------------------AVCTL Usage -------------------------------------------Oracle Audit Vault Control commands - Agent OC4J: avctl start_oc4j [-loglevel error|warning|info|debug] avctl stop_oc4j avctl show_oc4j_status avctl -help $ 4.
Stop the Oracle Audit Vault Collection Agent by executing the AVCTL stop_oc4j command.
$ avctl stop_oc4j AVCTL started Stopping OC4J... OC4J stopped successfully. $ 5.
Unset the NLS_LANG and ORACLE_HOME environment variables.
$ unset NLS_LANG $ echo $NLS_LANG $ unset ORACLE_HOME $ echo $ORACLE_HOME $ 6.
Change to the $HOME/av_installmedia/avpatch/Disk1 directory and invoke the Oracle Universal Installer.
$ cd $HOME/av_installmedia/avpatch/Disk1 [Disk1]$ ./runInstaller 7.
The Welcome page is displayed. Click Installed Products to display the Inventory page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 14
8.
The Inventory page is displayed. Note the second OraAV10g Oracle Home. This is the Audit Vault Collection Agent home. Click Close to return to the Welcome page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 15
9.
On the Welcome page, click Next.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 16
10. On the Specify Home Details page, click the arrow at the end of Name field to access the list. Select the name that you identified in an earlier step as the Audit Vault Collection agent home.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 17
11. On the Specify Home Details page, the path is now set correctly for the Audit Vault Collection Agent. Click Next.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 18
12. The Product-Specific Prerequisite Checks page is displayed. After the checks complete, click Next.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 19
13. The Summary page is displayed. Click Install.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 20
14. The Install page is displayed.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 21
15. The Configuration Assistants page is displayed. After the configuration assistants complete, the End of Installation page is displayed. Click Exit to exit the Oracle Universal Installer.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 22
16. Click Yes to confirm that you want to exit.
17. Reset the ORACLE_HOME environment variable. Use the AVCTL show_agent_status command to verify that the Audit Vault Collection Agent is running.
$ ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_agent_1 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 23
$ echo $ORACLE_HOME /u01/app/oracle/oracle/product/10.2.3/av_agent_1 $ export ORACLE_HOME $ avctl show_agent_status -----------------------------------Agent is running -----------------------------------$
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-3: Installing Oracle Audit Vault Patch Set 2 Chapter 3 - Page 24
Practice 3-4: Using Audit Vault Console to View Agent Information Overview In this practice you log in to the Audit Vault Console and view information about the Audit Vault Collection Agent.
Assumptions
Tasks 1.
Open a browser and enter the following the URL:
http://:/av 2.
Enter the following information:
Field
Value
User Name
avadmin1
Password
oracle_1
Connect As
AV_ADMIN
Click Login. 3.
The Collectors page is displayed. Click the Configuration tab.
4.
The Source Configuration Management page is displayed. Click the Agent tab.
5.
The Agent page is displayed. Click View.
6.
The View Agent page is displayed. Click OK to return to the Agent page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-4: Using Audit Vault Console to View Agent Information Chapter 3 - Page 25
7.
Click Logout to log out of the Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 3-4: Using Audit Vault Console to View Agent Information Chapter 3 - Page 26
Practices for Lesson 4 Chapter 4
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4 Chapter 4 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4 Chapter 4 - Page 2
Practices for Lesson 4 Practices Overview In these practices, you will configure Oracle Audit Vault sources and collectors.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4 Chapter 4 - Page 3
Practice 4-1: Setting Environment Variables Overview In this practice you verify that environment variables are set correctly in the Audit Vault Server shell and in the Audit Vault Collection Agent shell, prior to registering your source database and deploying collectors.
Assumptions Lesson 2 and Lesson 3 practices were completed successfully.
Tasks 1.
Return to your Audit Vault Server terminal window and verify that environment variables are set correctly for the Audit Vault Server.
$ echo $ORACLE_SID av $ echo $ORACLE_HOME /u01/app/oracle/oracle/product/10.2.3/av_1 $ echo $PATH /usr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/lo cal/bin:/usr/X11R6/bin:/u01/app/oracle/oracle/product/10.2.3/av_ 1/bin $ echo $LD_LIBRARY_PATH /u01/app/oracle/oracle/product/10.2.3/av_1/lib 2.
Return to your Audit Vault Collection Agent terminal window and verify that environment variables are set correctly for the Audit Vault Collection Agent.
$ echo $ORACLE_HOME /u01/app/oracle/oracle/product/10.2.3/av_agent_1 $ echo $LD_LIBRARY_PATH /u01/app/oracle/oracle/product/10.2.3/av_agent_1/lib $ echo $PATH /u01/app/oracle/product/11.2.0/dbhome_1/bin:/usr/kerberos/bin:/u sr/local/bin:/bin:/usr/bin:/usr/NX/bin:/usr/X11R6/bin:/usr/NX/bi n:/usr/NX/bin:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/b in $ echo $ORACLE_SID $ echo $TNS_ADMIN $ echo $TWO_TASK $
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-1: Setting Environment Variables Chapter 4 - Page 4
Practice 4-2: Creating a User Account on the Source Database Overview In this practice you create a user account on the source database.
Assumptions Practice 4-1 was completed successfully.
Tasks 1.
Open a third terminal window. By default the environment variables are set for your Oracle Database 11g Release 2 database. This is your source database for the practices.
$ echo $ORACLE_SID orcl $ echo $ORACLE_HOME /u01/app/oracle/product/11.2.0/dbhome_1 $ 2.
Invoke SQL*Plus and log in as the SYSTEM user. The password for this user is oracle_4U.
$ sqlplus system SQL*Plus: Release 11.2.0.1.0 Production on Fri May 21 09:54:19 2010 Copyright (c) 1982, 2009, Oracle.
All rights reserved.
Enter password: ********* Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> 3.
Create a user named avcolluser with a password of avcollpass. Execute the CREATE USER command in SQL*Plus.
SQL> create user avcolluser 2 identified by avcollpass; User created. SQL> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-2: Creating a User Account on the Source Database Chapter 4 - Page 5
$ 4.
In the source database terminal window, invoke SQL*Plus as the SYS user. Execute the
/u01/app/oracle/oracle/product/10.2.3/av_1/av/scripts/streams/sourc e/zarsspriv.sql script with the SETUP argument to grant the necessary privileges for the DBAUD and OSAUD collectors to the source user you created in the previous step.
$ cd /u01/app/oracle/oracle/product/10.2.3/av_1/av/scripts/streams/so urce $ sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Fri May 21 10:10:37 2010 Copyright (c) 1982, 2009, Oracle.
All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> @zarsspriv avcolluser SETUP Granting privileges to AVCOLLUSER ... Done. SQL> 5.
Execute the zarsspriv.sql script a second time with the REDO_COLL argument to grant privileges required by the REDO collector. Exit from SQL*Plus.
SQL> @zarsspriv avcolluser REDO_COLL Granting privileges to AVCOLLUSER ... Done. SQL> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options $
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-2: Creating a User Account on the Source Database Chapter 4 - Page 6
Practice 4-3: Verifying Source Database Compatibility Overview In this practice you verify that the source database is compatible with the collectors.
Assumptions Previous practices were completed successfully.
Tasks 1.
