Skip Headers
Oracle® Audit Vault Administrator's Guide
Release 10.2.3.2

Part Number E14459-12
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

What's New in Oracle Audit Vault for Administrators?

This section describes new features in Oracle Audit Vault that affect administrators, and provides pointers to additional information. These new features reflect changes since Release 10.2.3.1.

This section contains:

Oracle Audit Vault Release 10.2.3.2 New Features

This section contains:

E-Mail Notifications for Oracle Audit Vault Alerts

In this release of Oracle Audit Vault, auditors can configure e-mail notifications in response to Audit Vault alerts. For example, if an alert is triggered, an e-mail can be sent automatically to the persons who must respond to it. Before an auditor can create e-mail notifications, you must configure an SMTP server for the outgoing e-mail.

For more information, see Section 3.6.

Trouble Ticket Integration

Oracle Audit Vault can now generate a Remedy trouble ticket in response to an Audit Vault alert. To accomplish this, you must configure the Audit Vault Server to communicate with the BMC Remedy Action Request (AR) System Server 7.x that is responsible for managing the trouble tickets. After you complete this configuration, an Audit Vault auditor can create the conditions necessary to automatically trigger the trouble ticket creation.

For more information, see Section 3.7.

Real-Time Oracle Audit Vault Data Warehouse Refreshes

Starting with this release, the Oracle Audit Vault data warehouse is automatically refreshed with incoming audit data as it collects audit data. Because the warehouse is refreshed in real-time, auditors can generate more accurate reports on audited activities.

Because of this enhancement, the avctl refresh_warehouse and avca set_warehouse_schedule commands are deprecated.

Note:

If you have just upgraded to the current release of Oracle Audit Vault, be aware that the upgrade process removes any warehouse job refresh settings that you had created before the upgrade.

See Section 3.4 for more information about managing the data warehouse.

Changes to Audit Trail Cleanup

This section contains:

Audit Trail Cleanup DBMS_AUDIT_MGMT PL/SQL Package Installed

By default, the DBMS_AUDIT_MGMT PL/SQL package is installed in the Oracle Audit Vault Server. You no longer need to download this package from My Oracle Support (formerly OracleMetaLink) if you want to automatically purge the Audit Vault Server audit trail.

See Section 4.10 for more information about purging the Audit Vault Server audit trail.

Audit Trail Cleanup Initialized on the Audit Vault Server

Starting with this release, the audit trail cleanup process is initialized from the Audit Vault Server, so that you can manage the Audit Vault Server database audit trail. As part of this change, the SYS.AUD$ and SYS.FGA_LOG$ tables are moved from the SYSTEM to the SYSAUX tablespace.

See Section 4.10 for more information about purging the Audit Vault Server audit trail.

Audit Trail Cleanup Default Purge Job for the Audit Vault Server Database

By default, the audit trail generated by the Audit Vault Server is now purged every 24 hours. You can modify or remove the cleanup operation if you want.

See Section 4.11 for more information purging the Audit Vault Server database audit trail.

Audit Trail Cleanup for Microsoft SQL Server Source Database Audit Data

You now can purge the C2 audit trace files and server-side trace files from a SQL Server source database automatically after all audit data has been collected by Audit Vault.

See Section 2.4.7 for more information.

Audit Trail Cleanup for IBM DB2 Source Database Audit Data

Before Oracle Audit Vault can collect audit records from an IBM DB2 source database, you must run the DB282ExtractionUtil or DB295ExtractionUtil script. These scripts convert the IBM DB2 audit file from a binary to an ASCII file format. Starting with this release, these scripts support automatic cleanup of the binary audit trail data, in addition to purging ASCII-formatted data.

See Section 2.6.6 for more information.

Time Zone Configuration for Oracle Audit Vault Reports and Alerts

Starting with this release, you can set the time zone format for Oracle Audit Vault reports and alerts. This enables auditors to generate reports that are timestamped using their local times. In addition, alert notifications and Remedy trouble tickets can contain local times. To accomplish this, you use the avca set_server_tz command. To find the status of the current time zone setting, you can run the avca show_server_tz command.

See the following sections for more information:

Failover Recovery for Collectors

Depending on the audit trail type, you can now configure the Oracle Database, Microsoft SQL Server, and Sybase ASE source databases to move the collector from one agent to another. This feature is useful for failover recovery if the host computer running the original agent fails. To accomplish this, you configure the agent for the collector by setting its AGENTNAME property by using the avorcldb, avmssqldb, avsybdb alter_collector commands.

See the following sections for more information:

Changes to Server-Side Oracle Audit Vault Utilities

This section contains:

New Oracle or Changed Audit Vault Utility Commands

The following utilities have been enhanced for this release:

Deprecated Oracle Audit Vault Utility Commands

The following commands have been deprecated on the Audit Vault Server:

See "Real-Time Oracle Audit Vault Data Warehouse Refreshes" for more information about enhancements to the data warehouse refresh feature.

Changes to Oracle Audit Vault Collection Agent Utilities

The following Oracle Audit Vault collection agent commands names have changed:

Previous Name New name
avctl show_oc4j_status avctl show_agent_statusFoot 1 
avctl start_oc4j avctl start_agent
avctl stop_oc4j avctl stop_agent

Footnote 1 In addition, starting with this release, the avctl show_agent_status command no longer has any arguments.

See Chapter 7, "Audit Vault Control (AVCTL) Reference" for more information about the AVCTL commands.

Updated Oracle Database Release for the Oracle Audit Vault Server

For this release, the Oracle Audit Vault Server uses Oracle Database Release 10.2.0.4.

See Section 1.3.2 for more information about the Audit Vault Server components.

Information About Checking and Modifying Port Numbers

This guide now explains how you can check which ports are being used by an Oracle Audit Vault installation, and to modify them.

See the following sections for more information:

Oracle Audit Vault Release 10.2.3.1 New Features

This section contains:

Collectors for Sybase ASE and IBM DB2 Databases

This release provides collectors for the Sybase Adaptive Server Enterprise (ASE) and IBM DB2 database products. The supported releases for these two database products are as follows:

See the following sections for more information: