Skip Headers
Oracle® Audit Vault Release Notes
Release 10.2.3.2

Part Number E11061-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

  PDF · Mobi · ePub

Oracle® Audit Vault

Release Notes

Release 10.2.3.2

E11061-05

February 2011

These Release Notes contain important information that was not included in the Oracle Audit Vault Release 10.2.3.2 documentation.

This document contains these topics:

1 Downloading the Latest Version of This Document

You can download the most current version of this document from the following Web site:

http://www.oracle.com/technology/documentation

2 Installing Oracle Audit Vault Server on Microsoft Windows

In this release, you can install Oracle Audit Vault Server on Microsoft Windows. If you plan to do so, then see Oracle Audit Vault Server Installation Guide for Microsoft Windows (32-Bit) or Oracle Audit Vault Server Installation Guide for Microsoft Windows x64 (64-Bit) for installation instructions. Do not use the instructions in this document to install Oracle Audit Vault Server on Windows.

If you are installing Oracle Audit Vault on Microsoft Windows x64 (64-Bit), then see also Oracle Audit Vault Release Notes for Microsoft Windows x64 (64-bit), which is available as the README.html file in the Oracle Audit Vault download files.

After you complete the installation, do one of the following:

Because this is the first release of Audit Vault Server Release 10.2.3.2 on the Microsoft Windows platform, there is no upgrade feature. Note that you cannot upgrade from Release 10.2.2.1.0 to Release 10.2.3.2.

3 Installing the Oracle Audit Vault Patch Set on the Audit Vault Server

This section describes how to install Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0) for the Oracle Audit Vault Server. It applies to both Release 10.2.3.0 and 10.2.3.1.0.

You must install this patch set on the Oracle Audit Vault Server release before you can upgrade the Agent release installation. This procedure takes approximately an hour and 45 minutes to complete, depending on the speed of your computer.

This section contains:

3.1 Step 1: For Oracle RAC, Check the Cluster Ready Services Version

If you plan to install the Oracle Audit Vault Server patch set on Oracle Real Application Clusters (Oracle RAC), then ensure that the Cluster Ready Services (CRS) version is Release 10.2.0.4 or later. If the CRS version is not Release 10.2.0.4 or later, then you must first patch CRS to Release 10.2.0.4 before installing the Audit Vault Server patch set.

3.2 Step 2: Back Up Oracle Audit Vault

As a best practice, you should back up your Oracle Audit Vault database, the Audit Vault Server home, and the Audit Vault collection agent home before you begin the upgrade.

You cannot roll back or re-apply the Oracle Audit patch set if the patch set installation fails. Therefore, back up the files before you apply and test the patch upgrade.

Back Up the Database

After cleanly shutting down the instance following the analysis of the database, perform a full backup of the database. Complete the following steps:

  1. Start RMAN:

    $ rman target /
    
  2. Issue the following RMAN commands. In the following example, the tag is named before_upgrade.

    BACKUP DATABASE FORMAT 'backup_directory%U' TAG before_upgrade;
        BACKUP CURRENT CONTROLFILE FORMAT 'save_controlfile_location';
    

    See Also:

    Oracle Database Backup and Recovery Basics for more information about backing up a database.

Back Up Oracle Audit Vault Server Home

Because the patch set updates files in the Oracle Audit Vault Server home directory, back up or copy these files to another directory until after you have tested the patch set.

3.3 Step 3: Stop the Oracle Audit Vault Processes

This section contains:

3.3.1 Step 3A: Stop All Collectors

To stop the collectors:

  1. In the server where you installed the Oracle Audit Vault Server, open a shell.

  2. Set the appropriate environment variables for the Oracle Audit Vault Server.

    See "Checking and Setting Environment Variables" in Chapter 2 of Oracle Audit Vault Administrator's Guide.

  3. Run the following command to stop the collectors:

    $ avctl stop_collector -collname collector-name -srcname source_name
    
  4. Leave this shell open.

3.3.2 Step 3B: Stop All Agents

To stop the agents:

  1. In the shell that you opened in Section 3.3.1, run the following command:

    $ avctl stop_agent -agentname agent_name
    
  2. Leave this shell open.

3.3.3 Step 3C: Stop the Oracle Audit Vault Console

To stop the Oracle Audit Vault Console:

  1. In the shell that you opened in Section 3.3.1, run the following command:

    $ avctl stop_av
    
  2. Leave this shell open.

3.3.4 Step 3D: Shut Down the Oracle Audit Vault Database

From the Oracle Audit Vault Server home, use the following command to shut down the Oracle Audit Vault Database.

$ sqlplus /nolog
SQL> CONNECT SYS/AS SYSOPER
Enter password: password
Connected.
SQL> SHUTDOWN IMMEDIATE
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> EXIT

In an Oracle RAC environment, run the following command from the node on which the Audit Vault Console is running:

$ORACLE_HOME/bin/srvctl stop database –d AVdatabase_name -q
Connect string:  [/ as sysdba] sys/sys_password as sysdba

3.3.5 Step 3E: Stop the Listener

From the Oracle Audit Vault Server home, run the following command to stop the listener. The listener name is usually LISTENER. You can run the lsnrctl status command to check the name of the listener.

$ lsnrctl stop listener_name

In an Oracle RAC environment, run this command on all nodes where Oracle Audit Vault Server is installed.

3.4 Step 4: Manually Disable Database Vault on Oracle RAC Instances

If the Audit Vault Server is running on Oracle RAC, manually disable Database Vault before the installation, as follows:

  1. Ensure that you have shut down the database in the Audit Vault Server home directory to be patched, as described in Section 3.3.

  2. For each Oracle RAC node, relink the oracle executable with the dv_off command.

    $ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk dv_off ioracle
    
  3. Connect to the Audit Vault Server database on the Oracle RAC instance.

    $ sqlplus "/ as sysdba"
    
  4. Start the database instance.

    SQL> STARTUP MOUNT
    
  5. Turn off the archivelog feature.

    SQL> ALTER DATABASE NOARCHIVELOG;
    SQL> ALTER DATABASE OPEN;
    
  6. Issue the following commands to disable the Oracle Database Vault-related DDL triggers.

    SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE;
    SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;
    
  7. Shut down the database instance.

    SQL> SHUTDOWN IMMEDIATE 
    
  8. Stop the listener on that node.

    $ lsnrctl stop listener_name
    

3.5 Step 5: Unset the NLS_LANG and ORACLE_HOME Environment Variables

Do not set the NLS_LANG and ORACLE_HOME environment variables.

To unset these environment variables for the C shell:

$ unsetenv NLS_LANG
$ unsetenv ORACLE_HOME

For Bourne, Bash, or Korn:

$ unset NLS_LANG
$ unset ORACLE_HOME

3.6 Step 6: Install the Oracle Audit Vault Patch Set into the Audit Vault Server Home

Perform the following steps to install the Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0) in the Oracle Audit Vault Server home. You must use the same download executable for both the Audit Vault Server and Audit Vault Agent upgrades.

  1. Log in to My Oracle Support (formerly OracleMetaLink) and download Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0).

    You can access My Oracle Support from the following Web site:

    https://support.oracle.com

  2. Start Oracle Universal Installer (OUI) from the directory that contains the runInstaller program.

    $ cd directory-containing-Oracle-Audit-Vault-Patchset-Installation-Files
    ./runInstaller
    

    Oracle Universal Installer starts. It verifies the operating system version and then presents a summary of the checks it performs.

  3. In the Welcome window, click Installed Products to display the Inventory window.

    This window indicates the name of the Oracle Audit Vault Server home installed on your computer. For example, it may be named OraAV10g_home1. The Path field updates to correspond with the Oracle home directory in the Name field.

    Click Close to close the Inventory window and return to the Welcome window. Then the click Next.

