Skip Headers
Oracle® Audit Vault Administrator's Guide
Release 10.2.3

Part Number E11059-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

B Audit Vault Control (AVCTL) Reference

Audit Vault Control (AVCTL) is a command-line utility that provides the Audit Vault administrator with the ability to control various Audit Vault components.

Table B-1 describes the Audit Vault Control commands and where each is used, whether on the Audit Vault Server, on the Audit Vault Collection Agent, or in both places.

Table B-1 Audit Vault Control Commands

Command Where Used Description

-help

Both

Displays Help for the AVCTL commands

load_warehouse

Server

Loads older data from the raw audit data store into the data warehouse tables for analysis

purge_warehouse

Server

Purges audit data that was reloaded into the warehouse

refresh_warehouse

Server

Refreshes the data warehouse with the data in the raw audit data store since the last refresh operation.

show_agent_status

Server

Shows the status (metric) of a collection agent

show_av_status

Server

Shows the status (metric) of the Audit Vault Console

show_collector_status

Server

Shows the status (metric) of a collector

show_oc4j_status

Collection Agent

Shows the status (metric) of the collection agent OC4J

start_agent

Server

Starts the collection agent

start_av

Server

Starts the Audit Vault Console

start_collector

Server

Starts the collector

start_oc4j

Collection Agent

Starts the collection agent OC4J

stop_agent

Server

Stops the collection agent

stop_av

Server

Stops the Audit Vault Console

stop_collector

Server

Stops the collector

stop_oc4j

Collection Agent

Stops the collection agent OC4J


Note:

In an Oracle RAC environment, AVCTL commands must be issued from the node on which Oracle Enterprise Manager resides. This is the same node on which the av.ear file is deployed.

If the node on which the av.ear file is deployed is down, deploy the av.ear file to another node using the AVCA deploy_av command.


-help

Displays Help for the AVCTL commands. This command is run on both the Audit Vault Server and the Audit Vault Collection Agent.

Syntax

avctl -help

avctl <command> -help

Arguments

Argument Description
<command> The name of an AVCTL command for which you want Help to appear

Usage Notes

None

Example

The following example shows how to display general AVCTL utility Help in the Audit Vault Server home.

avctl -help
  --------------------------------------------
  AVCTL Usage
  --------------------------------------------
  Oracle Audit Vault Control commands - AV Server:
      avctl start_av [-loglevel error|warning|info|debug]
      avctl stop_av
      avctl show_av_status
 
  Oracle Audit Vault Control commands - Agent:
      avctl start_agent -agentname <agent name>
      avctl stop_agent -agentname <agent name>
      avctl show_agent_status -agentname <agent name>
 
  Oracle Audit Vault Control commands - Collector:
      avctl start_collector -collname <collector name> -srcname <source name>
      avctl stop_collector -collname <collector name> -srcname <source name>
      avctl show_collector_status -collname <collector name> -srcname <source name>
 
  Oracle Audit Vault Control commands - Warehouse:
      avctl refresh_warehouse [-wait]
      avctl load_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait]
      avctl purge_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait]
 
  avctl -help


The following example shows how to display specific AVCTL Help for the start_agent command in Audit Vault.

avctl start_agent -help
  avctl start_agent -agentname <agent name>
  ------------------------------------------------
  -agentname <agent name>
  ------------------------------------------------

The following example shows how to display general AVCTL utility Help in the Audit Vault Collection Agent home.

--------------------------------------------
  AVCTL Usage
  --------------------------------------------
  Oracle Audit Vault Control commands - Agent OC4J:
      avctl start_oc4j [-loglevel error|warning|info|debug]
      avctl stop_oc4j
      avctl show_oc4j_status

  avctl -help

load_warehouse

Loads audit trail data from the raw audit data store after it has been removed from the warehouse repository due to the retention period that was set. This command is run on the Audit Vault Server.

Syntax

avctl load_warehouse -startdate <start date> -numofdays <num of days> 
                    [-dateformat <date format>] [-wait]

Arguments

Argument Description
-startdate <startdate> Specify the start date for the audit trail data to be loaded into the data warehouse repository using the default format DD-MON-YY. To use a different format, specify the -dateformat argument.
-numofdays <num of days> Specify the number of days' worth of audit trail data to be loaded.
[-dateformat <date format>] Optionally, specify the date format for the -startdate argument.
[-wait] Optionally, specify that the command wait for the load job to complete. If this argument is not specified, a DBMS job is started, and the command returns immediately.

Usage Notes

The audit records received from the value of the -startdate argument for the given number of days specified by the -numofdays argument will be loaded into the data warehouse.

Example

The following example shows how to load the data warehouse with 10 days' worth of audit data beginning with January 1, 2004:

avctl load_warehouse -startdate 01-JAN-04 -numofdays 10
AVCTL started
Loading older audit records into warehouse...
done.

