This is a text description of Figure 1-2.
Figure 1-1 shows a detailed view of how the Oracle Audit Vault components work together. It is composed of two general areas:
On the left side is the Audit Vault collection agent. It consists of the following elements:
From top to bottom, the source databases. Oracle Database contains the database audit trail tables (for database auditing, fine-grained auditing, and Oracle Database auditing) and redo logs. Microsoft SQL Server generates three operating system log trails: C2 audit logs, server-side trace logs, and the Windows event log. Sybase has a set of database audit tables. IBM DB2 generates ASCII text files for its audit trail.
Starting from the middle at the top, the collection agent components, which, from top to bottom, are an OC4J Audit Vault collection manager, a database client wallet for authentication, logs for storing the collection agent activities, and a box representing the collectors. All four source databases send audit data to these collectors, except for the Oracle Database redo logs, which are sent directly to the audit repository (described next).
On the right side is the Audit Vault Server. From top to bottom, it lists the following elements:
OC4J container, which includes the Audit Vault Console, Enterprise Manager Database Control, Management Framework, and Audit Policy System
Database Server, which includes the Oracle wallet and configuration files
Log files, which store operational information about the behavior of Oracle Audit Vault, such as system shutdowns
Audit Repository, which includes a job scheduler and alerts
The following section describes how the process flow works.