  4. In the Specify Home Details window, in the Name field, click the down arrow at the end of the field and select the name of the Oracle Audit Vault Server home you found in the previous step (Step 3). Then click Next.

  5. In the next window, optionally, provide your e-mail address and My Oracle Support password if you want to receive Oracle security updates. Then click Next.

    For an Oracle RAC installation, a node selection window appears with all fields disabled. This window displays the nodes that this patch set is going to be installed on.

    When the Product-Specific Prerequisite Checks window appears, Oracle Universal Installer then performs product-specific prerequisite checks.

  6. In the Summary Page window check the space requirements.

    For a single instance installation, 832 MB of space is required to install Patch Set 2, which includes 50 MB of temporary space.

    For an Oracle RAC installation, for local node 854 MB of space is required and for remote node 804 MB of space is required to install Patch Set 2, which includes 50 MB of temporary space.

    Review each of the items that are about to be installed.

  7. Click Install.

    When the installation completes, the Configuration Assistants window appears.

    The Configuration Assistants window displays, and the configuration begins. When the configuration completes, the End of Installation window appears and displays the URL for the Oracle Audit Vault Console. It is the same URL used for the previous Oracle Audit Vault installation.

  8. Click Exit to exit the Oracle Universal Installer, and then click Yes in the confirmation window.

    When the installation is complete, the Audit Vault Server database and listener are running. You can check them as follows:

    • To check the status of the database, run the following SELECT statement in SQL*Plus:

      SQL> SELECT OPEN_MODE FROM V$DATABASE; 
      

      It should return the following output:

      READ WRITE
      
    • To check the status of the listener:

      $ $ORACLE_HOME/bin/lsnrctl status listener_name
      
  9. Ensure that the processes are running.

    $ emctl status dbconsole
    

    In the shell that you opened in Section 3.3.1, run the following command:

    $ avctl show_av_status
    

    If the processes are not running, then run the following commands:

    $ avctl stop_av
    $ avctl start_av
    

    The avctl start_av command also starts the Database Console.

If the Patch Set Upgrade Is Not Successful

If the patch set apply is not successful, to abandon the upgrade, perform the following steps:

  1. Copy (Restore) the Audit Vault Server Home files back to their original location.

  2. If you backed up the database, then restore that backup. Complete the following steps:

    1. Log in to the system as the owner of the Oracle home directory of the previous release.

    2. Sign on to RMAN:

      $ rman target /
      
    3. Issue the following RMAN commands. In this example, the name of the tag is before_upgrade:

      STARTUP NOMOUNT
      RESTORE CONTROLFILE FROM 'save_controlfile_location';
      ALTER DATABASE MOUNT;
      RESTORE DATABASE FROM TAG before_upgrade RECOVER DATABASE;
      ALTER DATABASE OPEN RESETLOGS;
      

3.7 Step 7: Manually Enable Database Vault on Oracle RAC Instances

For Oracle RAC installations, reenable Oracle Database Vault on the Oracle RAC nodes. (Database Vault on the main Oracle RAC instance is automatically enabled.)

$ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk dv_on ioracle

3.8 Step 8: Restart the Oracle Audit Vault Server

After you complete these steps, for AIX platforms and for Oracle RAC environments, you must restart the Oracle Audit Vault Server. For other platforms, the Audit Vault Server should start. If it does not, then follow the instructions in this section.

3.8.1 Restarting the Audit Vault Server on AIX 5L

To restart the Oracle Audit Vault Server on AIX 5L:

  1. Access the shell that you opened for the Audit Vault Server in Section 3.3.1 and ensure that the ORACLE_SID environment variable is properly set.

  2. Stop the Oracle Audit Vault Server console.

    $ avctl stop_av
    
  3. Log in to SQL*Plus as user SYS with the SYSOPER privilege and shut down the database.

    $ sqlplus sys as sysoper
    Enter password: password
    Connected.
    
    SQL> SHUTDOWN IMMEDIATE
    
  4. Relink the oracle executable.

    $ $ORACLE_HOME/bin/relink oracle
    
  5. From SQL*Plus, restart the database.

    SQL> STARTUP
    
  6. Restart the Audit Vault Server console.

    $ avctl start_av
    

    You can check the status of the Audit Vault Server as follows:

    $ avctl show_av_status
    

3.8.2 Restarting the Audit Vault Server on Non-AIX 5L Platforms

To restart the Oracle Audit Vault Server on non-AIX 5L platforms:

  1. Access the shell that you opened for the Audit Vault Server in Section 3.3.1.

  2. Check the status of the Audit Vault Server.

    $ avctl show_av_status
    
  3. If the Audit Vault Server is not running, then run the following command:

    $ avctl start_av
    

3.8.3 Restarting the Audit Vault Server in an Oracle RAC Environment

To restart the Oracle Audit Vault Server in an Oracle RAC environment:

  1. On each node, run the following command in SQL*Plus:

    $ sqlplus / as sysdba
    
    SQL> ALTER DATABASE OPEN;
    

    To verify that all database instances are in OPEN mode, select from the GV$INSTANCE view as follows:

    SQL> SELECT INST_ID, STATUS FROM GV$INSTANCE;
    
  2. Access the shell that you opened for the Audit Vault Server in Section 3.3.1.

  3. Run the following commands to restart the Audit Vault Server:

    $ avctl stop_av
    
    $ avctl start_av
    

    You can check the Audit Vault Server status as follows:

    $ avctl show_av_status
    

4 Installing the Oracle Audit Vault Patch Set on the Audit Vault Agent

This section describes how to install Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0) for the Oracle Audit Vault Agent. It applies to both Release 10.2.3.0 and 10.2.3.1.0.

Before you begin these instructions, ensure that you have completed the Oracle Audit Vault Server patch set release installation. This procedure takes approximately five-to-fifteen minutes to complete, depending on the speed of your computer.

This section contains:

4.1 Step 1: Back Up the Oracle Audit Vault Collection Agent Home

Because the patch set updates files in the Oracle Audit Vault collection agent home directory, back up or copy these files to another directory until after you have tested the patch set.

4.2 Step 2: Stop the Oracle Audit Vault Processes

This section contains:

4.2.1 Step 2A: Stop All Collectors Running Within the Context of the Agent

To stop the collectors that are running within the context of the agent that you are patching:

  1. Access the Audit Vault Server shell that you opened in Section 3.3.1, "Step 3A: Stop All Collectors."

    If you had closed this shell, then you must set the appropriate environment variables for the Oracle Audit Vault Server. See "Checking and Setting Environment Variables" in Chapter 2 of Oracle Audit Vault Administrator's Guide.

  2. Run the following command to stop the collectors:

    $ avctl stop_collector -collname collector-name -srcname source_name
    
  3. Leave this shell open.

4.2.2 Step 2B: Stop the Collection Agent

To stop the collection agent:

  1. Open a shell for the Audit Vault agent.

  2. Set the appropriate environment variables for the Oracle Audit Vault agent.

    See "Checking and Setting Environment Variables" in Chapter 2 of Oracle Audit Vault Administrator's Guide.

  3. Run the following command:

    $ avctl stop_oc4j
    

    You can check the status of the agent as follows:

    $ avctl show_oc4j_status
    
  4. Leave this shell open.

4.3 Step 3: Unset the NLS_LANG and ORACLE_HOME Environment Variables

Do not set the NLS_LANG and ORACLE_HOME environment variables.

To unset these environment variables for the C shell:

$ unsetenv NLS_LANG
$ unsetenv ORACLE_HOME

For Bourne, Bash, or Korn:

$ unset NLS_LANG
$ unset ORACLE_HOME

4.4 Step 4: Install Oracle Audit Vault Patch Set 2 in the Audit Vault Collection Agent Homes

Perform the following steps to install the Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0) in the Oracle Audit Vault collection agent home.