The following example shows how to load the data warehouse with 10 days' worth of audit data beginning with January 1, 2004 using the DD/MM/YYYY date format, and to specify that the operation wait until the previous load job completes.

avctl load_warehouse -startdate 01/01/2004 -numofdays 10 -dateformat DD/MM/YYYY -wait
AVCTL started
Loading older audit records into warehouse...
done.

purge_warehouse

Purges audit trail data from the warehouse repository that was previously reloaded into the warehouse using the AVCTL load_warehouse command. This command is run on the Audit Vault Server.

Syntax

avctl purge_warehouse -startdate <start date> -numofdays <num of days> 
                     [-dateformat <date format>] [-wait]

Arguments

Argument Description
-startdate <start date> Specify the start date for the events to be removed from the data warehouse tables using the default format DD-MON-YY. To use a different format, specify the -dateformat argument.
-numofdays <num of days> Specify the number of days' worth of data to be removed.
[-dateformat] <date format> Optionally, specify the date format for the -startdate argument.
[-wait] Optionally, specify that the command wait for the purge job to complete. If this argument is not specified, a DBMS job is started, and the command returns immediately.

Usage Notes

Example

The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004:

avctl purge_warehouse -startdate 01-JAN-04 -numofdays 10 
AVCTL started
Purging older audit records from warehouse...
done.

The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004 and to specify that the operation wait until the previous purge job completes:

avctl purge_warehouse -startdate 01-JAN-04 -numofdays 10 -wait 
AVCTL started
Purging older audit records from warehouse...
Waiting for purge to complete...
done.

The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004 using the date format of DD/MM/YYYY.

avctl purge_warehouse -startdate 01/01/2004 -numofdays 10 -dateformat DD/MM/YYYY
AVCTL started
Purging older audit records from warehouse...
done.

refresh_warehouse

Refreshes the data warehouse repository with the data from the raw audit data store since the last refresh operation. This command is run on the Audit Vault Server.

Syntax

avctl refresh_warehouse [-wait]

Arguments

Argument Description
[-wait] Optionally, specify that the command wait for the refresh job to complete. If this argument is not specified, a DBMS job is started, and the command returns immediately.

Usage Notes

The last refresh operation could have been an explicit refresh using this command or a scheduled refresh based on the schedule set using the AVCA set_warehouse_schedule command.

Example

The following example shows how to refresh the data warehouse:

avctl refresh_warehouse 
AVCTL started
Refreshing warehouse...
done.

The following example shows how to specify that the refresh operation wait until the previous refresh job completes before refreshing the data warehouse:

avctl refresh_warehouse -wait 
AVCTL started
Refreshing warehouse...
Waiting for refresh to complete...
done.

show_agent_status

Shows the status (metric) of a collection agent. This command is run on the Audit Vault Server.

Syntax

avctl show_agent_status -agentname <agent name>

Arguments

Argument Description
-agentname <agent name> Specify the collection agent (by collection agent name).

Usage Notes

None

Example

The following example shows the collection agent status for the OC4JAGENT1 agent:

avctl show_agent_status -agentname OC4JAGENT1
AVCTL started
Getting agent metrics...
--------------------------------
Agent is running
--------------------------------
Metrics retrieved successfully.

show_av_status

Shows the Audit Vault Console status or the metric of the Audit Vault Server. This command is run on the Audit Vault Server.

Syntax

avctl show_av_status 

Arguments

None

Usage Notes

When the Audit Vault Console becomes inaccessible, issue this command to determine its status.

Example

The following example shows the Audit Vault Console status:

avctl show_av_status 
AVCTL started
Oracle Audit Vault 10g Database Control Release 10.2.3.0.0  Copyright (c) 1996,
 2008 Oracle Corporation.  All rights reserved.
http://atacw05.us.oracle.com:5570/av
Oracle Audit Vault 10g is running. 
------------------------------------
Logs are generated in directory /oracle/product/10.2.3/av_1/av/log

show_collector_status

Shows the status (metric) of a collector. This command is run on the Audit Vault Server.

Syntax

avctl show_collector_status -collname <collector name> -srcname <source name>

Arguments

Argument Description
-collname <collector name> Specify the target collector (by collector name).
-srcname <source name> Specify the source (by source name) to which this collector belongs.

Usage Notes

None

Example

The following example shows the collector status for the DBAUD_Collector collector:

avctl show_collector_status -collname DBAUD_Collector 
                              -srcname RODSRC1.US.ORACLE.COM
AVCTL started
Getting collector metrics...
--------------------------------
Collector is running
Records per second  =  0.00
Bytes per second  =  0.00
--------------------------------

show_oc4j_status

Shows the collection agent OC4J status (metric). This command is run on the Audit Vault Collection Agent.

