Oracle® Audit Vault Administrator's Guide 10g Release 2 (10.2.2) Part Number B25321-02 |
|
|
View PDF |
Once you have configured and started agents and their collectors and set up the sources to be audited as described in Chapter 3, you may need to perform some additional configuration tasks and also begin to manage Audit Vault.
This chapter includes the following sections:
Some additional Audit Vault configuration tasks may include performing the following tasks as needed or as indicated previously in Chapter 3:
See Oracle Audit Vault Agent Installation Guide for information about installing an Audit Vault Agent.
Agents can only be added or dropped.
Agents can be dropped from Oracle Audit Vault. The AVCA drop_agent command does not delete the agent from Oracle Audit Vault. The AVCA drop_agent command disables the agent. Therefore, you can neither add an agent by the same name as the one that was dropped nor enable an agent that has been dropped.
To drop an agent, use the AVCA drop_agent command. For example:
avca drop_agent -agentname OC4JAgent1
See Appendix A for reference information about each of these commands.
To use the Audit Vault Console to manage agents, log in to the Audit Vault Console as the user with AV_ADMIN
role granted. Click the Configuration tab, then the Agent subtab to display the Agent page (see Figure 4-1).
Figure 4-1 Agent Configuration Management Page
From the Agent page, you can:
Enter an agent name in the Agent field and then click Go to view information about that agent.
Select an agent, then click View to view the properties for the agent. After viewing the agent properties on the View Agent page, click OK to return to the Agent page.
Select an agent, then click Edit to edit the properties for an agent. On the Edit Agent page, edit the desired properties for the agent. Click OK to save your changes and return to the Agent page.
Select an agent, then click Delete to delete that agent. Once you delete that agent, its name cannot be used again to create another agent.
Click Create to create an agent. An Add Agent page appears.
At the Add Agent page, specify values for the following agent fields.
Name
Host
Port
User
Description
Click OK to add the agent to Oracle Audit Vault and return to the Agent page, where you can view agent information including the agent just created.
Click Help on any of these agent pages for more information.
Sources are databases in which the audit trail data is being managed by Oracle Audit Vault. Before adding a source, the Audit Vault Agent, which manages the collectors to extract the audit trail data, must exist or be installed.
This section describes configuring sources. After issuing the AVORCLDB setup command, a source is added and the specified collectors are added to Oracle Audit Vault (see Section 3.2).
The following information was provided to add the source to Audit Vault using the following arguments in the AVORCLDB add_source command:
-src <host:port:service>
– The source connection information consisting of the host name:port number:service ID (SID), separated by a colon.
-srcusr <usr>/<password>
– The source user name and password of the user granted AV_SOURCE role. The -srcusr
argument can be omitted if the corresponding environment variable, AVORCLDB_SRCUSR
is set to usr/
password
. If the command-line argument -srcusr
is specified, then the command-line argument overrides the environment variable.
-avsrcusr <usr>
– The Audit Vault source user name.
[-srcname <srcname>]
– Optional source name. If this argument is not specified, the global database name of the source will be used.
[-desc <desc>]
– Optional brief description of the source.
[-agentname <agentname>]
– Optional agent name to configure policy management.
The following source attribute information is modifiable after its creation by using the optional <attrname>=<attrvalue>
argument and by separating multiple pairs by a space on the command line. The following attributes can be modified by entering one or more sets of attribute name and value pairs to be changed using the AVORCLDB alter_source command:
SOURCETYPE
– A new source type for this source
NAME
– A new name for this source
HOST
– A new source host name
HOSTIP
– A new source host IP address
VERSION
– A new source version
TIMEZONE
– A new time zone for this source
USERNAME
– A new user name used to connect to this audit data source
PASSWORD
– The password of the user name used to connect to the audit data source
AUTHENTICATION
– A new authentication method
DESCRIPTION
– A new description for this source
DB_SERVICE
– A new audit data source service name
PORT
– A new port number for the system where the audit data resides
GLOBAL_DATABASE_NAME
– The new global database name for this source
WALLET_LOC
– The wallet location, if used, for this audit data source
You can modify one or more attributes at a time using the AVORCLDB alter_source command. See the AVORCLDB alter_source command for more information.