  1. If you have not done so already, log in to My Oracle Support and download Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0). You can access My Oracle Support from the following Web site:

    https://support.oracle.com

  2. Start Oracle Universal Installer (OUI) from the directory that contains the runInstaller program.

    $ cd directory-containing-Oracle-Audit-Vault-Patchset-Installation-Files
    ./runInstaller
    

    Run the same Oracle Universal Installer that you used to install the Oracle Audit Vault Server patch set. Oracle Universal Installer starts. It verifies the operating system version and then presents a summary of the checks it performs.

  3. In the Welcome window, click Installed Products to display the Inventory window.

    This window indicates the name of the Oracle Audit Vault collection agent home installed on your computer. For example, it may be named OraAV10g_home2 when installed on the same computer as the Oracle Audit Vault Server or OraAV10g_home1 when installed on a different computer from Oracle Audit Vault Server.

    Click Close to close the Inventory window and return to the Welcome window. Then the click Next.

  4. In the Specify Home Details window, in the Name field, click the down arrow at the end of the field and select the name of the Oracle Audit Vault collection agent home you determined from the previous step (Step 3).

    Once you select the Oracle Audit Vault collection agent home, the Path field should display the correct path to the Oracle Audit Vault collection agent home. Review the path name. Then click Next.

    When the Product-Specific Prerequisite Checks window appears, Oracle Universal Installer then performs product-specific prerequisite checks.

  5. In the Summary Page window, check the space requirements.

    On Linux, 330 MB of space is required to install Patch Set 2, which includes 25 MB of temporary space.

    On Microsoft Windows 32-bit, 223 MB of space is required to install Patch Set 2, which includes 23 MB of temporary space.

    Review each of the items that are about to be installed.

  6. Click Install.

    The Install window appears. When the installation completes, the Configuration Assistants window appears and then completes the configuration. Then the end of Installation window appears.

  7. Click Exit to exit the Oracle Universal Installer, and then click Yes in the confirmation window.

If the Patch Upgrade Is Not Successful

If the patch set upgrade is not successful, to abandon the upgrade, copy (restore) the Audit Vault collection agent home files back to their original location.

4.5 Step 5: Restart the Oracle Audit Vault Process

This section contains:

4.5.1 Step 5A: If Necessary, Start the Collection Agent

By default, the collection agent should be running. If it is not, follow these steps:

  1. Access the shell that you opened for the Audit Vault Agent in Section 4.2.2, "Step 2B: Stop the Collection Agent.".

  2. Run the following command:

    $ avctl start_agent
    

    You can check the status of the agent as follows:

    $ avctl show_agent_status
    
  3. Close this shell.

4.5.2 Step 5B: Start the Collectors

To start the collectors:

  1. In the Audit Vault Server shell that you opened in Section 3.3.1, "Step 3A: Stop All Collectors," run the following command:

    $ avctl start_collector -collname collecctor_name -srcname source_name
    
  2. Leave this shell open.

4.5.3 Step 5C: Verify that the Oracle Audit Vault System Components are Running

To verify that all Oracle Audit Vault components are running and the system is operational:

  1. In the shell that you opened in Section 3.3.1, "Step 3A: Stop All Collectors," run the following command:

    $ avctl show_collector_status -collname collector_name -srcname source_name 
    
  2. Close this shell.

5 Postinstallation Tasks

After you install Oracle Audit Vault, check if there is a patch set or critical patch update (CPU) available. Before applying any Oracle Audit Vault patch sets, back up your Oracle Audit Vault database, the Oracle Audit Vault Server home, and the Oracle Audit Vault collection agent home. See Section 5.1 for more information.

This section describes the following postinstallation tasks if you need to update this patch:

5.1 Back Up and Recovery of Oracle Audit Vault

Back up the files before you begin a critical patch upgrade and keep these files until you have tested the upgrade. See Section 3.2, "Step 2: Back Up Oracle Audit Vault," for more information.

5.2 Critical Patch Update (CPU)

A CPU is a collection of patches for security vulnerabilities. It also includes non-security fixes required (because of interdependencies) by those security patches. CPUs are cumulative, and they are provided quarterly on the Oracle Technology Network. Oracle Audit Vault 10.2.3.2.0 does not include the October 2009 RDBMS CPU for the underlying 10.2.0.4 database, therefore, you need to install this RDBMS CPU. If a later RDBMS CPU is available, then install that. For general information about CPUs, see

http://www.oracle.com/security/critical-patch-update.html

For specific information about critical patch updates and security alerts, see

http://www.oracle.com/technology/deploy/security/alerts.htm

6 Bugs Fixed in This Release

Table 1 lists bugs that have been fixed for Oracle Audit Vault Patch Set Release 10.2.3.2.

Table 1 Bugs Fixed in Oracle Audit Vault Patch Set Release 10.2.3.2

Bug Number Description

7375174

NEED A MECHANISM TO CLEAN OUT THE ARCHIVED AUDIT SETTINGS FOR A SOURCE IN AV

7449916

CAN "MARK ALL [OPTIONS] AS NEEDED", BUT CANNOT "UNMARK ALL" / "MARK AS UNNEEDED"

7589154

TRANSACTION ID FORMAT IN DATAWAREHOUSE

7599953

XML COLLECTOR CRASHES WITH CSDK ERROR

7607999

LINK OF "TOP FIVE AUDIT SOURCES BY NUMBER OF ALERTS" IS WRONG

7610793

WHEN EXECUTING PROVISION AGAINST 9IR2 DB, ENCOUNTERING ERROR

7636785

VERY SLOW AV DATAWAREHOUSE REFRESH

7658670

STREAMS COLLECTOR IS FAILING WITH ORA-7445 [STRSTR()]

7693379

MSSQL COLLECTOR CRASHES WITH ORA-1461

7706920

MSSQL COLLECTOR IS CRASHING CONSISTENTLY

8197634

AV CONSOLE IS SLOW BECAUSE IT POLLS THE STATUS OF ALL THE COLLECTORS

8197950

ERROR ADDING AGENT: CONFIGURATION NAME ALREADY EXISTS OAV-46503

8206426

CONTEXT_DIM HAS 3 TIMES MORE ROWS THAN AV$RADS_FLAT

8209426

WRONG URL PRINTED BY AVCTL

8235653

OSAUD COLLECTOR DIES ON WINDOWS IF IT ENCOUNTERS ERROR WHILE PROCESSING EVTLOG

8323660

INCORRECT OS CHECKS IN SYBASE, DB2 AND SQL SERVER COLLECTORS

8370693

NEED TO BE ABLE TO SEE ALL THE DATE/TIME IN A PARTICULAR TIMEZONE

8414793

THE OS COLLECTOR GETS STUCK INTERMITTENTLY

8468129

CANNOT DELETE ALERTS FROM AV GUI

8508268

DB COLLECTOR FAILS WITH ORA-06502 ORA-06512 NPSRCUSR.AV_TRUNCATE_CLOB

8634768

AUDIT VAULT POLICIES RETRIEVAL PERFORMANCE SLOW

8726158

CANNOT START COLLECTOR AFTER UPGRADING TO 10.2.3.1

8753685

OS COLLECTOR GETS DISCONNECTED FROM SOURCE DB FOR 9.2 DATABASES

8782576

ALLOW DB_DOMAIN = NULL TO ADD REDO COLLECTOR WHEN GLOBAL_NAMES=FALSE

8868978

AUDIT POLICY RETRIEVAL FAILS - LOG SHOWS 'INVALID COLUMN NAME'

9066182

AVORCLDB ADD_COLLECTOR FOR REDO FAILS ON 9.2.0.8 SOURCE DATABASE


7 General Installation Issues

This section contains:

7.1 All Platforms (Single Instance and Oracle RAC)

This section describes known issues and workarounds for single instance and Oracle RAC installations on all platforms.