Syntax

avctl show_oc4j_status

Arguments

None

Usage Notes

None

Example

The following example shows the collection agent OC4J status for when it is running and when it is not running:

avctl show_oc4j_status 
AVCTL started
------------------------------------
OC4J is running
------------------------------------

The following example shows the collection agent OC4J status for when it is not running:

avctl stop_oc4j
AVCTL startedStopping OC4J...OC4J stopped successfully.

avctl show_oc4j_status
AVCTL started
------------------------------------
OC4J is not running
------------------------------------

start_agent

Starts the collection agent. This command is run on the Audit Vault Server.

Syntax

avctl start_agent -agentname <agent name> 

Arguments

Argument Description
-agentname <agent name> Specify the collection agent (by collection agent name) to be started.

Usage Notes

Example

The following example shows how to start the collection agent in Oracle Audit Vault:

avctl start_agent -agentname OC4JAGENT1 
AVCTL started
Starting Agent...
Agent started successfully.

start_av

Starts the Audit Vault Console. This command is run on the Audit Vault Server.

Syntax

avctl start_av [-loglevel error|warning|info|debug]

Arguments

Argument Description
[-loglevel error|warning|info|debug] Optionally, specify the desired level of logging.

Usage Notes

This command executes an emctl start dbconsole command.

Example

The following example shows how to start the Audit Vault Console:

avctl start_av
AVCTL started
Starting agent OC4J...
OC4J started successfully.
Oracle Audit Vault 10g Database Control Release 10.2.3.0.0  Copyright (c) 1996,2008 Oracle Corporation.  All rights reserved.
http://atacw05.us.oracle.com:5700/av
Oracle Audit Vault 10g is running.
------------------------------------
Logs are generated in directory /oracle/product/10.2.2/av_1/av/log

start_collector

Starts the collector. This command is run on the Audit Vault Server.

Syntax

avctl start_collector -collname <collector name> -srcname <source name>

Arguments

Argument Description
-collname <collector name> Specify the collector (by collector name) to be started.
-srcname <source name> Specify the name of the source to which the collector (specified in the -collname argument) belongs.

Usage Notes

Example

The following example shows how to start the collector in Audit Vault:

avctl start_collector -collname REDO_Collector 
-srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM 
AVCTL started
Starting Collector...
Collector started successfully.

start_oc4j

Starts the collection agent OC4J. This command is run on the Audit Vault Collection Agent.

Syntax

avctl start_oc4j [-loglevel error|warning|info|debug]

Arguments

Argument Description
[-loglevel error|warning|info|debug] Optionally, specify the desired level of logging.

Usage Notes

Example

The following example shows how to start OC4J:

avctl start_oc4j
AVCTL started
Starting agent OC4J...
OC4J started successfully.

stop_agent

Stops the collection agent. This command is run on the Audit Vault Server.

Syntax

avctl stop_agent -agentname <agent name> 

Arguments

Argument Description
-agentname <agent name> Specify the collection agent (by collection agent name) to be stopped.

Usage Notes

Example

The following example shows how to stop the collection agent in Audit Vault:

avctl stop_agent -agentname OC4JAGENT1
AVCTL started
Stopping Agent...
Agent stopped successfully.

stop_av

Stops the Audit Vault Console. This command is run on the Audit Vault Server.

Syntax

avctl stop_av 

Arguments

None

Usage Notes

Audit Vault includes Enterprise Management Database Control as part of the user interfaces. When you issue the stop_av commend, it not only shuts down Audit Vault Console, but it also will stop Enterprise Management Database Control as well by executing the emctl stop dbconsole command. It is not necessary to issue the emctl commands separately.

Example

The following example shows how to stop the Audit Vault Console:

avctl stop_av
AVCTL started
Stopping OC4J...
OC4J stopped successfully.

stop_collector

Stops the collector. This command is run on the Audit Vault Server.

Syntax

avctl stop_collector -collname <collector name> -srcname <source name>

Arguments

Argument Description
-collname <collector name> Specify the collector (by collector name) to be stopped.
-srcname <source name> Specify the name of the source to which the collector (specified in the -collname argument) belongs.

Usage Notes

Example

The following example shows how to stop the collector in Oracle Audit Vault:

avctl stop_collector -collname STREAMSCOLLECTOR 
-srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM 
AVCTL started
Stopping Collector...
Collector stopped successfully.

stop_oc4j

Stops the collection agent OC4J. This command is run on the Audit Vault Collection Agent.

Syntax

avctl stop_oc4j 

Arguments

None

Usage Notes

None

Example

The following example shows how to stop the collection agent OC4J:

avctl stop_oc4j
AVCTL started
Stopping agent OC4J...
OC4J stopped successfully.