Skip Headers
Oracle® Audit Vault Administrator's Guide
10g Release 2 (10.2.2)

Part Number B25321-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

C Audit Vault Oracle Database (AVORCLDB) Reference

Audit Vault Oracle Database (AVORCLDB) is a command-line utility that provides the ability to configure (add, alter, and drop) Oracle audit sources and Oracle collectors, verify source compatibility with the collectors, and set up Oracle Database audit sources for audit data collection by establishing the connection to the source through the collector.

Table C-1 describes the AVORCLDB commands and where each is used, whether on the Audit Vault Server, on the Audit Vault Agent, or in both places.

Table C-1 AVORCLDB Commands

Command Where Used? Description

add_collector

Server

Adds a collector to Audit Vault

add_source

Server

Registers an audit source with Audit Vault

alter_collector

Server

Alters the attributes of a collector

alter_source

Server

Alters the attributes of a source

drop_collector

Server

Drops a collector from Audit Vault

drop_source

Server

Drops a source from Audit Vault

-help

Both

Displays Help for the AVORCLDB commands

setup

Agent

Sets up the database link from the source database through the Audit Vault Agent to the Audit Vault database (repository) and verifies the connection using the wallet

verify

Both

Verifies that the source is compatible with the collectors that are specified for setup



avorcldb

The AVORCLDB command-line utility.

Syntax

avorcldb <command> -help

avorcldb <command> [<options>] <arguments>

Arguments

Argument Description
<command> One of the following commands: add_source, alter_source, drop_source, add_collector, alter_collector, drop_collector, setup, or verify
[<options>] The optional AVORCLDB options
<arguments> One or more of the AVORCLDB command arguments
-help Displays Help for the AVORCLDB commands

Options

Table C-2 describes the options for the AVORCLDB commands.

Table C-2 AVORCLDB Options

Option Description

-verbose

Provides more detailed output to standard output

-trace <level>

Controls the amount of information logged. The <level> argument can be one of the following: ERROR, WARN, or INFO.


Usage Notes

Example

The following output is from the avorcldb command executed in the Audit Vault Server home shell.

$ avorcldb -help

  Oracle DB Setup for Audit Vault
  -------------------------------
 
  Usage :
    avorcldb help
    avorcldb <command> -help
    avorcldb <command> <arguments>
 
 
Source setup commands
 
    verify
          -src <host:port:service> -srcusr <usr>/<pwd>
          -colltype [OSAUD,DBAUD,REDO,EVTLOG,ALL]
 
    add_source
          -src <host:port:service> -srcusr <usr>/<pwd> -avsrcusr <usr>
          [-srcname <srcname>] [-desc <desc>] [-agentname <agentname>]
 
    alter_source
          -srcname <srcname> [attrname=value]+
 
    drop_source
          -srcname <srcname>
 
Collector setup commands
 
    add_collector
          -srcname <srcname> -srcusr <usr>/<pwd> -agentname <agentname>
          -colltype [OSAUD|DBAUD|REDO|EVTLOG] [-collname <collname>]
          [-desc <desc>] [-avsrcusr <usr>/<pwd>] [-av <host:port:service>]
          [-instname <instname>]
 
    alter_collector
          -srcname <srcname> -collname <collname> [attrname=value]+
 
    drop_collector
          -srcname <srcname> -collname <collname>

The following output is from the avorcldb command executed in the Audit Vault Agent home shell.

$ avorcldb -help

  Oracle DB Setup for Audit Vault
  -------------------------------
 
  Usage :
    avorcldb help
    avorcldb <command> -help
    avorcldb <command> <arguments>
 
 
Agent Commands
 
    verify
          -src <host:port:service> -srcusr <usr>/<pwd>
          -colltype [OSAUD,DBAUD,REDO,EVTLOG,ALL]
 
    setup
          -srcname <srcname> -srcusr <usr>/<pwd> -wpwd <pwd>


add_collector

Adds a collector for the given source to Audit Vault. The source is verified for requirements of the collector. This command is run on the Audit Vault Server.