This section contains:

7.1.1 Oracle Enterprise Manager URL Is in Non-Secure Mode After Audit Vault Server Upgrade to Release 10.2.3.2

After you install Oracle Audit Vault Server Patch Set 2 Release 10.2.3.2.0, the Oracle Enterprise Manager URL is not secure.

Workaround: Perform the following steps in the Audit Vault Server shell to secure the Oracle Enterprise Manager URL.

  1. Ensure that the ORACLE_SID environment variable is set correctly.

  2. Set the time zone environment variable TZ to UTC.

    $ setenv TZ UTC
    
  3. Stop the Oracle Enterprise Manager console.

    $ ORACLE_HOME/bin/emctl stop dbconsole
    
  4. Configure the Oracle Enterprise Manager key.

    $ ORACLE_HOME/bin/emctl config emkey -repos -sysman_pwd password
    
  5. Secure Oracle Enterprise Manager.

    $ ORACLE_HOME/bin/emctl secure dbconsole -sysman_pwd password
    
  6. Start the Oracle Enterprise Manager console.

    $ ORACLE_HOME/bin/emctl start dbconsole
    

This issue is tracked with Oracle bug 8924450.

7.1.2 Cannot Access the Audit Vault Console Shortly After Installation

Shortly after installing Oracle Audit Vault, you may not be able to access the Audit Vault Console. If you run the emctl status dbconsole and avctl show_av_status commands, then the output indicates that Oracle Audit Vault is running. However, when you try to access the Audit Vault Console, the Web browser page displays a This page cannot be displayed error.

Workaround: Restart the Audit Vault Console. See Step 9 of Section 3.6.

This issue is tracked with Oracle bug 6867972.

7.1.3 Automated Backup Job Not Properly Created with Audit Vault Server Installation

After you install Oracle Audit Vault, the automated back-up jobs do not work and fail with a No such file or directory error.

Workaround: Use customized back-ups to schedule any back-up jobs.

This issue is tracked with Oracle bug 6844843.

7.1.4 The Oracle Universal Installer -record Option Is Not Supported

Oracle Universal Installer does not support the -record option for either the Audit Vault Server or the Audit Vault agent installation. As a result, the following parameters are not recorded in the Audit Vault Server destination file:

  • Audit Vault administrator name and password

  • Audit Vault auditor name and password

  • Database Vault owner name and password

  • Database Vault account manager name and password

These parameters are not recorded in the Audit Vault agent destination file:

  • Audit Vault agent name and password

  • Audit Vault agent host name

  • Audit Vault agent listener port

  • Audit Vault agent name

  • Audit Vault agent service name

Workaround:

None.

This issue is tracked with Oracle bug 5841694.

7.1.5 Oracle Universal Installer Does Not Validate the Uniqueness of the Audit Vault Server Name

During the Oracle Audit Vault Server on Windows installation, in the Basic Installation Details and Advanced Installation screens, you are prompted for a unique name for the Oracle Audit Vault database. The name you enter is used for the database SID, and will be the first portion (db_name) of the database service name. Even though this name must be unique, if you enter an existing name, the installation continues instead preventing your from continuing and then warning you to enter a unique name.

Workaround:

Ensure that you enter a unique name for the Audit Vault database. You can find the names of the available Oracle databases by checking the Windows Services tool in the Control Panel.

This issue is tracked with Oracle bug 6137243.

7.1.6 Cannot Access the Audit Vault Console Shortly After Installation

Shortly after installing Oracle Audit Vault, you may not be able to access the Audit Vault Console. If you run the emctl status dbconsole and avctl show_av_status commands, then the output indicates that Oracle Audit Vault is running. However, when you try to access the Audit Vault Console, the Web browser page displays a This page cannot be displayed error.

Workaround: Restart the Audit Vault Console.

  1. Open a command prompt on the Audit Vault Server and go to the ORACLE_HOME\bin directory.

  2. Restart the Audit Vault Console as follows:

    avctl stop_av
    
    avctl start_av
    

    You can check the Audit Vault Server status as follows:

    avctl show_av_status
    

This issue is tracked with Oracle bug 6867972.

7.1.7 The Oracle Universal Installer -record Option Is Not Supported

Oracle Universal Installer does not support the -record option for either the Audit Vault Server or the Audit Vault agent installation. As a result, the following parameters are not recorded in the Audit Vault Server destination file:

  • Audit Vault administrator name and password

  • Audit Vault auditor name and password

  • Database Vault owner name and password

  • Database Vault account manager name and password

These parameters are not recorded in the Audit Vault agent destination file:

  • Audit Vault agent name and password

  • Audit Vault agent host name

  • Audit Vault agent listener port

  • Audit Vault agent name

  • Audit Vault agent service name

Workaround:

None.

This issue is tracked with Oracle bug 5841694.

7.1.8 Errors That Appear in avca.log After You Install the Server Patch

When you install the Audit Vault Server patchset, error messages appear in the ORACLE_HOME\av\log\avca.log file. This problem does not affect the Audit Vault agent installation.

These error messages are as follows:

ORA-00001: unique constraint (DVSYS.*) violated 
ORA-00955: name is already used by an existing object 
ORA-02260: table can have only one primary key 
ORA-02261: such unique or primary key already exists in the table 
ORA-02275: such a referential constraint already exists in the table 
ORA-02303: cannot drop or replace a type with type or table dependents 
ORA-04042: procedure, function, package, or package body does not exist 
ORA-01920: user name '*' conflicts with another user or role name 
ORA-01921: role name '*' conflicts with another user or role name 
ORA-01951: ROLE 'AV_*' not granted to 'SYS' 
ORA-01952: system privileges not granted to 'DBA' 
ORA-24145: evaluation context DVSYS.* already exists 

Workaround:

You can ignore these error messages.

This issue is tracked with Oracle bug 8489866.

7.2 All Platforms (RAC) Only

This section describes known issues and workarounds for Oracle RAC installations on all platforms.

This section contains:

7.2.1 SPFILE Errors from DVCA When Installing Oracle Audit Vault on a Single Node

When you install Oracle Audit Vault on a single node in an Oracle RAC cluster, errors similar to the following appear in the Database Vault Configuration Assistant (DVCA) log:

Executing task INIT_AUDIT_SYS_OPERATIONS
03/17/10 12:32:56 Error executing task
INIT_AUDIT_SYS_OPERATIONS:java.sql.SQLException: ORA-32001: write to SPFILE
requested but no SPFILE specified at startup
 
03/17/10 12:32:56 Executing task INIT_REMOTE_OS_AUTHENT
03/17/10 12:32:56 Error executing task
INIT_REMOTE_OS_AUTHENT:java.sql.SQLException: ORA-32001: write to SPFILE
requested but no SPFILE specified at startup 

Workaround:

Try either of the following solutions:

  • Edit your PFILE manually. Follow these steps:

    1. Edit your pfile, which by default is located in the $ORACLE_HOME/dbs directory, to include the following information:

      audit_sys_operations=TRUE
      os_roles=FALSE
      system set recyclebin='OFF'
      remote_login_passwordfile='EXCLUSIVE'
      sql92_security=TRUE
      
    2. Restart the database.

      sqlplus sys as sysoper
      Enter password: password
      SQL> SHUTDOWN IMMEDIATE
      SQL> STARTUP
      
  • Create an SPFILE. Follow these steps:

    1. Stop the database.

      $ ORACLE_HOME/bin/srvctl stop database -d db_name
      
    2. Start the database with the NOMOUNT option.

      $ sqlplus /NOLOG
      SQL> CONNECT SYS AS SYSDBA
      Enter password: password
      SQL> STARTUP NOMOUNT
      
    3. Create the SPFILE from the PFILE by entering the following command where the pfile_location is usually $ORACLE_HOME/admin/db_name/pfile for the Optimal Flexible Architecture compliant database:

      SQL> CREATE SPFILE='SHARED_LOCATION/SPFILE.ORA' FROM PFILE='pfile_location/init.ora' 
      
    4. Shut down the database:

      SQL> SHUTDOWN IMMEDIATE
      SQL> EXIT
      
    5. Clear the contents of the PFILE located at $ORACLE_HOME/dbs/initsid.ora and enter following entry in that file:

      SPFILE=SHARED_LOCATION/SPFILE.ORA
      
    6. Restart the database

      SQL> STARTUP
      

This issue is tracked with Oracle bug 6131570.