To drop a source, specify its name in an AVORCLDB drop_source command. However, a source cannot be dropped or deleted if there are any active collectors for this source. All collectors must be inactive (dropped) to successfully drop or delete a source from Oracle Audit Vault. The drop_source command does not delete the source from Oracle Audit Vault. The drop_source command disables the source. Therefore, you can neither add a source by the same name as the one that was dropped nor enable a source that has been dropped. Audit data for a dropped source will no longer be collected once the source has been dropped, but information for a dropped source is maintained in Oracle Audit Vault with a status of dropped (inactive).
To alter a source, use the following AVORCLDB alter_source command:
avorcldb alter_source -srcname testSrc -srcdesc new desc
Use the AVORCLDB drop_source command to drop a source. For example:
avorcldb drop_source -srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM
See Appendix C for reference information about each of these commands.
To use the Audit Vault Console to manage sources, log in to the Audit Vault Console as the user with AV_ADMIN role granted. Click the Configuration tab, then the Audit Source subtab to display the Source Configuration Management page (see Figure 4-2).
Figure 4-2 Source Configuration Management Page
From the Source Configuration Management page, you can:
Enter a source type in the Source Type field and optionally enter a name of a source in the Source field, and then click Go to search for sources of that source type or a specific source of that source type.
Select a source, then click View to view the properties and attributes for the source. After viewing the source properties and attributes on the View Source Details page, click OK to return to the Source Configuration Management page.
Select a source, then click Edit to edit the properties and attributes for a source. On the Edit Source Details page, edit the desired properties and attributes for the source. Click OK to save your changes and return to the Source Configuration Management page.
Select a source, then click Delete to delete that source. Once you delete that source, its name cannot be used again to create another source.
Click Create to create a source. A series of three Add Source pages appears. On the Add Source: Properties (Step 1 of 3) page, enter the properties for the source, then click Next. On the Add Source: Attributes (Step 2 of 3) page, enter the attributes for the source, then click Next. On the Add Source: Review (Step 3 of 3) page, review the properties and attributes for the source that you are about to create. Click Next to create the source and return to the Source Configuration Management page, where you will see an entry for the source that you just created.
Click Help on any of the Source Configuration Management pages for more information.
This section describes configuring collectors using the AVCA utility. An Audit Vault collector is responsible for the collection of audit data for a source. The audit data is collected and sent to Oracle Audit Vault. A channel represents a session between a collector at the source and Oracle Audit Vault. A collector opens a channel to the audit service. After you issue the AVORCLDB setup command to set up the source at the agent (see Section 3.2).
The following information was provided to add each collector to Audit Vault using the following arguments in the AVORCLDB add_collector command:
-srcname <srcname>
– The source name from which this collector will collect audit data.
-srcusr <usr>/<password>
– The name and password of the source user granted the AV_SOURCE
role to use this source. The -srcusr
argument can be omitted if the corresponding environment variable, AVORCLDB_SRCUSR
is set to usr/
password
. If the command-line argument -srcusr
is specified, then the command-line argument overrides the environment variable.
-agentname <agentname>
– The name of the agent to which this collector is associated.
-colltype [OSAUD,EVTLOG DBAUD,REDO]
– The type of collector this collector is OSAUD, EVTLOG, DBAUD, or REDO.
[-collname <collname>]
– Optional unique name of the collector.
[-desc <desc>]
– Optional brief description of the collector.
[-avsrcusr <usr>/<password>]
– Optional Audit Vault user and password associated with the given source. The argument is required if the -colltype
argument value is REDO. The -avsrcusr
argument can be omitted if the corresponding environment variable, AVORCLDB_AVSRCUSR
is set to usr/
password
. If the command-line argument -srcusr
is specified, then the command-line argument overrides the environment variable.