Syntax

avorcldb add_collector -srcname <srcname> -srcusr <usr>/<pwd> 
-agentname <agentname> -colltype [OSAUD,DBAUD,REDO,EVTLOG] [-collname <collname>]
[-desc <desc>] [-avsrcusr <usr>/<pwd>] [-av <host:port:service>]
[-instname <instname>]

Arguments

Argument Description
-srcname <srcname> The source name for which the collector is to be added
-srcusr <usr>/<pwd> The credentials of the user on the source database to collect audit data. The -srcusr argument can be omitted if the corresponding environment variable, AVORCLDB_SRCUSR is set to usr/pwd. If the command-line argument -srcusr is specified, then the command-line argument overrides the environment variable.
-agentname <agentname> The agent name where the collector is to be added
-colltype [OSAUD,DBAUD,REDO,EVTLOG] The collector type to be added
[-collname <collname>] The collector name. This argument is optional. If this argument is not specified, <colltype>_Collector will be used.
[-desc <desc>] A brief description of the collector. This argument is optional.
[-avsrcusr <usr>/<pwd>] The user on Audit Vault associated with the given source. This argument is required if the -colltype argument is REDO; otherwise, this argument is optional. The -avsrcusr argument can be omitted if the corresponding environment variable, AVORCLDB_AVSRCUSR is set to usr/pwd. If the command-line argument -srcusr is specified, then the command-line argument overrides the environment variable.
[-av <host:port:service>] The connection information for Audit Vault used for the database link from the source database to Audit Vault. This argument is required if the -colltype argument is REDO; otherwise, this argument is optional.
[-instname <instname>] The instance name of Audit Vault Oracle RAC installation. This argument must be used to add multiple OSAUD collectors (one for each instance).

Usage Notes

Example

The following example shows how to add an OSAUD collector to Oracle Audit Vault on Linux and UNIX platforms in an Oracle Real Application Clusters (Oracle RAC) installation using the -instname argument. In these examples, the AVORCLDB_SRCUSR environment variable is set to srcusr1/pwd and the -srcusr argument is omitted.

avorcldb add_collector -srcname source1db.domain.com 
-agentname 'Agent1' -colltype OSAUD -instname av01 
source SOURCE1DB.DOMAIN.COM verified for OS File Audit Collector collector
Adding collector...
Collector added successfully.
collector successfully added to Audit Vault

remember the following information for use in avctl
Collector name (collname): OSAUD_Collector

The following example shows how to add an OSAUD collector to Oracle Audit Vault on Windows platforms for the event log:

avorcldb add_collector -srcname source1db.domain.com
-agentname agent1
-colltype EVTLOG
source SOURCE1DB.DOMAIN.COM verified for Windows Event Log Audit Collector collector
Adding collector...
Collector added sucessfully.
collector successfully added to Audit Vault

remember the following information for use in avctl
Collector name (collname): EVTLOG_Collector

The following example shows how to add a DBAUD collector to Audit Vault:

avorcldb add_collector -srcname source1db.domain.com 
-agentname 'Agent1' -colltype DBAUD 
source SOURCE1DB.DOMAIN.COM verified for Aud$/FGA_LOG$ Audit Collector collector
Adding collector...
Collector added successfully.
collector successfully added to Audit Vault

remember the following information for use in avctl
Collector name (collname): DBAUD_Collector

The following example shows how to add a REDO collector to Audit Vault. In this example, the AVORCLDB_AVSRCUSR environment variable is set to avsrcuser1/pwd and the -avsrcusr argument is omitted.

avorcldb add_collector -srcname source1db.domain.com 
-agentname 'Agent1' -colltype REDO 
-av system1.domain.com:1521:av 
source SOURCE1DB.DOMAIN.COM verified for REDO Log Audit Collector collector
Adding collector...
Collector added successfully.
collector successfully added to Audit Vault

remember the following information for use in avctl
Collector name (collname): REDO_Collector
initializing REDO Collector
setting up APPLY process on Audit Vault server
setting up CAPTURE process on source database


add_source

Registers an audit source with Audit Vault for audit data consolidation. This command is run on the Audit Vault Server.

