Skip Headers
Oracle® Audit Vault Administrator's Guide
Release 10.2.3

Part Number E11059-03
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF



An indicator signifying that a particular metric condition has been encountered. An alert is triggered when one of the following conditions is true:

alert rule

A rule in an audit policy setting that specifies an audit condition or other abnormal condition that causes an alert to be raised. An alert rule is based on the data in a single audit record.

audit data source

The database instance running on a computer. Because multiple instances of databases can run on the same computer, there may be multiple sources.

The audit data source consists of databases, applications, or systems that generate audit data. For the current release of Oracle Audit Vault, audit data sources are Oracle Database instances, and Microsoft SQL Server database instances running on the same or different computers, and potentially giving rise to multiple sources on the same system. Audit data from audit sources represents a variety of audit formats. Each audit source is categorized by its source type, which represents a class of audit sources. For example, Oracle Database audit sources with the same audit formats, audit events, and collection mechanisms represent an audit source type and will have a DBAUD collector, an OSAUD collector, and a REDO collector. All Oracle Database 10g audit sources must have these collectors. Microsoft SQL Server database audit sources must have a MSSQLDB collector.

See also DBAUD collector; OSAUD collector; REDO collector; and MSSQLDB collector.

audit data warehouse

A data store that stores within Audit Vault a translated or processed set of audit data from the raw audit data store that is of interest to audit administrators for data analysis and from which administrative and custom reports can be generated.

See also data warehouse.

audit rule

A rule in a audit setting that specifies the action to be audited, for example, a logon attempt or a user accessing a table.

audit setting

A set of rules that specifies what audit events should be collected in Audit Vault, and how each audit event should be evaluated after it is inserted into the raw audit data store. The types of rules in an audit setting include alert rules, audit rules, and capture rules. An audit setting can be composed of two or more sets of rules known as a composite audit setting.

See also alert rule; audit rule; and capture rule.

Audit Vault administrator user

A user granted the AV_ADMIN role. This user configures and manages collectors, collection agents, and warehouse settings and scheduling. This user also configures sources, enables and disables systemwide alerts, views audit event categories, and monitors audit errors.

Audit Vault agent user

A user granted the AV_AGENT role. This user is created prior to an Audit Vault Collection Agent installation. This user must be created before a collection agent is added to Audit Vault and before a collection agent is initialized.

Audit Vault archive user

A user granted the AV_ARCHIVER role. This is an internal user role used to run back-end archiving jobs.

Audit Vault auditor user

A user granted the AV_AUDITOR role. This user monitors audit event categories for alert activity to detect security risks, creates detail and summary reports of events across systems, and manages the reports. This user also manages audit policies that include creating alerts and evaluating alert scenarios, and managing audit settings. This user can use the data warehouse services to further analyze the audit data to assist in looking for trends, intrusions, anomalies, and other items of interest.

Audit Vault Configuration Assistant (AVCA)


Audit Vault Control (AVCTL)


Audit Vault Microsoft SQL Server Database (AVMSSQLDB)


Audit Vault Oracle Database (AVORCLDB)


Audit Vault source user

A user granted the AV_SOURCE role. This user is automatically created when a source is registered (added) to Audit Vault. This user is used to connect to the source and to set up the source's collectors.


Audit Vault Configuration Assistant. A command-line utility that enables the Audit Vault administrator to manage various Oracle Audit Vault components, manage collection agents (add/alter/drop), secure communication between the Audit Vault Server and Audit Vault Collection Agent, set warehouse scheduling and audit data retention settings, and as needed create a wallet and certificates on the collection agent.


Audit Vault Control. A command-line utility that enables the Audit Vault administrator granted the AV_ADMIN role to manage Audit Vault components, such as collection agents (start/stop/show status), collectors (start/stop/show status), Audit Vault Console (start/stop), and collection agent OC4J (start/stop).


Audit Vault Microsoft SQL Server Database. A command-line utility that provides the ability to configure sources (add/alter/drop), configure collectors (add/alter/drop), and verify that the source is compatible with its collector, and setup the source user credentials and database alias for the source user in the wallet and verify the connection to the source using the wallet.


Audit Vault Oracle Database. A command-line utility that provides the ability to configure sources (add/alter/drop), configure collectors (add/alter/drop), verify that the source is compatible with its collector, and setup the source user credentials and database alias for the source user in the wallet and verify the connection to the source using the wallet.

capture rule

A rule in an audit policy setting that specifies an audit event that is sent to Audit Vault.


A digitally signed statement by a Certificate Authority (CA), saying that the identity of an entity is certified in some way. When an entity requests certification, the CA verifies its identity and grants a certificate, which is signed with the CA's private key. A digitally signed certificate is verified to have been checked for data integrity and authenticity, where integrity means that data has not been modified or tampered with, and authenticity means data indeed comes from the entity claiming to have created and signed it.