[-av <host:port:service>]
– Optional connection information for Audit Vault used for the database link from the source database to Audit Vault. This argument is required if the -colltype
argument value is REDO.
[-instname <instname>]
– Optional instance name of Audit Vault Oracle Real Application Clusters (Oracle RAC) installation. This argument must be used to add multiple OSAUD collectors (one for each instance).
You can modify the following collector attribute information after its creation by using the optional <attrname>=<attrvalue>
argument and by separating multiple pairs by a space on the command line. The following attributes can be modified by entering one or more sets of attribute name and value pairs to be changed in the AVORCLDB alter_collector command:
COLLECTORTYPE
– A new collector type for this collector
NAME
– A new name for this collector type
COLLECTOR_NAME
– A new name for this collector
AGENT
– A new name for the agent
AUDIT_SERVICE_TYPE
– A new type of audit service for this collector: default, filter, or batch
SOURCE
– A new source name for this collector
DESCRIPTION
– A new description for this collector
For the OSAUD collector, the following attributes can be modified (mutable) as noted:
OSAUDIT_DEFAULT_FILE_DEST
– The default directory for Oracle operating system audit files. The default value is $ORACLE_BASE/admin/DB_UNIQUE_NAME/adump. A valid value is a directory name on the host system. This attribute is mutable.
OSAUDIT_FILE_DEST
– The directory where Oracle operating system audit files can be found. The default value is $ORACLE_BASE/admin/DB_UNIQUE_NAME/adump. Another valid value is $ORACLE_HOME/rdbms/audit. This attribute is mutable.
OSAUDIT_NLS_LANGUAGE
– The NLS language of the data source. The default value is AMERICAN. This attribute is mutable.
OSAUDIT_NLS_TERRITORY
– The NLS territory of the data source. The default value is AMERICA. This attribute is mutable.
OSAUDIT_NLS_CHARSET
– The NLS character set of the data source. The default value is WE8ISO8859P1. This attribute is mutable.
OSAUDIT_LOG_LEVEL
– The log level: FATAL, ERROR, WARNING, INFO, and DEBUG. The default value is WARNING. This attribute is mutable.
OSAUDIT_MAX_PROCESS_TIME
– The maximum processing time for each call to process the collector (in centiseconds). A valid value is an integer value from 10 to 10000. The default value is 600. This attribute is mutable.
OSAUDIT_MAX_PROCESS_RECORDS
– The maximum number of records to be processed during each call to process the collector. A valid value is an integer value from 10 to 10000. The default value is 10000. This attribute is mutable.
OSAUDIT_CHANNEL_TYPE
– The channel type being used by the collector. The default value is NULL. This attribute is not mutable.
OSAUDIT_AUDIT_VAULT_ALIAS
– The alias name for the Audit Vault Server. The default value is NULL. This attribute is not mutable.
OSAUD_NT_ORACLE_SID
– The Oracle SID name on Windows systems. The default value is NULL. This attribute is mutable.
For the DBAUD collector, the following attributes can be modified (mutable) as noted:
AUDAUDIT_DELAY_TIME
– The amount of delay time (in seconds) for the DBAUD process. The default value is 20. This attribute is mutable.
AUDAUDIT_SLEEP_TIME
– The amount of sleep time (in seconds) for the DBAUD process. The default value is 5000. This attribute is mutable.
AUDAUDIT_ACTIVE_SLEEP_TIME
– The amount of active sleep time for the DBAUD process. The default value is 1000 (in seconds). This attribute is mutable.
AUDAUDIT_MAX_PROCESS_RECORDS
– The maximum processing time for each call to process the collector (in centiseconds). A valid value is an integer value from 10 to 10000. The default value is 1000. This attribute is mutable.
AUDAUDIT_SORT_POLICY
– The audit data sort policy. The default value is NULL. This attribute is mutable.
AUDAUDIT_AUDIT_VAULT_ALIAS
– The alias name for the Audit Vault Server. The default value is NULL. This attribute is not mutable.