Syntax

avorcldb add_source -src <host:port:service> -srcusr <usr>/<pwd> 
-avsrcusr <usr> [-srcname <srcname>] [-desc <desc>] [-agentname <agentname>]

Arguments

Argument Description
-src <host:port:service> Source database connection information: host name, port number, and service ID (SID), separated by a colon
-srcusr <usr>/<pwd> Credentials of the user on the source database to collect audit data. The -srcusr argument can be omitted if the corresponding environment variable, AVORCLDB_SRCUSR is set to usr/password. If the command-line argument -srcusr is specified, then the command-line argument overrides the environment variable.
-avsrcusr <usr> The user on Audit Vault used to send audit data
[-srcname <srcname>] Optional source name. If this argument is not specified, the global database name of the source will be used.
[-desc <desc>] Optional description of the source
[-agentname <agentname>] Optional agent name to configure policy management

Usage Notes

Example

The following example shows how to register a source with Oracle Audit Vault. In this example, the AVORCLDB_SRCUSR environment variable is set to srcusr1/pwd and the -srcusr argument is omitted.

avorcldb add_source -src lnxserver:4523:hrdb.domain.com 
-avsrcusr srcusr1 -desc 'HR Database'
Adding source...
Source added successfully.
source successfully added to Audit Vault

remember the following information for use in avctl
Source name (srcname): RDBMSRC1.US.ORACLE.COM
map_source_to_agent
map_source_to_agent


alter_collector

Modifies the attributes of a collector. This command is run on the Audit Vault Server.

Syntax

avorcldb alter_collector -srcname <srcname> -collname <collname> 
      [<attrname>=<attrvalue>...<attrname>=<attrvalue>]

Arguments

Argument Description
-srcname <srcname> Specify the source (by source name) to which this collector belongs.
-collname <collname> Specify the collector (by collector name) to be modified.
[<attrname>=<attrvalue>] Specify the pair (attribute name, new attribute value) for mutable collector attributes for this collector type. This argument is optional. Separate multiple pairs by a space on the command line.

Usage Notes

You can modify one or more collector attributes at a time. Table C-3, Table C-4, and Table C-5 list the collector attributes (parameters) by collector type, whether the parameter is mutable, and its default value.

Table C-3 DBAUD Collector Attributes

Parameter Mutable Default Value

AUDAUDIT_DELAY_TIME

Yes

20 seconds

AUDAUDIT_SLEEP_TIME

Yes

5000 seconds

AUDAUDIT_ACTIVE_SLEEP_TIME

Yes

1000 seconds

AUDAUDIT_MAX_PROCESS_RECORDS

Yes

1000 centiseconds

AUDAUDIT_SORT_POLICY

Yes

NULL

AUDAUDIT_AUDIT_VAULT_ALIAS

No

NULL

AUDAUDIT_SOURCE_ALIAS

No

NULL


Table C-4 OSAUD Collector Attributes

Parameter Mutable Default Value

OSAUDIT_DEFAULT_FILE_DEST

Yes

$ORACLE_HOME/audit

OSAUD_FILE_DEST

Yes

$ORACLE_HOME/aidit

OSAUDIT_NLS_LANGUAGE

Yes

AMERICAN

OSAUDIT_NLS_TERRITORY

Yes

AMERICA

OSAUDIT_NLS_CHARSET

Yes

WE8ISO8859P1

OSAUDIT_LOG_LEVEL

Yes

WARNING

OSAUDIT_MAX_PROCESS_TIME

Yes

600 centiseconds

OSAUDIT_MAX_PROCESS_RECORDS

Yes

10000

OSAUDIT_CHANNEL_TYPE

No

NULL

OSAUDIT_AUDIT_VALUE_ALIAS

No

NULL

OSAUDIT_NT_ORACLE_SID

Yes

NULL


Table C-5 REDO Collector Attributes

Parameter Mutable Default Value

STRCOLL_SRCADM_NAME

No

NULL

STRCOLL_SRCADM_ALIAS

No

NULL

STRCOLL_HEARTBEAT_TIME

Yes

60 seconds

STRCOLL_DBSERVICE

No

NULL

STRCOLL_DBPORT

Yes

NULL

AV.DATABASE.NAME

No

NULL


Example

The following example shows how to alter the AUDAUDIT_DELAY_TIME attribute for the DBAUD_Collector collector in Audit Vault:

avorcldb alter_collector -srcname lnxserver.domain.com -collname DBAUD_Collector  AUDAUDIT_DELAY_TIME=60 
Altering collector...
Collector altered successfully.


alter_source

Modifies the attributes of the source. This command is run on the Audit Vault Server.