In your source database terminal window, use the Listener Control Utility to determine the host name, port, and service name settings. You will need these values when you use the AVORCLDB verify command in the next step. $ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 21-MAY2010 10:32:34 Copyright (c) 1991, 2009, Oracle.
All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521))) STATUS of the LISTENER -----------------------Alias LISTENER Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production Start Date 14-MAY-2010 12:19:14 Uptime 6 days 22 hr. 13 min. 20 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.o ra Listener Log File /u01/app/oracle/diag/tnslsnr/EDP1/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=edp1.us.oracle.com)(PO RT=1521))) Services Summary... Service "orcl.example.com" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-3: Verifying Source Database Compatibility Chapter 4 - Page 7
Service "orclXDB.example.com" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... The command completed successfully $ 2.
In your Audit Vault Server terminal window, use the AVORCLDB verify command to verify that the source database will support the collectors.
$ avorcldb verify –src :1521:orcl.example.com colltype ALL
-
avcolluser Enter Source password: user name:********** Enter Source source ORCL.EXAMPLE.COM verified for OS File Audit Collector collector source ORCL.EXAMPLE.COM verified for Aud$/FGA_LOG$ Audit Collector collector parameter _JOB_QUEUE_INTERVAL is not set; recommended value is 1 ERROR: parameter PARALLEL_MAX_SERVERS = 10 is not in required value range [20 - ANY_VALUE] parameter UNDO_RETENTION = 900 is not in recommended value range [3600 - ANY_VALUE] parameter GLOBAL_NAMES = false is not set to recommended value true ERROR: source database must be in ARCHIVELOG mode to use REDO LOG collector ERROR: set the above init.ora parameters to recommended/required
values $ Note that your source database will support the DBAUD and OSAUD collectors, but changes need to be made to support the REDO collector. 3.
Return to your source database terminal window to make changes to your source database. a.
Log in to SQL*Plus as the SYS user with SYSDBA privileges.
$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Fri May 21 10:53:55 2010 Copyright (c) 1982, 2009, Oracle.
All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 Production With the Partitioning, OLAP, Data Mining and Real Application Testing options Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-3: Verifying Source Database Compatibility Chapter 4 - Page 8
SQL> b.
Execute the ALTER SYSTEM command to modify the initialization parameters as required by the REDO collector.
SQL> alter system set "_job_queue_interval"=1 scope=spfile; System altered. SQL> alter system set parallel_max_servers=20; System altered. SQL> alter system set undo_retention=3600; System altered. SQL> alter system set global_names=true; System altered. c.
Because the _JOB_QUEUE_INTERVAL parameter is not dynamic, you must shut down the source database instance and restart it for the change to take effect. Shut down the source database instance.
SQL> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. d.
Restart the database instance in MOUNT mode so that you can put it into ARCHIVELOG mode.
SQL> startup mount ORACLE instance started. Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers Database mounted. e.
502181888 1337492 377489260 117440512 5914624
bytes bytes bytes bytes bytes
Put the database in ARCHIVELOG mode and open the database.
SQL> alter database archivelog; Database altered. Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-3: Verifying Source Database Compatibility Chapter 4 - Page 9
SQL> alter database open; Database altered. SQL> f. 4.
Exit from SQL*Plus.
Return to your Audit Vault Server terminal window and use the AVORCLDB verify command to verify that the source database will support the collectors.
$ avorcldb verify colltype ALL
-src :1521:orcl.example.com
-
Enter Source user name: avcolluser Enter Source password: ********** source ORCL.US.ORACLE.COM verified for OS File Audit Collector collector source ORCL.US.ORACLE.COM verified for Aud$/FGA_LOG$ Audit Collector collector source ORCL.US.ORACLE.COM verified for REDO Log Audit Collector collector [oracle@EDRSR22P1-av source]$
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-3: Verifying Source Database Compatibility Chapter 4 - Page 10
Practice 4-4: Registering the Source Database with Oracle Audit Vault Overview In this practice you register your Oracle Database 11g Release 2 database with Oracle Audit Vault.
Assumptions Practice 4-3 was completed successfully.
Tasks 1.
Return to your Audit Vault Server terminal window. Use the AVORCLDB add_source command to register your source database. $ avorcldb add_source -src < hostname>:1521:orcl.example.com \ > -srcname ORCL Enter Source user name: avcolluser Enter Source password: **********
Adding source... Source added successfully. remember the following information for use in avctl Source name (srcname): ORCL Credential stored successfully. $ 2.
Use the Audit Vault Console to verify that the source database has been added. a. b.
Open a browser and launch Audit Vault Console by using the following URL:
http://:5700/av
Log in with the AV Administrator username of avadmin1 and password of oracle_1. Select AV_ADMIN in the Connect As drop-down menu.
c.
Select Configuration.
d.
On the Audit Source – Source Configuration Management page, view the source database information.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-4: Registering the Source Database with Oracle Audit Vault Chapter 4 - Page 11
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-4: Registering the Source Database with Oracle Audit Vault Chapter 4 - Page 12
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault Overview In this practice you add the OSAUD, DBAUD, and REDO collectors to Oracle Audit Vault.
Assumptions Previous practices were completed successfully.
Tasks 1.
Add the OSAUD collector by performing the following steps. a.
Return to the terminal window that is set for your Oracle source database. Log in to SQL*Plus as the SYS user with the SYSDBA privilege. $ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri May 21 12:32:25 2010 Copyright (c) 1982, 2009, Oracle.
All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> b.
Use the DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY procedure to set the maximum operating system file size to 2 GB. Exit from SQL*Plus.
SQL> 2 3 4 5 6 7
begin dbms_audit_mgmt.set_audit_trail_property ( audit_trail_type => dbms_audit_mgmt.audit_trail_os, audit_trail_property => dbms_audit_mgmt.os_file_max_size, audit_trail_property_value => 204800); end; /
PL/SQL procedure successfully completed. SQL> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options $ Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault Chapter 4 - Page 13
c.
Return to the terminal window that is set for Audit Vault Server. Execute the AVORCLDB add_collector command to add the OSAUD collector.
$ avorcldb add_collector \ > -srcname ORCL \ > -agentname avagent1 \ > -colltype OSAUD \ > -orclhome /u01/app/oracle/product/11.2.0/dbhome_1 source ORCL verified for OS File Audit Collector collector Adding collector... Collector added successfully. remember the following information for use in avctl Collector name (collname): OSAUD_Collector $ d.
2.
Return to Audit Vault Console to verify that the OSAUD collector has been added. Click the Collector tab on the Source Management page to access the Collector Configuration Management page.
Add the DBAUD collector. a.
Return to the terminal window and use the AVORCLDB add_collector command to add the DBAUD collector.
$ avorcldb add_collector \ > -srcname ORCL \ > -agentname avagent1 \ > -colltype DBAUD source ORCL verified for Aud$/FGA_LOG$ Audit Collector collector Adding collector... Collector added successfully. remember the following information for use in avctl Collector name (collname): DBAUD_Collector Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault Chapter 4 - Page 14
$ b.
3.
Use Audit Vault Console to verify that the DBAUD collector has been added. Refresh the Collector Configuration Management page to view the information.
Add the REDO collector. a.
Return to the terminal window and use the AVORCLDB add_collector command to add the REDO collector.