7.2.2 Oracle Audit Vault Server Patch Set Installation on Single Node Oracle RAC Audit Vault Server Fails at DBUA

While you install Oracle Audit Vault Patch Set 2 release 10.2.3.2.0 over single node Oracle RAC 10.2.3.2 Audit Vault Server, DBUA fails with the following error:

ORA-32001: write to SPFILE requested but no SPFILE specified at startup 

Workaround: Perform the following steps before installing the patch set:

  1. Stop the database.

    $ ORACLE_HOME/bin/srvctl stop database -d db_name
    
  2. Start the database with the NOMOUNT option.

    $ sqlplus /NOLOG 
    SQL> CONNECT SYS/SYS_password AS SYSDBA 
    SQL> STARTUP NOMOUNT 
    
  3. Create the SPFILE from the PFILE by entering the following command where the pfile_location is usually $ORACLE_HOME/admin/db_name/pfile for the Optimal Flexible Architecture compliant database:

    SQL> CREATE SPFILE='SHARED_LOCATION/SPFILE.ORA' FROM PFILE='pfile_location/init.ora' 
    
  4. Shut down the database:

    SQL> SHUTDOWN IMMEDIATE 
    SQL> EXIT
    
  5. Clear the contents of the PFILE located at $ORACLE_HOME/dbs/initsid.ora and enter following entry in that file:

    SPFILE=SHARED_LOCATION/SPFILE.ORA 
    
  6. Restart the database.

    SQL> STARTUP
    

This issue is tracked with Oracle bug 8493676.

7.2.3 Cannot Retrieve Database Listener During Database Creation Phase of the Audit Vault Installation

When you install Oracle Audit Vault in an Oracle RAC environment, the following error appears when Oracle Database Configuration Assistant (DBCA) tries to create the Audit Vault database:

Failed to retrieve network listener Resources

Workaround:

Click the Yes button in the error window. The installation will resume without any problems.

This issue is tracked with Oracle bug 6134561.

7.2.4 Oracle Enterprise Manager URL Not Working After Audit Vault Patch Set Installation

After you patch Audit Vault from Release 10.2.3.0 to 10.2.3.2.0 on Oracle RAC, the Oracle Enterprise Manager URL does not work. If you run the emctl status dbconsole command, it indicates that Enterprise Manager is running, but when you try the URL, the following error appears:

The database status is currently unavailable. It is possible that the 
database is in mount or nomount state. Click 'Startup' to obtain the current 
status and open the database. If the database cannot be opened, click 
'Perform Recovery' to perform an appropriate recovery operation.

Workaround: See Section 3.8.3.

This issue is tracked with Oracle bug 8924812.

7.2.5 Cannot Retrieve Database Listener During Database Creation Phase of the Audit Vault Installation for Oracle RAC

When you install Oracle Audit Vault in an Oracle RAC environment, the following error appears when Oracle Database Configuration Assistant (DBCA) tries to create the Audit Vault database:

Failed to retrieve network listener Resources

Workaround:

Click the Yes button in the error window. The installation will resume without any problems.

This issue is tracked with Oracle bug 6134561.

7.2.6 Incorrect Registry Entry Created on Oracle RAC Remote Node After Installation

After you install Oracle Audit Vault Server on Microsoft Windows in an Oracle RAC environment, the following registry key is wrongly added to the remote node:

HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_home_name\ORA_instance name_PWFILE

On both local and remote node, the registry entries claim that the instance name is the same on both nodes. The instance names should be unique for each node. As a result, you cannot run the dvca -action optionrac command on the remote node.

Workaround:

From the Registry Editor, edit the following registry key to point to the complete path to the password file on the remote node.

HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_home_name\ORA_instance name_PWFILE

For example, assuming the password file is orapwORCL2, you would enter a setting similar to the following:

C:\ORACLE\PRODUCT\10.2.0\DB_1\dbs\orapwORCL2

This issue is tracked with Oracle bug 6144753.

7.3 Linux and UNIX Platforms (Single Instance and Oracle RAC)

This section contains:

7.3.1 After the Audit Vault Server Upgrade, Oracle Database Vault Is Not Enabled on AIX 5L Platforms

During the installation of Oracle Audit Vault Server on AIX 5L, Audit Vault Configuration Assistant (AVCA) fails to relink the oracle executable with the dv_on option.

An error message similar to the following appears in the $ORACLE_HOME/av/log/avca.log file:

0/12/09 04:44:48        ld: 0706-021 The wait() system call failed.
10/12/09 04:44:48               ld:wait(): There are no child processes.
10/12/09 04:44:48       make: 1254-004 The error code from the last command is
                        255.
10/12/09 04:44:48
10/12/09 04:44:48
10/12/09 04:44:48       Stop.

Because of this error, Oracle Database Vault is not enabled at the end of the Audit Vault Release 10.2.3.2 installation on AIX 5L.

Workaround: After you complete the Audit Vault Server installation, follow the procedure in Section 3.8.1, "Restarting the Audit Vault Server on AIX 5L." Afterwards, you can install the Audit Vault agent, as described in Section 4, "Installing the Oracle Audit Vault Patch Set on the Audit Vault Agent."

This issue is tracked with Oracle bug 9029325.

7.4 Microsoft Windows Platform

This section contains:

7.4.1 Oracle Audit Vault Server Fails During NetCA Phase if ORACLE_HOME Is Set

During the Network Configuration Assistant (NetCA) installation phase, the Oracle Audit Vault installation can fail with the following error message if the ORACLE_HOME environment variable has been set:

Environmental error detected:  The current Oracle Home and the Oracle Home passed from the installer are not the same. Oracle Net Configuration Assistant cannot continue 

This error occurs on both Windows 32-bit and X64 systems.

Workaround: Before you run the setup.exe utility to begin the installation, ensure that the ORACLE_HOME environment variable is not set, either as a system variable, a user environment variable, or from a command prompt.

This issue is tracked with Oracle bug 10433926.

7.4.2 Invalid Oracle Enterprise Manager URL Opens After Installation

After you complete the Oracle Audit Vault Server installation on Microsoft Windows 32-bit and close Oracle Universal Installer (OUI), the Oracle Enterprise Manager login page cannot open. The URL it tries to use, http, should be https. This is because starting with Release 10.2.0.4, Oracle Enterprise Manager is secure by default. However, the Audit Vault Console URL should work without any problems.

Workaround:

Enter the Enterprise Manager URL using the https prefix, not the http prefix. For example:

https://shobeen.example.com:1158/em

This issue is tracked with Oracle bug 9409291.