Syntax

avorcldb alter_source -srcname <srcname> 
      [<attrname>=<attrvalue>...<attrname>=<attrvalue>]

Arguments

Argument Description
-srcname <srcname> Specify the source (by source name) to be modified.
[<attrname>=<attrvalue>] Specify the pair (attribute name, new attribute value) for the mutable source attributes of this source to be modified. This argument is optional. Separate multiple pairs by a space on the command line.

Usage Notes

You can modify one or more source attributes at a time. Table C-6 lists the source attributes (parameters), the values allowed for certain parameters, whether the parameter is mutable, and its default value.

Table C-6 Source Attributes

Parameter Description Mutable Default Value

SOURCETYPE

A new source type name for this source

Yes

NULL

NAME

A new name for this source

Yes

NULL

HOST

A new source host name

Yes

NULL

HOSTIP

A new source host IP address

Yes

NULL

VERSION

A new source version

Yes

NULL

TIMEZONE

A new time zone for this source

Yes

NULL

USERNAME

A new user name used to connect to this audit data source

Yes

NULL

PASSWORD

The password of the user used to connect to this audit data source

Yes

NULL

AUTHETICATION

A new authentication method, either AUTH_TYPE_PWD or AUTH_TYPE_SSL

Yes

NULL

DESCRIPTION

A new description for this source

Yes

NULL

DB_SERVICE

A new audit data source service name

Yes

NULL

PORT

A new port number for this system where the source audit data resides

Yes

NULL

GLOBAL_DATABASE_NAME

The new global database name

Yes

NULL

WALLET_LOC

The new wallet location, if used, for this audit data source

Yes

NULL


Example

The following example shows how to alter the DESCRIPTION and SOURCE_HOST attributes for the source named lnxserver.domain.com in Oracle Audit Vault:

avorcldb alter_source -srcname lnxserver.domain.com DESCRIPTION='HR Database' 
SOURCE_HOST='lnxserver.domain.com'
Altering source...
Source altered successfully.


drop_collector

Drops a collector from Oracle Audit Vault. This command is run from the Audit Vault Server.

Syntax

avorcldb drop_collector -srcname <srcname> -collname <collname>  

Arguments

Argument Description
-srcname <srcname> Specify the name of the source to which the collector (specified in the -collname argument) belongs.
-collname <collname> Specify the collector (by collector name) to be dropped from Oracle Audit Vault.

Usage Notes

The drop_collector command will not delete the collector from Oracle Audit Vault; it actually disables the collector. The user can neither add the same collector name again nor enable the old name.

Example

The following example shows how to drop the collector named 'DBAud_Collector' from Oracle Audit Vault:

avorcldb drop_collector -srcname lnxserver.domain.com -collname DBAud_Collector
Dropping collector...
Collector dropped successfully.


drop_source

Drops a source from Oracle Audit Vault. This command is run on the Audit Vault Server.

Syntax

avorcldb drop_source -srcname <srcname> 

Arguments

Argument Description
-srcname <srcname> Specify the source (by source name) to be dropped from Oracle Audit Vault.

Usage Notes

Example

The following example shows how to drop the source named lnxserver.domain.com from Oracle Audit Vault:

avorcldb drop_source -srcname lnxserver.domain.com 
Dropping source...
Source dropped successfully.


-help

Displays Help for the AVORCLDB commands. This command is run on both the Audit Vault Server and the Audit Vault Agent.

Syntax

avorcldb -help

avorcldb <command> -help

Arguments

Argument Description
<command> The name of an AVORCLDB command for which you want Help to appear

Usage Notes

None

Example

The following example shows how to display general AVORCLDB utility Help in Audit Vault:

avorcldb -help

The following example shows how to display specific AVORCLDB Help for the add_source command in the Audit Vault Server home shell.