$ > > > >
avorcldb add_collector \ -srcname ORCL \ -agentname avagent1 \ -colltype REDO \ -av :1522:av.us.oracle.com
source ORCL verified for REDO Log Audit Collector collector Adding collector... Collector added successfully. remember the following information for use in avctl Collector name (collname): REDO_Collector initializing REDO Collector setting up APPLY process on Audit Vault server setting up CAPTURE process on source database $ b.
Use Audit Vault Console to verify that the REDO collector has been added. Refresh the Collector Configuration Management page to view the information.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault Chapter 4 - Page 15
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault Chapter 4 - Page 16
Practice 4-6: Enabling the Agent to Run the Collectors Overview In this practice you enable the agent to run the collectors by adding the collection agent credentials to the Oracle source database.
Assumptions Previous practices were completed successfully.
Tasks 1.
Return to the terminal window that is configured for the Audit Vault collection agent. Use the AVORCLDB setup command to add the collection agent credentials. $ avorcldb setup -srcname ORCL Enter Source user name: avcolluser Enter Source password: **********
adding credentials for user avcolluser for connection [SRCDB1] Credential stored successfully. updated tnsnames.ora with alias [SRCDB1] to source database verifying SRCDB1 connection using wallet $ 2.
In the Audit Vault agent terminal window, verify that the Audit Vault Agent is started by using the AVCTL show_agent_status command.
$ avctl show_agent_status -----------------------------------Agent is running -----------------------------------$ 3.
You can also view information about the Audit Vault Agent on the Agent page in Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-6: Enabling the Agent to Run the Collectors Chapter 4 - Page 17
Practice 4-7: Starting the Collectors Overview In this practice you start the OSAUD, DBAUD, and REDO collectors. Collectors can be started by using Audit Vault Console or the AVCTL start_collector command. In this practice you will start one collector by using the AVCTL command and start the other two collectors by using Audit Vault Console.
Assumptions Previous practices were completed successfully.
Tasks 1. Return to the terminal window that is configured for Audit Vault Server. Use the AVCTL start_collector command to start the OSAUD collector. $ avctl start_collector \ > -collname OSAUD_Collector \ > -srcname ORCL Starting collector... Collector started successfully. $ 2.
Return to Audit Vault Console. Click the Management tab. The Collectors page is displayed. Note the status of the OSAUD collector that you started in the previous step.
3.
Select the DBAUD_Collector collector and click Start.
4.
A message is displayed indicating that the DBAUD collector has been started. Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-7: Starting the Collectors Chapter 4 - Page 18
5.
Select the REDO_Collector collector and click Start.
6.
A message is displayed indicating that the REDO collector has been started.
7.
Click Logout to log out of Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-7: Starting the Collectors Chapter 4 - Page 19
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 4-7: Starting the Collectors Chapter 4 - Page 20
Practices for Lesson 5 Chapter 5
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 2
Practices for Lesson 5 Practices Overview In these practices, you will retrieve audit settings from your source database. You will define additional audit settings in Oracle Audit Vault and provision them to your source database.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5 Chapter 5 - Page 3
Practice 5-1: Retrieving Audit Settings Overview In this practice you retrieve the current audit settings that have been defined in your source database.
Assumptions Practices for Lessons 2, 3 and 4 were completed successfully.
Tasks 1.
Open a browser window and launch the Audit Vault Console. Log in as the AV Auditor as follows:
Field
Value
User Name
avaudit1
Password
oracle_1
Connect As
AV_AUDITOR
Click Login.
2.
Click “I agree” on the Oracle Database 10g Licensing Information page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-1: Retrieving Audit Settings Chapter 5 - Page 4
3.
Click the Audit Policy tab to display the Audit Settings page.
4.
Select the source database and click Retrieve to retrieve the existing audit settings from the source database.
5.
An information message is displayed indicating that the settings from the source database are being retrieved. Click Show Status to view the status of the retrieval.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-1: Retrieving Audit Settings Chapter 5 - Page 5
6.
Retrieval information is displayed. Click Return to return to the Audit Settings page.
7.
The Audit Settings page now indicates the setting has been retrieved. Note that the Problem field is set to 29. This indicates that the audit settings are set in the source database but they have not yet been activated for use in Oracle Audit Vault. You will activate the settings in the next practice.
8.
In preparation for the next few steps, log out of Audit Vault Console. Note that the Audit Trail field on the Audit Settings page indicates AUDIT_TRAIL is set to DB. The Audit Sys field indicates that AUDIT_SYS_OPERATIONS is set to FALSE. Change the AUDIT_TRAIL initialization parameter to DB,EXTENDED and set the AUDIT_SYS_OPERATIONS initialization parameter to TRUE. You can set the initialization parameters by using SQL commands or Enterprise Manager Database Control. The steps below use SQL commands to change the value. a.
In your source database terminal window, log in to SQL*Plus as the SYSDBA user.
$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Tue Jul 13 12:37:16 2010 Copyright (c) 1982, 2009, Oracle.
All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 Production Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-1: Retrieving Audit Settings Chapter 5 - Page 6
With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> b.
View the current setting for the AUDIT_ parameters.
SQL> show parameter audit_ NAME TYPE VALUE --------------------- -------- -------------------------------audit_file_dest string /u01/app/oracle/admin/orcl/adump audit_sys_operations audit_syslog_level audit_trail SQL> c.
boolean string string
FALSE DB
Set the AUDIT_TRAIL parameter to DB,EXTENDED.
SQL> alter system set audit_trail=db,extended scope=spfile; System altered. d.
Set the AUDIT_SYS_OPERATIONS parameter to TRUE.
SQL> alter system set audit_sys_operations=true scope=spfile; System altered. e.
Shut down and restart the database instance.
immediate SQL> shutdown Database closed. Database dismounted. ORACLE instance shut down. SQL> startup ORACLE instance started.
Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers Database mounted. Database opened. SQL> f.
502181888 1337492 432015212 62914560 5914624
bytes bytes bytes bytes bytes
Verify your changes.
SQL> show parameter audit_
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-1: Retrieving Audit Settings Chapter 5 - Page 7
NAME --------------------audit_file_dest audit_sys_operations audit_syslog_level audit_trail SQL> 9.
TYPE -------string boolean string string
VALUE -------------------------------/u01/app/oracle/admin/orcl/adump TRUE DB, EXTENDED
Log in to the Audit Vault Console as the Audit Vault Administrator and check the status of the collectors. a.
Note that the DBAUD collector is not started. It was shut down when you restarted the source database instance.
b.
Restart the DBAUD collector by clicking Start.
c.
The DBAUD collector has been successfully restarted. Log out of Audit Vault Console.
10. Log in to the Audit Vault Console as the avaudit1 user and retrieve the source database settings again. a. Click the Audit Policy tab. b.
Select your source database and click Retrieve again.
c.
Click Show Status to monitor the retrieval process. Click Return to return to the Audit Settings page.
d.
Note that the Audit Trail field has been updated to “DB, EXTENDED” and the Audit Sys field indicates a value of TRUE.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-1: Retrieving Audit Settings Chapter 5 - Page 8
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-1: Retrieving Audit Settings Chapter 5 - Page 9
Practice 5-2: Viewing and Activating Audit Settings Overview In this practice you view the audit settings for your Oracle Database 11 g Release 2 source database and activate the settings for use in Audit Vault.
Assumptions Practice 5-1 was completed successfully.
Tasks 1.
On the Audit Settings page, click the link for your source database.
2.
The Overview page is displayed. Note that there are settings already set in your source database.