A digital identification of an entity that contains the following:

collection agent

A process within which collectors run. A collection agent sets up the connection between the collector and the audit service and interacts with the management service to manage and monitor collectors. An example of a collection agent is the Oracle collection agent within which run the collectors for Oracle Database OS audit logs (OSAUD), Oracle Database DB audit logs (DBAUD), Oracle Database redo logs (REDO), and Microsoft SQL Server database audit logs (MSSQLDB).


A component that collects audit data for a source and sends the audit records to Audit Vault. Audit Vault uses the DBAUD collector, OSAUD collector for OS files, OSAUD collector for Windows event logs, and REDO collector to collect Oracle Database logical change records (LCRs) from redo logs; and the MSSQLDB collector to collect audit data from Microsoft SQL Server database audit trails.

See also DBAUD collector; MSSQLDB collector; OSAUD collector; and REDO collector.

composite audit setting

See audit setting.

configuration data

The Audit Vault metadata stored within Audit Vault that describes how to process and control the audit data as it passes through the Audit Vault system.

data warehouse

A relational database that is designed for query and analysis rather than transaction processing. A data warehouse usually contains historical data that is derived from transaction data, but it can include data from other sources. It separates analysis workload from transaction workload and enables a business to consolidate data from several sources.

See also audit data warehouse.

DBAUD collector

Oracle Database DB audit log collector. This collector converts Oracle Database SYS.AUD$ table rows and Oracle Database Vault audit trail DVSYS.AUDIT_TRAIL$ table rows into audit records. The DBAUD collector belongs to the ORCLDB_DBAUD collector type.

digital certificate

See certificate.

fact table

A table in a star schema that contains facts. A fact table typically has two types of columns: those that contain facts and those that are foreign keys to dimension tables. The primary key of a fact table is usually a composite key that is made up of all of its foreign keys.

A fact table might contain either detail level facts or facts that have been aggregated (fact tables that contain aggregated facts are often instead called summary tables). A fact table usually contains facts with the same level of aggregation.

Hypertext Transmission Protocol, Secure



Hypertext Transmission Protocol, Secure. The use of Secure Sockets Layer (SSL) as a sublayer under the regular HTTP application layer.

key store

A repository that includes the following:


A key and certificate management utility used by Audit Vault located at $ORACLE_HOME/jdk/bin/keytool for generating the key store. With a key store and certificate in place at the Audit Vault Collection Agent, an Audit Vault administrator can issue an AVCA secure_av command on the Audit Vault Server to secure Audit Vault communications by enabling mutual authentication with the Audit Vault Collection Agent. Likewise, an Audit Vault administrator can issue an AVCA secure_agent command to enable mutual authentication with Audit Vault Server. This utility enables users to self-authenticate by administering their own public/private key pairs and associated certificates or data integrity and authentication services, using digital signatures.


A logical change record. This is a message with a specific format that describes a database change.

logical change record (LCR)

See LCR.


The definition of the relationship and data flow between source and target objects.


Unit of measurement used to report the health of the system.

MSSQLDB collector

Microsoft SQL Server Database audit log collector. This collector extracts and collects Microsoft SQL Server Database (SQL Server 2000 and SQL Server 2005) (for Windows platforms) audit records from the Windows Event logs, Server-side Traces, and C2 auditing logs. The MSSQLDB collector belongs to the MSSQLDB collector type.

Oracle Database DB audit logs collector (DBAUD)

See DBAUD collector.

Oracle Database OS audit logs collector (OSAUD)

See OSAUD collector.

Oracle Database redo logs collector (REDO)

See REDO collector.

OSAUD collector

Oracle Database OS audit log collector. This collector parses operating system (OS) log file entries into audit records. The OSAUD collector belongs to the ORCLDB_OSAUD collector type.

On Windows, the OS audit trail is the Windows event log if the AUDIT_TRAIL parameter is set to OS, or an XML file if the AUDIT_TRAIL parameter is set to XML. The OSAUD collector will automatically extract and collect audit records from either audit trail.


A public key infrastructure. This information security technology uses the principles of public key cryptography. Public key cryptography involves encrypting and decrypting information using a shared public and private key pair. It provides for secure, private communications within a private network.

public key infrastructure

See PKI.

raw audit data store

The sole repository of Audit Vault. It stores unprocessed audit data in partitioned tables based on time stamp, and in unpartitioned tables based on source ID.

REDO collector

Oracle Database redo log collector. This collector translates logical change records (LCRs) into audit records. The REDO collector belongs to the ORCLDB_REDO collector type.

secure audit warehouse

A data warehouse with greatly reduced Administrator user role access. It contains Audit Vault audit data for query and analysis.


Traditionally, a tall, cylindrical tower used to store grain or fodder on a farm. In information management, a silo system is vertical, isolated, independent, and incapable of reciprocal operations with other, related management systems. The result of this independence and isolation is that multiple versions of the same data are stored.

star schema

A relational schema whose design represents a multidimensional data model. The star schema consists of one or more fact tables and one or more dimension tables that are related through foreign keys.

trust store

See key store.


A widely used standard for defining digital certificates. X.509 defines a standard certificate format for public key certificates and certificate validation.