$ avorcldb add_source -help
  avorcldb add_source command
 
    add_source
          -src <host:port:service> -srcusr <usr>/<pwd> -avsrcusr <usr>
          [-srcname <srcname>] [-desc <desc>] [-agentname <agentname>]
 
  Purpose: The source is added to Audit Vault. The global DB Name
       of the source database is used as the Source Name in Audit Vault.
       The user specified in -srcusr argument must exist on the source DB.
       The user specified in -avsrcusr argument must exist on Audit Vault.
 
  Arguments:
       -src        : Source DB connection information
       -srcusr     : Credentials of user on Source DB to collect audit data
       -avsrcusr   : User on Audit Vault used to send audit data
       -srcname    : Optional name of source, default : <global_dbname>
       -desc       : Optional description of the source
       -agentname  : Optional agent name to configure policy management
 
  Examples:
     avorcldb add_source -src lnxserver:4523:hrdb.domain.com
         -srcusr srcusr/passwd -avsrcusr avsrcuser -desc 'HR Database'


setup

Sets up the database link from the source database through the Audit Vault Agent to the Audit Vault database (repository) and verifies the connection using the wallet. This command is run on the Audit Vault Agent.

Syntax

avorcldb setup -srcname <srcname> -srcusr <usr>/<pwd> -wpwd <pwd> 

Arguments

Argument Description
-srcname <srcname> The name of the source database
-srcusr <usr>/<pwd> Credentials of the user on the source database to collect audit data. The -srcusr argument can be omitted if the corresponding environment variable, AVORCLDB_SRCUSR is set to usr/pwd. If the command-line argument -srcusr is specified, then the command-line argument overrides the environment variable.
-wpwd <pwd> The wallet password (the password needed to open the wallet). This is the password of the agent user granted the AV_AGENT role. The -wpwd argument can be omitted if the corresponding environment variable, AVORCLDB_WPWD is set to pwd. If the command-line argument -wpwd is specified, then the command-line argument overrides the environment variable.

Options

See Table C-2 command for a list of options.

Usage Notes

Example

The following example sets up the REDO and OSAUD collectors. In this example, the AVORCLDB_SRCUSR environment variable is set to srcusr1/pwd and the AVORCLDB_WPWD environment variable is set to pwd and the -srcusr and -wpwd arguments are omitted.

avorcldb setup -verbose -srcname lnxserver:hrdb.domain.com
updated tnsnames.ora with alias [SRCDB1] to source database
adding credentials for user srcdba2 for connection [SRCDB1]
Storing user credentials in wallet...
Create credential oracle.security.client.connect_string2
done.
verifying SRCDB1 connection using wallet


verify

Verifies that the source is compatible for setting up the specified collectors. This command can be run on both the Audit Vault Server and the Audit Vault Agent.

Syntax

avorcldb verify -src <host:port:service> -srcusr <usr>/<pwd> 
       -colltype [OSAUD,DBAUD,REDO,EVTLOG,ALL] 

Arguments

Argument Description
-src <host:port:service> Source database connection information: host name, port number, and service ID (SID), separated by a colon
-srcusr <usr>/<pwd> Credentials of the user with privileges required to verify the source. The -srcusr argument can be omitted if the corresponding environment variable, AVORCLDB_SRCUSR is set to usr/pwd. If the command-line argument -srcusr is specified, then the command-line argument overrides the environment variable.
-colltype [OSAUD,DBAUD,REDO,EVTLOG,ALL] List of collector types [REDO, DBAUD, OSAUD, EVTLOG] or ALL

Options

See Table C-2 for a list of options.

Usage Notes

None

Example

The following example verifies that the source is compatible with the OSAUD, DBAUD, and REDO collectors on a Linux or UNIX-based system. For Windows systems, one additional OS File Audit Collector type is displayed for collecting audit records from the Windows event log. In this example, the AVORCLDB_SRCUSR environment variable is set to srcusr1/pwd and the -srcusr argument is omitted.

avorcldb verify -src lnxserver:4523:hrdb.domain.com -colltype ALL
source HRDB.DOMAIN.COM verified for OS File Audit Collector collector
source HRDB.DOMAIN.COM verified for Aud$/FGA_LOG$ Audit Collector collector
source HRDB.DOMAIN.COM verified for REDO Log Audit Collector collector