3.
View the Statement settings by clicking the Statement tab. To indicate that all the Statement audit settings should be used by Audit Vault, click “Mark All as Needed.”
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-2: Viewing and Activating Audit Settings Chapter 5 - Page 10
4.
The Needed column is updated with a green check mark indicating that the audit setting is needed.
5.
View the Privilege settings by clicking the Privilege tab. To indicate that all the Privilege audit settings should be used by Audit Vault, click “Mark All as Needed.” Note: The screenshot has been cropped to save space. Additional privileges are listed on this page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-2: Viewing and Activating Audit Settings Chapter 5 - Page 11
6.
The Needed column is updated with a green check mark indicating that the audit setting is needed.
7.
Click the Overview tab. Click “Save All Audit Settings” to save the settings you just activated.
8.
An informational message is displayed indicating that your audit policy has been saved.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-2: Viewing and Activating Audit Settings Chapter 5 - Page 12
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-2: Viewing and Activating Audit Settings Chapter 5 - Page 13
Practice 5-3: Creating a Capture Rule Overview In this practice you use Audit Vault Console to create a capture rule.
Assumptions Previous practices were completed successfully.
Tasks 1.
On the Audit Settings page, click the Capture Rule tab. On the Capture Rule page, click Create.
2.
Click the flashlight icon for the Table field. Enter HR in the Object Owner field and click Go. Select the HR.EMPLOYEES table and click Select.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-3: Creating a Capture Rule Chapter 5 - Page 14
3.
On the Create Capture Rule page, click OK.
4.
The Audit Settings page (Capture Rule tab) shows the capture rule you defined. Note that it is not yet provisioned to your source database.
5.
Click the Overview tab. Click “Save All Audit Settings” to save the capture rule.
6.
Provision the capture rule to your source database. a.
On the Audit Settings Overview page, enter information as follows:
Field
Value
Audit Source User Name
system
Audit Source Password
oracle_4U
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-3: Creating a Capture Rule Chapter 5 - Page 15
b.
Click Provision.
c.
You receive a message that the policy has been successfully applied.
d.
Return to the Capture Rule page and view the status of the rule you defined.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-3: Creating a Capture Rule Chapter 5 - Page 16
Practice 5-4: Configuring Fine-Grained Auditing Policies Overview In this practice you configure fine-grained auditing policies in your source database.
Assumptions Your source database is open.
Tasks 1.
In your source database terminal window, log in to SQL*Plus as the SYS user and execute the $HOME/labs/audit_fga.sql script to configure fine-grained auditing policies in your source database. $ cd $HOME/labs $ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Tue Jul 13 13:27:46 2010 Copyright (c) 1982, 2009, Oracle.
All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> @audit_fga Connected. SQL> BEGIN DBMS_FGA.DROP_POLICY 2 (object_schema=>'HR', 3 object_name=>'EMPLOYEES', 4 policy_name=>'EMPLOYEEDATA'); 5 END; 6 / BEGIN DBMS_FGA.DROP_POLICY * ERROR at line 1: ORA-28102: policy does not exist ORA-06512: at "SYS.DBMS_FGA", line 60 ORA-06512: at line 1 SQL> BEGIN DBMS_FGA.DROP_POLICY 2 (object_schema=>'SH', 3 object_name=>'SALES', Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-4: Configuring Fine-Grained Auditing Policies Chapter 5 - Page 17
4 policy_name=>'NonAppsSales'); 5 END; 6 / BEGIN DBMS_FGA.DROP_POLICY * ERROR at line 1: ORA-28102: policy does not exist ORA-06512: at "SYS.DBMS_FGA", line 60 ORA-06512: at line 1 SQL> BEGIN DBMS_FGA.DROP_POLICY 2 (object_schema=>'OE', 3 object_name=>'ORDERS', 4 policy_name=>'NonAppsOrders'); 5 END; 6 / BEGIN DBMS_FGA.DROP_POLICY * ERROR at line 1: ORA-28102: policy does not exist ORA-06512: at "SYS.DBMS_FGA", line 60 ORA-06512: at line 1 SQL> SQL> BEGIN DBMS_FGA.ADD_POLICY 2 (object_schema=>'HR', 3 object_name=>'EMPLOYEES', 4 policy_name=>'EMPLOYEEDATA', 5 audit_column=>'PHONE_NUMBER', 6 statement_types=>'SELECT', 7 audit_column_opts=>DBMS_FGA.ANY_COLUMNS); 8 END; 9 / PL/SQL procedure successfully completed. SQL> BEGIN DBMS_FGA.ADD_POLICY 2 (object_schema=>'SH', 3 object_name=>'SALES', 4 policy_name=>'NonAppsSales', 5 audit_condition=>'SYS_CONTEXT(''USERENV'',''SESSION_USER'')''A PPS''', Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-4: Configuring Fine-Grained Auditing Policies Chapter 5 - Page 18
6 7 8
statement_types=>'SELECT'); END; /
PL/SQL procedure successfully completed. SQL> BEGIN DBMS_FGA.ADD_POLICY 2 (object_schema=>'OE', 3 object_name=>'ORDERS', 4 policy_name=>'NonAppsOrders', 5 audit_condition=>'SYS_CONTEXT(''USERENV'',''SESSION_USER'')''A PPS''', 6 statement_types=>'SELECT'); 7 END; 8 / PL/SQL procedure successfully completed. SQL> set echo off SQL> 2.
Return to the Audit Vault Console and log in as the avaudit1 user. Retrieve the latest audit settings, including the fine-grained auditing policies you defined in the previous step. a.
Log in to the Audit Vault Console by entering the following:
Field
Value
User Name
avaudit1
Password
oracle_1
Connect As
AV_AUDITOR
Click Login. b. Click the Audit Policy tab. c.
Select your source and click “Retrieve” on the audit Settings page.
d.
The Audit Settings page is updated indicating that the settings are being retrieved.
e.
Click Show Status to view the status of the retrieval. Click Return to return to the Audit Settings page.
f.
The Audit Settings Retrieved column is updated with the time stamp of the retrieval.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-4: Configuring Fine-Grained Auditing Policies Chapter 5 - Page 19
3.
4.
View the fine-grained audit policies by clicking the link in the Audit Source column a.
Click the database link in the Audit Source column.
b.
On the Overview page, note that there are now 3 FGA policies in use. Click the FGA tab to view details.
c.
On the FGA page, the FGA policies that you defined in the previous step are listed.
Update Audit Vault to use the fine-grained auditing policies. Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-4: Configuring Fine-Grained Auditing Policies Chapter 5 - Page 20
a.
Click “Mark All as Needed.”
b.
The red Xs in the Needed column change to green check marks.
c.
Click the Overview tab. Click “Save All Audit Settings” to save the FGA settings.
d.
The policy is saved. Note that all “In Use” FGA policies are now used by Audit Vault.
e.
Log out of Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-4: Configuring Fine-Grained Auditing Policies Chapter 5 - Page 21
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 5-4: Configuring Fine-Grained Auditing Policies Chapter 5 - Page 22
Practices for Lesson 6 Chapter 6
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6 Chapter 6 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6 Chapter 6 - Page 2
Practices for Lesson 6 Practices Overview In these practices, you create an email notification profile and notification template.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6 Chapter 6 - Page 3
Practice 6-1: Creating an Email Notification Profile Overview In this practice you create an email notification profile.