7.4.3 Error in avca.log File After Installation of Oracle Audit Vault

After you install Oracle Audit Vault, an error similar to the following appears in the avca.log file:

03/05/10 03:37:28 <xdbconfig 
@ xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd" xmlns:xsi="http://w 
03/05/10 03:37:28 
03/05/10 03:37:29 ERROR: 
03/05/10 03:37:29 ORA-01031: insufficient privileges 
03/05/10 03:37:29 
03/05/10 03:37:29 
03/05/10 03:37:29 Warning: You are no longer connected to ORACLE. 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0641: "EXECUTE" requires connection to server 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0641: "EXECUTE" requires connection to server 
03/05/10 03:37:29 SP2-0640: Not connected 
03/05/10 03:37:29 SP2-0641: "EXECUTE" requires connection to server 
03/05/10 03:37:29 
03/05/10 03:37:29 PL/SQL procedure successfully completed. 
03/05/10 03:37:29 

This error is expected and has no affect on functionality.

The reason that this error occurs is because during the installation process, Oracle Universal Installer (OUI) tries to log in to the database as user SYS with the SYSDBA privilege. On Windows, this action works only if both local and domain users who must access the database have been added to the ORA_DBA group, and if OS authentication has been enabled.

Workaround:

Do the following:

  • Ensure that both local and domain users who must have access to the database have been added to the ORA_DBA group.

  • Ensure that OS authentication is enabled.

This issue is tracked with Oracle bug 9449669.

7.4.4 File Not Found Error During Deployment of Oracle Database Vault During Installation

After you install Oracle Audit Vault Server on Microsoft Windows 32-bit, errors similar to the following appear in the installAction.log file:

executing task DEPLOY_DVA 
DEPLOY_DVA,validate 
DEPLOY_DVA get EM home 
DEPLOY_DVA get EM home instance null, resolved=iwin3040_av 
DEPLOY_DVA stop isqlplus 
DEPLOY_DVA stop OC4J 
 
DEPLOY_DVA,modify C:\psmith\av\10.2.3.2\100206\ 
AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\config\server.xml 
getDocument() error 
C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con 
fig\server.xml:java.io.FileNotFoundException: 
C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con 
fig\server.xml (The system cannot find the path specified) 
modfiy server.xml error:java.io.FileNotFoundException: 
C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con 
fig\server.xml (The system cannot find the path specified) 
DVCA_ERROR:java.io.FileNotFoundException: 
C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con 
fig\server.xml (The system cannot find the path specified) 
Error executing task DEPLOY_DVA:java.io.FileNotFoundException: 
C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con 
fig\server.xml (The system cannot find the path specified) 
Executing task SQLPLUS_UTLRP 
 
Executing task INIT_AUDIT_SYS_OPERATIONS 

The result is that the Database Vault Administrator is not properly deployed, which can result from not having Oracle Database Control deployed on the computer where you performed the installation.

Workaround:

If you do not plan to use Database Vault Administrator, then you can disregard these errors.

However, if you want to use Database Vault Administrator, then you must deploy it manually. You can manually deploy Database Vault Administrator to the Oracle Application Server Containers for J2EE (OC4J) home, which by default is in the $ORACLE_HOME/oc4j/j2ee/home directory.

  1. Edit the file $ORACLE_HOME/oc4j/j2ee/home/config/server.xml. Enter the following line just before the last line that reads, </application-server>:

    <application name="dva" path="$ORACLE_HOME/dv/jlib/dva_webapp.ear" auto-start="true" />
    

    For example:

    <application name="dva" path="/u00/app/oracle/oracle/product/dv12/dv/jlib/dva_webapp.ear" auto-start="true" />
    
  2. Edit the file $ORACLE_HOME/oc4j/j2ee/home/config/http-web-site.xml. Enter the following line just above the last line that reads, </web-site>:

    <web-app application="dva" name="dva_webapp" root="/dva" />
    
  3. Edit the file $ORACLE_HOME/oc4j/j2ee/home/config/global-web-application.xml. Search for <servlet-class>oracle.jsp.runtimev2.JspServlet</servlet-class>. Uncomment the following lines after this:

    <init-param>
       <param-name>main_mode</param-name>
       <param-value>justrun</param-value>
    </init-param>
    
  4. Create the following directory:

    mkdir -p $ORACLE_HOME/dv/jlib/sysman/config
    
  5. Create the database connection configuration file, emoms.properties, in the configuration directory that you just created. Add the following lines to the file:

    oracle.sysman.emSDK.svlt.ConsoleMode=standalone
    oracle.sysman.eml.mntr.emdRepRAC=FALSE
    oracle.sysman.eml.mntr.emdRepDBName=oracle_sid
    oracle.system.eml.mntr.emdRepConnectDescriptor=TNS_connection_string
    

    Follow these instructions:

    • For an Oracle RAC environment, set oracle.sysman.eml.mntr.emdRepRAC to TRUE.

    • For oracle.sysman.eml.mntr.emdRepConnectDescriptor, you can use an alias from $ORACLE_HOME/network/admin/tnsnames.ora. Alternatively, you can use the following syntax:

      oracle.sysman.eml.mntr.emdRepConnectDescriptor=
        (DESCRIPTION\=
          (ADDRESS_LIST\=(ADDRESS\=(PROTOCOL\=TCP) (HOST\=HOSTNAME)(PORT\=PORT))) 
          (CONNECT_DATA\=
             (SERVICE_NAME\=ORACLE_SID))
      
  6. Ensure that the correct environment variables are set.

    For example:

    ORACLE_SID=orcl
    export ORACLE_SID
    ORACLE_HOME=/u00/app/oracle/product/11.1/dv
    export ORACLE_HOME
    LD_LIBRARY_PATH=$ORACLE_HOME/bin:$ORACLE_HOME/lib:$ORACLE_HOME/jdbc/lib
    export LD_LIBRARY_PATH
    PATH=$ORACLE_HOME/bin:$ORACLE_HOME/jdk/bin:$PATH
    export PATH
    

    Set the LD_LIBRARY_PATH variable to use the OCI-based JDBC libraries.

  7. Start OC4J using the following syntax:

    $ORACLE_HOME/jdk/bin/java -Djava.awt.headless=true -DEMDROOT=$ORACLE_HOME/dv/jlib -jar $ORACLE_HOME/oc4j/j2ee/home/oc4j.jar -userThreads -config $ORACLE_HOME/oc4j/j2ee/home/config/server.xml
    

After you complete these steps, you can start Database Vault Administrator. The HTTP port defaults to 8888 for this environment. Use the following syntax for the URL:

http://hostname:8888/dva

This issue is tracked with Oracle bug 9366945.

7.4.5 Two Invalid Objects Seen After Single Instance Audit Vault Server Installation

After you install Oracle Audit Vault Server on Microsoft Windows 32-bit, two invalid objects are seen, as follows:

SQL> SELECT OBJECT_NAME, OBJECT_ID, OWNER FROM ALL_OBJECTS 
     WHERE STATUS='INVALID'; 
 
OBJECT_NAME         OBJECT_ID   OWNER   
------------------- ----------- ----------------- 
AV$RADS_ERROR       51938       AVSYS   
DV$3                54894       DVSYS   

Workaround:

None.

This issue is tracked with Oracle bug 9444926.