AUDAUDIT_SOURCE_ALIAS
– The alias name for the audit data source. The default value is NULL. This attribute is not mutable.
For the REDO collector, the following attributes can be modified (mutable) as noted:
STRCOLL_SRCADM_NAME
– The name of the audit data source. The default value is NULL. This attribute is not mutable.
STRCOLL_SRCADM_ALIAS
– The alias name for the audit data source. The default value is NULL. This attribute is not mutable.
STRCOLL_HEARTBEAT_TIME
– The time, in seconds, between monitoring events for monitoring the status of the Audit Vault REDO collection system. The default value is 60. This attribute is mutable.
STRCOLL_DBSERVICE
– The service name of the audit data source Oracle database. The default value is NULL. This attribute is not mutable.
STRCOLL_DBPORT
– The port number of the audit data source Oracle database. The default value is NULL. This attribute is mutable.
AV.DATABASE.NAME
– The Audit Vault database name. The default value is NULL. This attribute is not mutable.
You can modify one or more attributes for a collector at a time using the AVORCLDB alter_collector command. See the AVORCLDB alter_collector command for more information.
To drop a collector, specify its name in an AVORCLDB drop_collector command.
The AVORCLDB drop_collector command does not delete the collector from Oracle Audit Vault. The drop_collector
command disables the collector. Therefore, you can neither add a collector by the same name as the one that was dropped nor enable a collector that has been dropped.
To alter a collector, use the following AVORCLDB alter_collector command:
avorcldb alter_collector -collname testColl -srcname testSrc -colldesc "new desc"
Use the AVORCLDB drop_collector command to drop a collector. For example:
avorcldb drop_collector -srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM -collname STREAMSCOLLECTOR
See Appendix C for reference information about each of these commands.
To use the Audit Vault Console to manage collectors, log in to the Audit Vault Console as the user with AV_ADMIN
role granted. Click the Configuration tab, Audit Source tab, then the Collector subtab to display the Collector Configuration Management page (see Figure 4-3).
Figure 4-3 Collector Configuration Management Page
From the Collector Configuration Management page, you can:
Enter a collector type in the Collector Type field and optionally enter a name of a collector in the Collector field, and then click Go to search for collectors of that collector type or a specific collector of that collector type.
Select a collector, then click View to view the properties and attributes for the collector. After viewing the collector properties and attributes on the View Collector Details page, click OK to return to the Collector Configuration Management page.
Select a collector, then click Edit to edit the properties and attributes for a collector. On the Edit Collector Details page, edit the desired properties and attributes for the collector. Click OK to save your changes and return to the Collector Configuration Management page.
Select a collector, then click Delete to delete that collector. Once you delete that collector, its name cannot be used again to create another collector.
Click Create to create a collector. A series of three Add Collector pages appears. On the Add Collector: Properties (Step 1 of 3) page, enter the properties for the collector, then click Next. On the Add Collector: Attributes (Step 2 of 3) page, enter the attributes for the collector, then click Next. On the Add Collector: Review (Step 3 of 3) page, review the properties and attributes for the collector that you are about to create. Click Next to create the collector and return to the Collector Configuration Management page, where you will see an entry for the collector that you just created.
Click Help on any of the Collector Configuration Management pages for more information.
Audit data moves to the data warehouse according to a specified schedule known as the warehouse schedule. After audit data is transferred from the source to the Audit Vault raw audit data store, an Oracle DBMS_SCHEDULER job runs an ETL (extract, transformation, load) process to normalize the raw audit data into the data warehouse. By default, the default DBMS_SCHEDULER job runs every 24 hours. Audit data is retained in the data warehouse for a specified period of time. Audit data can be refreshed in the data warehouse according to a schedule.
Audit Vault provides statistics of the ETL process to update the warehouse as shown in Figure 4-4. By utilizing the information provided in the Duration in Minutes
and CPU Used
columns, you can estimate how often the job may be run to update the data warehouse infrastructure.