Assumptions Practices for Lessons 2, 3, and 4 have been completed successfully.
Tasks 1.
Log in to the Audit Vault Console as the AVAUDIT1 user.
2.
Click Settings. On the Notification Profiles page, click Create.
3.
Enter the following information:
Field
Value
Profile Name
HQ_Auditors
Description
Distribution list for all headquarters-based auditors.
To
[email protected] [email protected] [email protected]
CC
Click Save. 4.
You receive confirmation that your notification profile is created. Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 6-1: Creating an Email Notification Profile Chapter 6 - Page 4
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 6-1: Creating an Email Notification Profile Chapter 6 - Page 5
Practice 6-2: Creating Templates for Notification Overview In this practice you create an email notification template.
Assumptions Practices for Lessons 2, 3, and 4 were completed successfully.
Tasks 1.
Click the Notification Templates tab to navigate to the Notification Templates page.
2.
On the Notification Templates page, click Create.
3.
Enter the following information:
Field
Value
Name
HQ Auditors Alert Notification Template
Description
Alert notification template for HQ Auditors.
Subject
Oracle Audit Vault Alert: #AlertName#, #AlertTime#
Body
#AlertBody# This is an automated message. Please do not reply.
Click Save.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 6-2: Creating Templates for Notification Chapter 6 - Page 6
4.
The Notification Templates page is displayed again with your new notification template.
5.
Log out of Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 6-2: Creating Templates for Notification Chapter 6 - Page 7
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 6-2: Creating Templates for Notification Chapter 6 - Page 8
Practices for Lesson 7 Chapter 7
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7 Chapter 7 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7 Chapter 7 - Page 2
Practices for Lesson 7 Practices Overview In these practices, you will view Oracle Audit Vault default reports, generate a report PDF file, and schedule the creation of a report. In addition you will retrieve entitlement audit data and view entitlement reports. Finally, you will annotate and attest reports.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7 Chapter 7 - Page 3
Practice 7-1: Generating Audit Records Overview In this practice you execute a script to generate a number of audit records in your database.
Assumptions Practices for previous lessons were completed successfully.
Tasks 1.
Open a terminal window and ensure that the settings are correct for your source database.
$ . oraenv ORACLE_SID = [orcl] ? The Oracle base for ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 is /u01/app/oracle $ 2.
Change to the labs directory.
3.
Log in to SQL*Plus as the SYSTEM user and execute the run_Oracle_workload.sql script. This script creates a number of users and objects. You will see some errors when the script is run. The errors are intentional and are used to demonstrate that nonsuccessful transactions can be captured by Oracle Database auditing.
[labs]$ sqlplus system SQL*Plus: Release 11.2.0.1.0 Production on Wed Jul 14 08:52:20 2010 Copyright (c) 1982, 2009, Oracle.
All rights reserved.
Enter password: ********* Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> @run_Oracle_workload 4.
Exit from SQL*Plus.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-1: Generating Audit Records Chapter 7 - Page 4
Practice 7-2: Viewing Audit Vault Default Reports Overview In this practice you will view a number of Audit Vault default reports.
Assumptions Practice 7-1 was completed successfully.
Tasks 1.
Log on to Oracle Audit Vault Console by specifying the following:
Field
Value
User Name
avaudit1
Password
oracle_1
Connect As
AV_AUDITOR
2.
Click the Audit Reports tab.
3.
To view account management activity, perform the following steps: a.
On the Default Reports page, click Account Management.
b.
The Account Management page is displayed showing all the account management commands that have been audited.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-2: Viewing Audit Vault Default Reports Chapter 7 - Page 5
c.
You need to find out more about the CREATE USER statement executed by JSMITH. Click the icon.
d.
Detailed information is provided about the event.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-2: Viewing Audit Vault Default Reports Chapter 7 - Page 6
e.
Scroll down the page and notice that the SQL text field shows the CREATE USER statement.
Question: What setting enabled the capture of the SQL text? Answer: Setting AUDIT_TRAIL to DB, EXTENDED enables the capture of the SQL text.
f. 4.
Click Report View to return to the Account Management page.
g. Click Default Reports to return to the Default Reports page. You can easily view DML activity by accessing the Data Access report. a.
In the Access Reports section, click Data Access. Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-2: Viewing Audit Vault Default Reports Chapter 7 - Page 7
b.
The Data Access report shows all audited DML commands. You need to view information about DELETE events. Click the filter event to change the filter.
c.
Select Event in the Column list.
d.
Enter DELETE in the Expression field and click Apply.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-2: Viewing Audit Vault Default Reports Chapter 7 - Page 8
e.
The Data Access report now shows only the DELETE events.
f.
Return to the Default Reports page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-2: Viewing Audit Vault Default Reports Chapter 7 - Page 9
Practice 7-3: Viewing Entitlement Audit Data Overview In this practice you retrieve entitlement audit data and view a default entitlement report.
Assumptions Practice 7-1 was completed successfully.
Tasks 1.
To view entitlement reports, you must first retrieve the entitlement audit data. a.
On the Audit Policy page, select your source database and User Entitlement. Click Retrieve.
2.
b.
An informational message is displayed. Click Show Status to view the retrieval status.
c.
Click Return. The User Entitlement Retrieved column is updated indicating the time of retrieval.
To view an entitlement report, perform the following steps: a.
Navigate to the Default Reports page. In the Entitlement Reports section, click User Accounts.
b.
On the User Accounts page, click Go to view the entitlement snapshot data.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-3: Viewing Entitlement Audit Data Chapter 7 - Page 10
c.
The User Accounts report is displayed.
d.
Scroll down the page and select the JSMITH user to view detailed information.
e.
Detailed entitlement information for the JSMITH user is displayed.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-3: Viewing Entitlement Audit Data Chapter 7 - Page 11
f.
Click Report View to return to the User Accounts page.
g.
Return to the Default Reports page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-3: Viewing Entitlement Audit Data Chapter 7 - Page 12
Practice 7-4: Using Ad Hoc Reporting Features Overview In this practice you use some of the ad hoc reporting features to customize your reports.
Assumptions Practice 7-1 was completed successfully.
Tasks 1.
On the Default Reports page, click Data Access.
2.
On the Data Access report page, click the cog icon.
3.
In the list, select Highlight.
4.
Enter information as follows:
Field
Value
Name
Highlight Orders
Column
Target Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-4: Using Ad Hoc Reporting Features Chapter 7 - Page 13
Field
Value
Operator
=
Expression
ORDERS
Select “yellow” for Background Color and “blue” for Text Color. Click Apply.
5.
Remove the Event=’DELETE’ filter.
6.
The report now shows the highlighted data.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-4: Using Ad Hoc Reporting Features Chapter 7 - Page 14
7.
Click the User column to further filter the report data. Select PJONES to filter the report to show only actions taken by PJONES.
8.
The report now shows only actions by PJONES with the updates to ORDERS highlighted.
9.
Delete the “User=’PJONES’ filter.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-4: Using Ad Hoc Reporting Features Chapter 7 - Page 15
10. Click the Event column to filter the report data to show only UPDATE events.
11. Once again, click the cog icon. Choose Save Report to save a copy of this report.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-4: Using Ad Hoc Reporting Features Chapter 7 - Page 16
12. In the Save Report fields, enter the following:
Field
Value
Name
Update Report
Category
New Category (select in menu)
Category (new field)
SOX Update Reports
Description
Report of updates
Click Apply.