7.4.6 Invalid Objects Seen After Audit Vault Server Installation

After you install Audit Vault Server on Microsoft Windows 64-bit, invalid objects are seen, as follows:

SQL> SELECT OBJECT_NAME, OBJECT_ID, OWNER FROM ALL_OBJECTS 
     WHERE STATUS='INVALID '; 
 
OBJECT_NAME                    OBJECT_ID   OWNER 
------------------------------ ----------- ----------------- 
DBA_LBAC_POLICIES              42248       PUBLIC 
DBA_LBAC_SCHEMA_POLICIES       42249       PUBLIC 
DBA_LBAC_TABLE_POLICIES        42250       PUBLIC 
DBA_LBAC_USERS                 42251       PUBLIC 
DBA_LBAC_PROGRAMS              42252       PUBLIC 
DBA_LBAC_USER_LABELS           42253       PUBLIC 
DBA_LBAC_USER_PRIVS            42254       PUBLIC 
DBA_LBAC_PROG_LABELS           42255       PUBLIC 
DBA_LBAC_PROG_PRIVS            42256       PUBLIC 
DBA_LBAC_LABELS                42257       PUBLIC 
DBA_LBAC_DATA_LABELS           42258       PUBLIC 
DBA_LBAC_LABEL_TAGS            42261       PUBLIC 
DBA_SA_POLICIES                42330       PUBLIC 
DBA_SA_LABELS                  42331       PUBLIC 
DBA_SA_DATA_LABELS             42332       PUBLIC 
DBA_SA_LEVELS                  42333       PUBLIC 
DBA_SA_COMPARTMENTS            42334       PUBLIC 
DBA_SA_GROUPS                  42335       PUBLIC 
DBA_SA_GROUP_HIERARCHY         42336       PUBLIC 
DBA_SA_USERS                   42337       PUBLIC 
DBA_SA_USER_LEVELS             42338       PUBLIC 

DBA_SA_USER_COMPARTMENTS       42339       PUBLIC 
DBA_SA_USER_GROUPS             42340       PUBLIC 
DBA_SA_USER_LABELS             42341       PUBLIC 
DBA_SA_USER_PRIVS              42342       PUBLIC 
DBA_SA_PROG_PRIVS              42343       PUBLIC 
USER_SA_SESSION                42344       PUBLIC 
DBA_SA_TABLE_POLICIES          42345       PUBLIC 
DBA_SA_SCHEMA_POLICIES         42346       PUBLIC 
ALL_SA_POLICIES                42368       PUBLIC 
ALL_SA_DATA_LABELS             42369       PUBLIC 
ALL_SA_LEVELS                  42370       PUBLIC 
ALL_SA_COMPARTMENTS            42371       PUBLIC 
ALL_SA_GROUPS                  42372       PUBLIC 
ALL_SA_GROUP_HIERARCHY         42373       PUBLIC 
ALL_SA_USERS                   42374       PUBLIC 
ALL_SA_USER_LEVELS             42375       PUBLIC 
ALL_SA_USER_COMPARTMENTS       42376       PUBLIC 
ALL_SA_USER_GROUPS             42377       PUBLIC 
ALL_SA_USER_LABELS             42378       PUBLIC 
ALL_SA_USER_PRIVS              42379       PUBLIC 
ALL_SA_PROG_PRIVS              42380       PUBLIC 
ALL_SA_LABELS                  42381       PUBLIC 
ALL_SA_TABLE_POLICIES          42382       PUBLIC 
ALL_SA_SCHEMA_POLICIES         42383       PUBLIC 
AV$RADS_ERROR                  44366       AVSYS 
DV$3                           46991       DVSYS 

Workaround:

  1. Disable Oracle Database Vault.

    See Oracle Database Vault Administrator's Guide for information about disabling and enabling Oracle Database Vault.

  2. Log in to SQL*Plus and run the utlrp.sql script.

  3. Enable Oracle Database Vault.

This issue is tracked with Oracle bug 9839443.

7.4.7 Audit Vault Configuration Assistant Hangs During Audit Vault Agent Installation

On Microsoft Windows 64-bit, Audit Vault Configuration Assistant (AVCA) hangs during the Audit Vault agent installation.

Workaround:

  1. If the installation hangs during the Audit Vault Configuration Assistant phase, then cancel the Oracle Universal Installer and sub-processes by using the Windows Task Manager.

    Next, run Audit Vault Configuration Assistant manually to complete the installation.

  2. Open a command prompt window.

  3. Set the ORACLE_HOME variable to point to Agent ORACLE_HOME variable.

    For example:

    SET ORACLE_HOME=C:\oracle\product\10.2.3\av_agent_1
    
  4. Set the PATH variable to include the ORACLE_HOME variable.

    For example:

    SET PATH=%ORACLE_HOME%\bin;%PATH%
    
  5. Manually invoke the internal command avca initialize_agent.

    For example:

    C:\oracle\product\10.2.3\av_agent_1\avca.bat initialize_agent 
    -agentname agent_name 
    -agentusr agentusername/agentuserpassword 
    -agentport agent_port_number
    -av host:port:service
    -rmiport rmiport 
    -jmsport jmsport
    

    In this specification:

    • agentport: Enter the agent port number, typically 7000.

    • av: Enter the Audit Vault Server host name in host:port:service format. For example:

      sales.us.example.com:1521:av.us.example.com
      
    • rmiport: Enter the RMI port number, typically 3101. To find this value, search for the port attribute in the rmi-server tag in the ORACLE_HOME/oc4j/j2ee/OC4J_DBConsole_host_sid/config/rmi.xml file.

    • jmsport: Enter the JMS port number, typically 3201. To find this value, search for the port attribute in the jms-server tag in the ORACLE_HOME/oc4j/j2ee/OC4J_DBConsole_host_sid/config/jms.xml file.

This issue is tracked with Oracle bug 10161243.

8 General Administration and Configuration Issues

This section contains:

8.1 Errors in the Data Changes Report

The Data Changes Report in Audit Vault Console fails with the following errors when the before and after values that the report attempts to capture are too large:

  • ORA-01489: result of string concatenation is too long

  • ORA-06502: PL/SQL: numeric or value error: character string buffer too small

Workaround: None

This issue is tracked with Oracle bug 9055316.

8.2 avca generate_csr Fails on Audit Vault Server on Microsoft Windows

The avca generate_csr command fails when you run it on Audit Vault Server on Microsoft Windows. This command completes without error, but the certificate file is not generated. Without this file, you cannot complete the steps for running the avca secure_av command. This problem can also occur with the avca remove_cert and avca secure_agent commands.

Check the avca.log file, by default located in the $ORACLE_HOME/av/log directory, for error details. An error similar to the following appears:

03/05/10 03:08:45 Executing command generate_csr, -certdn, 
CN=kuksagruvin,OU=SalesReps,O=RisingDoughCo,ST=CA,C=US, -out, 
c:\oracle\product\10.2.3\avserver\certs\certificate.txt 
03/05/10 03:08:45 Generating Certificate request... 
03/05/10 03:08:46 orapki wallet add -wallet 
C:\oracle\product\10.2.3\avserver\network\admin\avwallet  -keysize 1024  -dn 
CN=kuksagruvin,OU=SalesReps,O=RisingDoughCo,ST=CA,C=US  > 
C:\oracle\product\10.2.3\avserver\bin\avGenerateCSR.log 
Invalid command: kuksagruvin 
wallet: 
@ create [-wallet [wallet]] [-auto_login] [-pwd <pwd>] 
@ display [-wallet [wallet]] <-summary> [-pwd <pwd>] 
add [-wallet [wallet]] <[-keysize [512|1024|2048]] [-dn [dn]] 
     <-self_signed [-validity [days]> <[-cert [filename]] 
@      [-trusted_cert|-user_cert]> [-pwd <pwd>] 
@ export [-wallet [wallet]] <-cert [filename]> <-request [filename]> [-pwd 
@ <pwd>]
...

Workaround:

Enclose the distinguished name (DN) in double quotation marks with a backslash (\) character. For example:

avca generate_csr -certdn \"CN=kuksagruvin,OU=SalesReps,O=RisingDoughCo,ST=CA,C=US\" -out user_c:\oracle\product\10.2.3\avserver\certs\certificate.txt

Remember that this problem occurs with the avca remove_cert and avca secure_agent commands, so ensure that you use this format when specifying the DN with these commands as well.

This issue is tracked with Oracle bug 9449328.

8.3 avca secure_av Fails with ORA-1031 Error

An ORA-1031: Permission denied error appears when you try to run the avca secure_av command on Microsoft Windows 32-bit. This error can appear if OS authentication is not enabled.