Figure 4-4 History of Refreshing Page Showing Statistics of the ETL Process
Use the AVCA set_warehouse_schedule command to refresh data from the raw audit data store by setting values for the following arguments:
-schedulename <schedule name>
– The schedule name
-startdate <start date>
– The start date
-rptintrv <repeat interval>
– The repeat interval
[-dateformat <date format>]
– Optional date format for the -startdate
argument
The AVCA set_warehouse_schedule command is overloaded and can be used to either specify a schedule name created using DBMS_SCHEDULER.create_schedule
procedure or specify a start date and repeat interval and optionally specify a particular date format. For example, the following AVCA set_warehouse_schedule command uses a start date and repeat interval argument to set the schedule for refreshing data from the raw audit data store to the star schema.
avca set_warehouse_schedule -startdate 01-JUL-06 -rptintrv 'FREQ=DAILY;BYHOUR=0'
Use the AVCA set_warehouse_retention command to control the amount of data kept online in the data warehouse fact table by setting values for the year month interval.
The following example controls the amount of data kept online in the data warehouse table for a time interval of one year.
avca set_warehouse_retention -intrv +01-00
See Appendix A for reference information about each of these commands.
To use the Audit Vault Console to set these warehouse settings, log in to the Audit Vault Console as the user with AV_ADMIN
role granted. Click the Configuration tab, then the Warehouse subtab to display the Warehouse Settings page (see Figure 4-5).
On the Warehouse Settings page, specify a standard schedule by selecting a Schedule Type of type Standard. Then specify the following frequency settings to move new audit data to the warehouse:
Frequency Type by minutes, by hours, by days, weekly, monthly, or yearly
Interval (Days) indicates the time between moving audit data to the warehouse
Time Zone indicates the local time zone of the warehouse
Start Date indicates the beginning day in which to move audit data to the warehouse
Start time indicates the beginning time in which to move audit data to the warehouse
You can also specify a predefined schedule by selecting a Schedule Type of Use Pre-defined Schedule and then selecting the schema in the Schema field where the schedule is located and selecting the name of the schedule in the Schedule field.
Next, specify the retention time or length of time to retain the audit data in the warehouse in the Retention Time field.
Check your settings, then click Apply to save your warehouse settings.
Click Help on the Warehouse Settings page for more information.
Before loading audit data into the data warehouse that has been archived for long-term storage, you must disable alert processing so that alerts are not reissued again.
To use the Audit Vault Console to globally disable alert processing, log in to the Audit Vault Console as the user with AV_ADMIN
role granted. Click the Configuration tab, then the Alert subtab to display the Alert Settings page (see Figure 4-6).
On the Alert Settings page, at the Alert Processing Status field, click the Disable option to globally disable alert processing, then click Apply.
Click Help on the Alert Settings page for more information.
Audit event category management consists of viewing the Audit Vault audit event categories, their attributes, and their audited events.
To use the Audit Vault Console to view the audit event categories, log in to the Audit Vault Console as the user with AV_ADMIN
role granted. Click the Configuration tab, then the Audit Event Category subtab to display the Audit Event Category Management page (see Figure 4-7).
Figure 4-7 Audit Event Category Management Page
On the Audit Event Category Management page, audit event categories appear in tabular format, showing the following columns:
Audit Event Category
Audit Event Category Description
Format Name
Format Module
From the Audit Event Category Management page, you can select an Audit Source Type and then view the audit event categories for that audit source type. The only audit source type available in this release is ORCLDB, the Oracle Database audit source type.
From the Audit Event Category Management page, you can select an audit event category, then click View to view its attributes and audit events on the View Audit Event Category page. From the View Audit Event Category page, the Attributes tab appears by default, showing the attributes for the selected audit event category. Click the Audit Events tab to display the audit events that are audited for the selected audit event category.
Click Help on any of the Audit Event Category Management pages for more information.
Managing Audit Vault consists of performing the following tasks as needed or as indicated in Chapter 3:
On occasion, you might need to shut down Audit Vault Console, for example, as part of the process of removing Audit Vault Console from the system.
To shut down Audit Vault Console, use the AVCTL stop_av command, which executes an emctl stop dbconsole
command. For example:
avctl stop_av
To check the status of Audit Vault Console, use the AVCTL show_av_status command.
avctl show_av_status
To start the Audit Vault Console, use the AVCTL start_av command, which executes an emctl start dbconsole
command. For example:
avctl start_av
The agent OC4J process might terminate abnormally, and you might need to restart it manually. However, first you might want to check its status.
To check the status of agent OC4,use the AVCTL show_oc4j_status command.
avctl show_oc4j_status
To start the agent OC4J, use the AVCTL start_oc4j command. For example:
avctl start_oc4j
If the agent OC4J process must be halted, for example, as one of steps for removing the Audit Vault Agent software from a system, use the AVCTL stop_oc4j command. For example:
avctl stop_oc4j
An agent is first installed on the system on which an audit source resides. Next, the agent is deployed as part of the installation process. This operation deploys the Audit Vault Agent into the standalone OC4J instance. Then the method of authentication is determined for the agent to communicate with the Audit Vault system. Finally, the network communication is established between the agent and its collectors and the Audit Vault system. Once these tasks are completed as part of the postinstallation process, the agent is ready to be managed.
To manage an agent, use the AVCTL utility. When an AVCTL start_agent command is issued for an agent and that command is successful, the agent and its set of collectors are put into a RUNNING state. To check the agent status, issue the show_agent_status command. The AVCTL stop_agent command is issued to stop an agent so that you can perform maintenance on it.
The following AVCTL start_agent command starts the agent:
avctl start_agent -agentname OC4JAGENT1
The following AVCTL show_agent_status command checks the agent status.
avctl show_agent_status -agentname OC4JAGENT1
The following AVCTL stop_agent command stops the agent:
avctl stop_agent -agentname OC4JAGENT1
See Appendix B for reference information about each of these commands.
To manage agent metadata, use the AVCA utility. See Section 3.3 for tutorial information and see Appendix A for reference information.
To use the Audit Vault Console to manage agents, log in to the Audit Vault Console as the user with the AV_ADMIN
role granted. Click the Management tab, then the Agents subtab to display the Agents page (see Figure 4-8).
On the Agents page, you can view agent information and start and stop agents. Agent information includes:
Agent – Name of the agent
Host – The host name where the agent is installed
Port – The port number of the host system where the agent is installed
HTTPS – Whether or not the agent is communicating with the Audit Vault Server using a secure communication channel (HTTPS)
Status – The current running status of the agent: an up green arrow indicates the agent is running; a down red arrow indicates the agent is not running, or error indicates the agent is in an error state
To start an agent, select the agent and click Start. To stop an agent, select the agent and click Stop.
Click Help for more information.
Once an agent is installed, deployed, and started so that it is in a RUNNING state, you can set up collectors on the sources where the agent resides.
The following AVCTL start_collector command starts the collector named REDO_Collector in Oracle Audit Vault:
avctl start_collector -collname REDO_Collector -srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM
The following AVCTL show_collector_status command checks the collector status of the REDO_Collector collector.
avctl show_collector_status -collname REDO_Collector -srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM
The following AVCTL stop_collector command stops the collector named REDO_Collector in Oracle Audit Vault:
avctl stop_collector -collname REDO_Collector -srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM
See Appendix B for reference information about each of these commands.
To manage collector metadata, use the AVCA and AVORCLDB utilities. See Section 3.3 for tutorial information and see Appendix A and Appendix C for reference information.
To use the Audit Vault Console to manage collectors, log in to the Audit Vault Console as the user with AV_ADMIN role granted. Click the Management tab, then the Collectors subtab to display the Collectors page (see Figure 4-9).