13. A message is displayed with your saved report name.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-4: Using Ad Hoc Reporting Features Chapter 7 - Page 17
14. Return to the Default Reports page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-4: Using Ad Hoc Reporting Features Chapter 7 - Page 18
Practice 7-5: Using Compliance Reports Overview In this practice you use the default compliance reports.
Assumptions Practice 7-1 was completed successfully.
Tasks 1.
Navigate to the Compliance Reports page. Click Database Failed Logins.
2.
The report is displayed. You want to display the failed logins for only certain users. To do that, click Change Definition.
3.
A new filter appears. Click the link to edit the filter.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-5: Using Compliance Reports Chapter 7 - Page 19
4.
Select APPS in the Expression menu. Click Apply.
5.
The report now shows only the failed logins for the APPS user. Note that you could save this report definition if it was appropriate for your business requirements.
6.
Return to the Compliance Reports page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-5: Using Compliance Reports Chapter 7 - Page 20
Practice 7-6: Creating and Scheduling PDF Reports Overview In this practice you create PDF reports and schedule the creation of PDF reports.
Assumptions Practice 7-1 was completed successfully.
Tasks 1.
Create a PDF report of the Schema Changes Report. a.
On the Compliance Reports page, click Schema Changes Report.
b.
On the Schema Changes report page, click Create PDF.
c.
On the “Create or Schedule PDF Report” page, ensure Immediately is selected.
d.
Scroll to the Attestation section and select the AVAUDIT1 user.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-6: Creating and Scheduling PDF Reports Chapter 7 - Page 21
e.
Click Create PDF. The Generated Reports page is displayed. Click Show Pending Reports.
f.
The report appears on the list.
g.
Return to the Generated Reports page. After the report is generated, it appears on the Generated Reports page. Click the Details icon to view additional information.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-6: Creating and Scheduling PDF Reports Chapter 7 - Page 22
2.
h.
Detailed information about the generated report is displayed. Click Done to return to the Generated Reports page.
i.
Return to the Compliance Reports page.
Now schedule the Schema Changes report to execute on a weekly basis. a.
Click Schema Changes on the Compliance Reports page.
b.
Click Create PDF.
c.
In the Schedule section select Specify Schedule. Choose Weekly in the Repeat field.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-6: Creating and Scheduling PDF Reports Chapter 7 - Page 23
d.
3.
In the Notification section select “Report Notification Template” in the template field. Enter
[email protected] in the “To e-mail” field and click “Add to List.”
e.
Select AVAUDIT1 in the Attestation section. Click Schedule.
f.
The Report Schedules page appears showing your scheduled report.
To prepare for the next practice, log out of Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-6: Creating and Scheduling PDF Reports Chapter 7 - Page 24
Practice 7-7: Attesting Reports Overview In this practice you annotate and attest reports assigned to you.
Assumptions Practice 7-6 was completed successfully.
Tasks 1.
Log in to Audit Vault Console as the AVAUDIT1 user.
2.
Scroll to the Attestation Actions section. Click the report icon for the report that needs to be attested.
3.
Click View Report.
4.
The report is displayed. Scroll to the right and click Details to return to the Details for Generated Report page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-7: Attesting Reports Chapter 7 - Page 25
5.
Add a note in the New Note field. Click “Save & Attest” to save your note and record that you have attested the report.
6.
In the Previous Notes section your new note appears. In the Attestation section, the time and date of your attestation is shown.
7.
Click Home to return to the Dashboard page. Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-7: Attesting Reports Chapter 7 - Page 26
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-7: Attesting Reports Chapter 7 - Page 27
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 7-7: Attesting Reports Chapter 7 - Page 28
Practices for Lesson 8 Chapter 8
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8 Chapter 8 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8 Chapter 8 - Page 2
Practices for Lesson 8 Practices Overview In these practices, you will verify that alert processing is enabled. You will define alert status values. Finally you will trigger an alert and respond to the alert.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8 Chapter 8 - Page 3
Practice 8-1: Verifying that Alert Processing is Enabled Overview In this practice you verify that alert processing is enabled.
Assumptions Practices for previous lessons were completed successfully.
Tasks 1.
Log in to the Audit Vault Console as the AVADMIN1 user.
2.
Navigate to the Alerts Setting page. (Configuration > Alert)
3.
Verify that “Alert Processing Status” is set to Enable.
4.
Log out of Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-1: Verifying that Alert Processing is Enabled Chapter 8 - Page 4
Practice 8-2: Creating an Alert Status Value Overview In this practice you will define an additional alert status value.
Assumptions Practices for previous lessons were completed successfully.
Tasks 1.
Log in to Audit Vault Console as the AVAUDIT1 user.
2.
Click the Settings tab. Click the Alert Status Values tab to navigate to the Alert Status
3.
Values page. The Oracle Audit Vault default status values of NEW and CLOSED are displayed. Click Create.
4.
On the “Add Alert Status Value” page, enter the following information:
Field
Value
Status Value
PENDING SUPERVISOR REVIEW
Description
Alert needs review by Audit Supervisor
Click Save.
5.
Your new status value is displayed on the Alert Status Values page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-2: Creating an Alert Status Value Chapter 8 - Page 5
6.
Click Home to return to the Dashboard page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-2: Creating an Alert Status Value Chapter 8 - Page 6
Practice 8-3: Creating Alerts Overview In this practice you create a basic alert.
Assumptions Previous practices were completed successfully.
Tasks 1.
Click the Audit Policy tab. Click the Alerts tab to navigate to the Alerts page.
2.
On the Alerts page, click Create.
3.
On the Create Alert Rule page, enter the following information:
Field
Value
Alert
Create User
Description
Alert that is raised when a user is created.
Alert Severity
Warning
Audit Source Type Audit Source
ORCLDB ORCL
Audit Event Category
ACCOUNT MANAGEMENT
Audit Event
CREATE USER
Audit Event Status
BOTH
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-3: Creating Alerts Chapter 8 - Page 7
Click OK. 4.
The Alerts page shows your new alert.
5.
Log out of Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-3: Creating Alerts Chapter 8 - Page 8
Practice 8-4: Responding to Alerts Overview In this practice you execute a script to trigger an alert and then view the alert.
Assumptions Practice 8-3 was completed successfully.
Tasks 1.
Open a terminal window and set the environment for your source database. Change to the labs directory. Invoke SQL*Plus and log in to your source database as the SYSTEM user.
$ . oraenv ORACLE_SID = [orcl] ? The Oracle base for ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 is /u01/app/oracle $ cd $HOME/labs [labs]$ sqlplus system SQL*Plus: Release 11.2.0.1.0 Production on Fri Jun 11 12:32:52 2010 Copyright (c) 1982, 2009, Oracle.
All rights reserved.
Enter password: ********* Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> 2.
Execute the cr_hruser.sql script to create a new user named HRUSER.
SQL> @cr_hruser Connected. SQL> create user hruser 2 identified by hrpass 3 default tablespace example 4 temporary tablespace temp 5
/
User created. Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-4: Responding to Alerts Chapter 8 - Page 9
SQL> set echo off SQL> 3.
4.
Determine whether an alert has been raised as a result of the creation of a new user. a.
Return to Audit Vault console and log in as the AVAUDIT1 user.
b.