Workaround:

Use either of the following solutions:

  • Configure the dispatcher service for the Audit Vault Server database. Follow these steps:

    1. On the Audit Vault Server database, log in to SQL*Plus as user SYS with the SYSDBA privilege.

      sqlplus sys as sysdba
      Enter password: password
      
    2. Run the following SQL statements. Replace sid with the instance identifier (SID) for your Audit Vault Server database.

      SQL> ALTER SYSTEM SET DISPATCHERS '(protocol=tcps)(service=sidXDB)';
      
      SQL> ALTER SYSTEM REGISTER;
      
      SQL> EXIT
      
    3. From the ORACLE_HOME\bin directory, start the Audit Vault console:

      avctl start_av
      
  • Enable OS authentication for Windows. Follow these steps:

    1. Enable OS authentication for Windows.

    2. If you only have one Oracle Database home directory, then open a command prompt and go to the Audit Vault Server ORACLE_HOME\bin directory.

      If you have multiple Oracle Database home directories, then open a command prompt and set the following variables:

      set ORACLE_HOME=AV_Server_Oracle_Home_path
      set PATH=AV_Server_Oracle_Home_path\bin:%PATH% 
      
    3. Reset the Audit Vault Server to default configuration.

      avca secure_av remove
      
    4. Re-run the avca secure_av command to secure the Audit Vault Server.

      For example:

      avca secure_av -avkeystore /tmp/avkeystore -avtruststore /tmp/avkeystore 
      Enter keystore password: password
      

This issue is tracked with Oracle bug 9456972.

8.4 Audit Vault Restart Fails when oradata and Backup and Recovery Files Are Placed on ASM

When you attempt to restart the Audit Vault database in an Oracle Database Automatic Storage Management (ASM) environment on Microsoft Windows 32-bit and 64-bit, the following errors appear:

ORA-01078: failure in processing system parameters 
ORA-01565: error in identifying file '+DATA/av06/spfileav06.ora' 
ORA-17503: ksfdopn:2 Failed to open file +DATA/av06/spfileav06.ora 
ORA-15055: unable to connect to ASM instance 
ORA-01031: insufficient privileges 

These errors appear even if ASM is running and the ASM disk groups are accessible.

Workaround:

  1. In the sqlnet.ora file for the Audit Vault database, change the SQLNET.AUTHENTICATION_SERVICES setting to NTS, as follows:

    SQLNET.AUTHENTICATION_SERVICES=(NTS, BEQ, TCPS)
    
  2. Restart the Audit Vault database.

    sqlplus sys as sysoper
    Enter password: password
    SQL> SHUTDOWN IMMEDIATE
    SQL> STARTUP
    

This issue is tracked with Oracle bug 9461571.

9 Source Database Configuration Issues

There are no known source database configuration issues for Oracle Audit Vault.:

10 Collector Configuration Issues

This section contains:

10.1 OSAUD Collector Fails with ORA-00600 Error

Intermittently, the OSAUD collector fails with an error similar to the following:

INFO @ '03/06/2009 01:50:01 02:00': 
File /oracle/admin/mau/adump/mau_ora_17373_1.xml not found in hash 
table, Adding.. 
ERROR @ '03/06/2009 01:50:43 02:00': 
On line 2101; ORA-00600: Interner Fehlercode, Argumente: [], [], [], [], [], 
[], [], []

Workaround: Restart the collector.

  1. Open a shell and then set the environment variables for the Audit Vault Server.

    See "Setting the Audit Vault Server Linux and UNIX Environment Variables" in Oracle Audit Vault Administrator's Guide.

  2. Run the avctl start_collector command.

    For example:

    $ avctl start_collector -collname OSAUD_Collector -srcname my_db
    

This issue is tracked with Oracle bug 8645192.

10.2 OS Collector Hangs with Linux Audit Vault Agent

If you have Audit Vault Server installed on Microsoft Windows 32-bit, and configured an OS collector on a Linux or UNIX Audit Vault agent, the collector fails to start and then hangs. The reason for this problem is that the collector appends \rdbms\audit to the Oracle home directory when setting audit files directory of the source during the collector configuration process. On Linux or unix, the collector is unable to read this path because of the backslashes (\) used in the path.

Workaround:

Change the backslashes to forward slashes, as follows:

  1. If you only have one Oracle Database home directory, then open a command prompt and go to the Audit Vault Server ORACLE_HOME\bin directory.

    If you have multiple Oracle Database home directories, then open a command prompt and set the following variables:

    set ORACLE_HOME=AV_Server_Oracle_Home_path
    set PATH=AV_Server_Oracle_Home_path\bin:%PATH% 
    
  2. Use the avorcldb alter_collector command to recreate the default file destination to use forward slashes instead of backslashes.

    For example:

    avorcldb alter_collector -srcname my_source_db -collname my_os_collector OSAUDIT_DEFAULT_FILE_DEST='$ORACLE_HOME/rdbms/audit'
    

    This problem also occurs with the OSAUDIT_FILE_DEST parameter as well, so you must recreate the location for the Oracle Database operating system audit files, as well:

    avorcldb alter_collector -srcname my_source_db -collname my_os_collector OSAUDIT_FILE_DEST='$ORACLE_HOME/admin/DB_UNIQUE_NAME/adump'
    
  3. Restart the collector.

    For example:

    avctl start_collector -collname my_os_collector -srcname my_source_db
    

    You can check the status of the collector as follows:

    avctl show_collector_status -collname my_os_collector -srcname my_source_db
    

This issue is tracked with Oracle bug 9357349.

10.3 avctl start_collector Fails with Multibyte Source or Collector Name

On Microsoft Windows 64-bit systems, the avctl start_collector command can fail if the source database name and collector name contain multibyte characters, such as Chinese. Errors similar to the following appear:

Failed to start collector GBK?2:DBAUD_Collector_GBK?2   at 
oracle.av.collector.audcoll.AudCollectorManager.startCollector(AudCollectorMan 
ager.java:399) at 
@ oracle.av.collector.OracleCollectorManager.start(OracleCollectorManager.java:2 
07) at 
oracle.av.agent.AgentHandler$StartCollector.handleMessage(AgentHandler.java:45 
8) at oracle.av.agent.ManagementServlet.doProcess(ManagementServlet.java:94) 
at oracle.av.agent.ManagementServlet.doPost(ManagementServlet.java:115) 

Workaround:

  1. On the Windows server, from the Control Panel, open Regional and Language Options.

  2. Select the Advanced tab.

  3. Under Default user account settings, select the Apply all settings to current user account and to the default user profile check box.

  4. Click OK.

  5. Set both the User locale and the System locale to the language that uses multibyte characters, such as Chinese.

    To set the user locale, from Regional and Language Options, select the Languages tab. Under Supplemental language support, select the Install files for East Asian languages check box. Click the Details button, and in the Default input language area, select the language that you want. If necessary, click the Add button to add the correct language. Click OK.

    To set the system locale, from Regional and Language Options, select the Advanced tab. In the Language for non-Unicode programs area, select the language that you specified for the user locale.

    (This dialog box may vary depending on your version of Windows. This step is based on Windows XP Professional.)

  6. Click the OK button to save your settings and exit Regional and Language Options.

  7. Restart the Windows 64-bit server.

This issue is tracked with Oracle bug 9846944.

11 Documentation Accessibility

Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/.

Accessibility of Code Examples in Documentation

Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.

Accessibility of Links to External Web Sites in Documentation

This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.

Access to Oracle Support

Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/support/contact.html or visit http://www.oracle.com/accessibility/support.html if you are hearing impaired.


Oracle Audit Vault Release Notes, Release 10.2.3.2

E11061-05

Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.