On the Collectors page, you can view collector information and start and stop collectors. Collector information includes:
Collector – Name of the collector
Agent – The name of the agent for this collector
Audit Source – The name of the audit data source
Status – The current running status of the collector: an up green arrow indicates the collector is running, a down red arrow indicates the collector is not running, an error indicates that the collector is in an error state
Records Per Second – The number of records per second being collected for the current time period
Bytes Per Second – The number of bytes per second in audit records being collected for the current time period
To start a collector, select the collector and click Start. To stop a collector, select the collector and click Stop.
Click Help for more information.
Use the Audit Vault Console to manage or view the history of refreshing, purging, and loading the data warehouse.
Use the AVCA command-line utility to populate the star schema with data from the raw audit data store, to refresh the data warehouse dimensions and fact tables with the data in the raw audit data store since the last refresh operation, and to remove audit data from the data warehouse. See the AVCTL load_warehouse, purge_warehouse, and refresh_warehouse commands for reference information.
For example, once audit records are collected and sent to the raw audit data store, refresh the warehouse to populate the warehouse with this fresh set of collected audit records for analysis. In the Audit Vault Server home shell, issue an AVCTL refresh_warehouse command specifying the -wait
argument, as shown in Example 4-1.
Example 4-1 Refreshing the Warehouse
avctl refresh_warehouse -wait AVCTL started Refreshing warehouse... Waiting for refresh to complete... done.
See Appendix B for reference information about each of these commands.
To use the Audit Vault Console to view warehouse history information, log in to the Audit Vault Console as the user with the AV_ADMIN
role granted. Click the Management tab, then the Warehouse subtab to display the Warehouse Load History page. From this page, you can select the History of Refreshing page (see Figure 4-10), the History of Loading page, or the History of Purging page.
Figure 4-10 Warehouse Load History: History of Refreshing Page
On the History of Refreshing page, you can view warehouse refresh history information in tabular format that includes the following column headings:
Scheduled – The scheduled time to perform a refresh operation
Start – The start time when a refresh operation started
Duration (minutes) – The total time required to complete a refresh operation
CPU Used – The amount of time used to complete a refresh operation
Error Number – The Oracle ORA- error number, if any, resulting from a refresh operation
Message – Any error messages, if any, resulting from a refresh operation
Status – The current status of a refresh operation: STOPPED or SUCCEEDED
Click Refresh Now to refresh the warehouse with audit data.
From the Warehouse Load History page, click History of Loading to display the History of Loading page. This page displays information about archived warehouse information that is reloaded into the warehouse. The column headings in tabular format that appear are identical to those in the History of Refreshing page described previously.
Click Load Now to load the warehouse with archived warehouse audit data.
From the Warehouse Load History page, click History of Purging to display the History of Purging page. This page displays information about warehouse audit data removed from the warehouse. The column headings in tabular format that appear are identical to those in the History of Refreshing page described previously.
Click Purge Now to purge the current warehouse audit data from the warehouse.
Click Help on any of the warehouse history pages for more information.
Audit Vault errors are logged in to an error table. You can view these errors using the Audit Vault Console.
To use the Audit Vault Console to view Audit Vault errors, log in to the Audit Vault Console as the user with AV_ADMIN role granted. Click the Management tab, then the Audit Errors subtab to display the Audit Errors page (see Figure 4-11).
On the Audit Errors page, you can search for audit errors for a given time period. To do this, select one of the Error Time field options: Last 24 Hours, Last One Week, or Last One Month, and then click Go.
You can also search for audit errors for a given time period by selecting The Period field option and in the From field, enter a date and time or click the calendar icon to select a date and time, in the To field, enter a date and time or click the calendar icon to select a date and time, and then click Go.
On the Audit Errors page, you can view the error information in tabular format with the following column headings:
Error Time – Local time when the audit error was generated
Audit Source – The audit source on which the audit error originated
Collector – The collector on which the audit error originated
Module – The module name involved in the audit error
Message – The content of the audit error message
Click Help for more information.