On the Overview page, observe that the alert has been raised.
c.
Scroll down the page and observe that the alert information is displayed in the charts.
View detailed information about the alert. a.
Return to the top of the page and click the icon.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-4: Responding to Alerts Chapter 8 - Page 10
b.
Detailed information is displayed.
c.
Click Report View to go to the Default Reports page.
d.
The alert is also listed on the Default Reports page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-4: Responding to Alerts Chapter 8 - Page 11
5.
6.
Change the status of the alert to “PENDING SUPERVISOR REVIEW.” a.
Click the Details icon.
b.
Change the Status to “PENDING SUPERVISOR REVIEW” and click Update.
c.
Return to the Default Reports page and observe the status change.
Return to the Dashboard page.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 8-4: Responding to Alerts Chapter 8 - Page 12
Practices for Lesson 9 Chapter 9
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 9 Chapter 9 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 9 Chapter 9 - Page 2
Practices for Lesson 9 Practices Overview In these practices, you will update the password of the user that was granted the AV_ADMIN role when you installed Audit Vault. Then you will update the wallet credentials.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 9 Chapter 9 - Page 3
Practice 9-1: Changing the AV_ADMIN User Password Overview In this practice you change the password of the AVADMIN1 user.
Assumptions Practices for Lessons 2, 3, and 4 were completed successfully.
Tasks 1.
Open a terminal window and set the environment variables for your Audit Vault Server.
$ . oraenv ORACLE_SID = [av] ? The Oracle base for ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is /u01/app/oracle [av ~]$ 2.
Log in to SQL*Plus and connect as the Database Vault Account Manager. Reminder: The password for the dbvacct1 user is dbvoracle_1.
[oracle@EDRSR22P1-av ~]$ sqlplus dbvacct1 SQL*Plus: Release 10.2.0.4.0 - Production on Mon Jun 14 12:40:42 2010 Copyright (c) 1982, 2007, Oracle.
All Rights Reserved.
Enter password: *********** Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 Production With the Partitioning, Oracle Label Security, OLAP, Data Mining, Oracle Database Vault and Real Application Testing options SQL> 3.
Change the password for the Audit Vault Administrator to oracle_2.
SQL> alter user avadmin1 identified by oracle_2; User altered. 4.
Exit from SQL*Plus.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 9-1: Changing the AV_ADMIN User Password Chapter 9 - Page 4
Practice 9-2: Updating the Password Credentials in the Wallet Overview In this practice you update the wallet password credentials for the AV_ADMIN user following your change in the previous step.
Assumptions Practice 9-1 was completed successfully.
Tasks 1.
In your Audit Vault terminal window, execute the AVCA create_credential command to update the password credentials of the AV_ADMIN user. Supply the following values: Parameter/Input Value -wrl
$ORACLE_HOME/network/admin/avwallet
-dbalias
av
Source user username
avadmin1
Source user password
oracle_2
$ avca create_credential \ > -wrl $ORACLE_HOME/network/admin/avwallet \ > -dbalias av Enter source user username: avadmin1 Enter source user password: ******** Re-enter source user password: ******** Credential stored successfully. $ 2.
Verify your changes by logging in to Audit Vault Console as the Audit Vault Administrator (avadmin1) with the new password of oracle_2.
3.
Log out of Audit Vault Console.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 9-2: Updating the Password Credentials in the Wallet Chapter 9 - Page 5
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 9-2: Updating the Password Credentials in the Wallet Chapter 9 - Page 6
Practices for Lesson 10 Chapter 10
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 10 Chapter 10 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 10 Chapter 10 - Page 2
Practices for Lesson 10 Practices Overview In these practices, you will view diagnostic information in the Audit Vault log files.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 10 Chapter 10 - Page 3
Practice 10-1: Viewing the Audit Vault Collection Agent Log Information Overview In this practice you view Audit Vault collection agent log information.
Assumptions Practices for Lessons 2, 3, and 4 were completed successfully.
Tasks 1.
To prepare for viewing information in the log files, use the Audit Vault Console to stop the
2.
Audit Vault collectors. Return to your Audit Vault collection agent terminal window. To prepare for viewing information in the log files, stop the Audit Vault collection agent.
$ avctl stop_agent Stopping agent... Agent stopped successfully. $ 3.
Restart the Audit Vault collection agent.
$ avctl start_agent Starting agent... Agent started successfully. $ 4.
Verify that the Audit Vault collection agent started by viewing the information in the log file. a.
In your Audit Vault collection agent terminal window, navigate to the Audit Vault collection agent home log directory. $ cd /u01/app/oracle/oracle/product/10.2.3/av_agent_1/av/log
[log]$ b.
View the result of the start_agent command by viewing the avca.log file.
$ tail avca.log … 07/19/10 08:36:57 xml URL file:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/oc4j/j2ee/ home/config/http-web-site.xml 07/19/10 08:36:57 Agent started successfully.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 10-1: Viewing the Audit Vault Collection Agent Log Information Chapter 10 - Page 4
Practice 10-2: Viewing Audit Vault Collector Log Information Overview In this practice you view Audit Vault collector log information.
Assumptions Practice 10-1 was completed successfully.
Tasks 1.
Restart the DBAUD collector by using Audit Vault Console.
2.
Verify that the DBAUD collector started by viewing information in the log file. a. b.
Return to your Audit Vault collection agent terminal window. View the DBAUD_Collector_ORCL_1.log file.
$ tail -100 DBAUD_Collector_ORCL_1.log … INFO @ '19/07/2010 08:58:36 00:00': ***** Started logging for 'AUD$ Audit Collector' ***** INFO @ '19/07/2010 08:58:36 00:00': ***** Collector Name = DBAUD_Collector INFO @ '19/07/2010 08:58:36 00:00': ***** Source Name = ORCL INFO @ '19/07/2010 08:58:36 00:00': ***** Av Name = AV INFO @ '19/07/2010 08:58:36 00:00': ***** Initialization done OK INFO @ '19/07/2010 08:58:36 00:00': ***** Starting CB INFO @ '19/07/2010 08:58:36 00:00': Getting parameter |AUDAUDIT_DELAY_TIME|, got |20| INFO @ '19/07/2010 08:58:36 00:00': Getting parameter |AUDAUDIT_SLEEP_TIME|, got |5000| INFO @ '19/07/2010 08:58:36 00:00': Getting parameter |AUDAUDIT_ACTIVE_SLEEP_TIME|, got |1000| Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 10-2: Viewing Audit Vault Collector Log Information Chapter 10 - Page 5
INFO @ '19/07/2010 08:58:36 00:00': Getting parameter |AUDAUDIT_MAX_PROCESS_RECORDS|, got |1000| INFO @ '19/07/2010 08:58:36 00:00': ***** CSDK inited OK + 1 INFO @ '19/07/2010 08:58:36 00:00': ***** Src alias = SRCDB1 INFO @ '19/07/2010 08:58:36 00:00': ***** SRC connected OK INFO @ '19/07/2010 08:58:37 00:00': ***** SRC data retrieved OK INFO @ '19/07/2010 08:58:37 00:00': ***** Recovery done OK [log]$ c.
View the ORCL-DBAUD_Collector-0.log file for additional metric information about the DBAUD_Collector collector.
[log]$ tail ORCL-DBAUD_Collector-0.log Jul 19, 2010 9:04:38 AM Thread-13 FINE: name=RECORDS_PER_SEC value=0.0996 Jul 19, 2010 9:05:38 AM Thread-13 FINE: name=IS_ALIVE value=true Jul 19, 2010 9:05:38 AM Thread-13 FINE: name=BYTES_PER_SEC value=13.6409 Jul 19, 2010 9:05:38 AM Thread-13 FINE: name=RECORDS_PER_SEC value=0.0996 Jul 19, 2010 9:06:39 AM Thread-13 FINE: name=IS_ALIVE value=true Jul 19, 2010 9:06:39 AM Thread-13 FINE: name=BYTES_PER_SEC value=4.5537 Jul 19, 2010 9:06:39 AM Thread-13 FINE: name=RECORDS_PER_SEC value=0.0331 Jul 19, 2010 9:07:38 AM Thread-13 FINE: name=IS_ALIVE value=true Jul 19, 2010 9:07:38 AM Thread-13 FINE: name=BYTES_PER_SEC value=6.9245 Jul 19, 2010 9:07:38 AM Thread-13 FINE: name=RECORDS_PER_SEC value=0.0507 [log]$
return cached metric , return cached metric , return cached metric , return cached metric , return cached metric , return cached metric , return cached metric , return cached metric , return cached metric , return cached metric ,
3.
Restart the OSAUD collector by using Audit Vault Console.
4.
Verify that the OSAUD collector started by viewing information in the log file. Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 10-2: Viewing Audit Vault Collector Log Information Chapter 10 - Page 6
a.
Return to your Audit Vault collection agent terminal window.
b.
View the OSAUD_Collector_ORCL_1.log file.
$ tail -100 OSAUD_Collector_ORCL_1.log INFO @ '19/07/2010 08:59:04 00:00': ***** Started logging for 'OS Audit Collector' ***** INFO @ '19/07/2010 08:59:05 00:00': Audit trail is not set OS for source ORCL INFO @ '19/07/2010 08:59:05 00:00': DBMS_AUDIT_MGMT package is available for source database. Audit trail cleanup activated. INFO @ '19/07/2010 08:59:12 00:00': Metric:IS_ALIVE INFO @ '19/07/2010 08:59:12 00:00': Metric command: Collector status = 1 INFO @ '19/07/2010 08:59:16 00:00': Metric:ALL_METRICS [log]$ c.
View the ORCL-OSAUD_Collector-0.log file for additional metric information about the OSAUD_Collector collector.
[log]$ tail ORCL-OSAUD_Collector-0.log Jul 19, 2010 9:10:06 AM Thread-14 FINE: return cached metric , name=RECORDS_PER_SEC value=0.0000 Jul 19, 2010 9:11:07 AM Thread-14 name=IS_ALIVE value=true Jul 19, 2010 9:11:07 AM Thread-14 name=BYTES_PER_SEC value=0.0000 Jul 19, 2010 9:11:07 AM Thread-14 name=RECORDS_PER_SEC value=0.0000 Jul 19, 2010 9:12:08 AM Thread-14 name=IS_ALIVE value=true Jul 19, 2010 9:12:08 AM Thread-14 name=BYTES_PER_SEC value=0.0000 Jul 19, 2010 9:12:08 AM Thread-14 name=RECORDS_PER_SEC value=0.0000 Jul 19, 2010 9:13:08 AM Thread-14 name=IS_ALIVE value=true Jul 19, 2010 9:13:08 AM Thread-14 name=BYTES_PER_SEC value=0.0000
FINE: return cached metric , FINE: return cached metric , FINE: return cached metric , FINE: return cached metric , FINE: return cached metric , FINE: return cached metric , FINE: return cached metric , FINE: return cached metric ,
Jul 19, 2010 9:13:08 AM Thread-14 FINE: return cached metric , name=RECORDS_PER_SEC value=0.0000 [log]$
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 10-2: Viewing Audit Vault Collector Log Information Chapter 10 - Page 7
5.
Verify that the REDO_Collector collector started by viewing the ORCL-REDO_Collector0.log file.
[log]$ tail ORCL-REDO_Collector-0.log Jul 19, 2010 9:15:09 AM Thread-15 FINE: name=RECORDS_PER_SEC value=0 Jul 19, 2010 9:16:09 AM Thread-15 FINE: name=IS_ALIVE value=true Jul 19, 2010 9:16:09 AM Thread-15 FINE: name=BYTES_PER_SEC value=17 Jul 19, 2010 9:16:09 AM Thread-15 FINE: name=RECORDS_PER_SEC value=0 Jul 19, 2010 9:17:09 AM Thread-15 name=IS_ALIVE value=true Jul 19, 2010 9:17:09 AM Thread-15 name=BYTES_PER_SEC value=17 Jul 19, 2010 9:17:09 AM Thread-15 name=RECORDS_PER_SEC value=0 Jul 19, 2010 9:18:09 AM Thread-15 name=IS_ALIVE value=true Jul 19, 2010 9:18:09 AM Thread-15 name=BYTES_PER_SEC value=17 Jul 19, 2010 9:18:09 AM Thread-15 name=RECORDS_PER_SEC value=0 [log]$
return cached metric , return cached metric , return cached metric , return cached metric ,
FINE: return cached metric , FINE: return cached metric , FINE: return cached metric , FINE: return cached metric , FINE: return cached metric , FINE: return cached metric ,
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 10-2: Viewing Audit Vault Collector Log Information Chapter 10 - Page 8
Practices for Lesson 11 Chapter 11
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 11 Chapter 11 - Page 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 11 Chapter 11 - Page 2
Practices for Lesson 11 Practices Overview In these practices, you will set the Audit Vault data warehouse retention period. You will also attempt to purge data from the data warehouse.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 11 Chapter 11 - Page 3
Practice 11-1: Setting the Audit Vault Data Warehouse Retention Period Overview In this practice you set the retention period for data kept in the data warehouse.
Assumptions Practices for Lessons 2, 3, and 4 were completed successfully.
Tasks 1.
Log in to Audit Vault Console as the AVADMIN1 user.
2.
Navigate to the Warehouse Settings page.
3.
4.
a.
Click the Configuration tab.
b.
Click the Warehouse tab.
Set the retention period to 15 months. a.
Enter 1 in the Year field and 3 in the Months field.
b.
Click Apply.
You receive a message that the change to the retention period was successful.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 11-1: Setting the Audit Vault Data Warehouse Retention Period Chapter 11 - Page 4
Practice 11-2: Purging Data from the Data Warehouse Overview In this practice you attempt to purge data from the data warehouse.
Assumptions Practices for Lessons 2, 3, and 4 were completed successfully.
Tasks 1.
2.
Navigate to the Warehouse Activity (Purge Activity) Page. a.
Click the Management tab.
b. c.
Click the Warehouse tab. Click the Purge Activity tab.
Purge the data in the data warehouse from yesterday. a.
3.
Enter yesterday’s date in the Start Date field. You can also use the calendar to select the date.
b.
Enter 1 in the Number of Days field.
c.
Click Purge Now.
You receive an error. Why are you unable to purge data from the data warehouse? Answer: You cannot purge any of the data in your data warehouse because you did not manually load the data.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 11-2: Purging Data from the Data Warehouse Chapter 11 - Page 5
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Practice 11-2: Purging Data from the Data Warehouse Chapter 11 - Page 6