Skip Headers
Oracle® Audit Vault Administrator's Guide
Release 10.3

Part Number E23571-07
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

What's New in Oracle Audit Vault for Administrators?

This section describes new features in Oracle Audit Vault that affect administrators, and provides pointers to additional information. These new features reflect changes since Release 10.2.3.1.

This section contains:

Oracle Audit Vault Release 10.3 New Features

This section contains:

Named Listener for the Audit Vault Server

Starting with this release, the name of the listener for the Audit Vault Server is based on the name of this server. For example, if you named the server av, then the listener name is listener_av.

See Section 1.3.2.2 for more information about the components of the Audit Vault Server.

Availability Through Oracle Enterprise Manager Cloud Control

You now can perform the following types of Oracle Audit Vault administrative activities through Oracle Enterprise Manager Cloud Control 12c Release 1 (12.1):

  • Monitoring system behavior and alert activities

  • Monitoring agents, collectors, and source databases

  • Getting a quick view of the entire Oracle Audit Vault configuration

  • Starting and stopping one or more agents and collectors at the same time

  • Starting and shutting down the Audit Vault Console

  • Adding the Audit Vault Server to an Enterprise Manager group

  • Generating Information Publisher reports on the Oracle Audit Vault configuration

  • Controlling user access to the Oracle Audit Vault pages in Enterprise Manager

See Chapter 6, "Using Oracle Audit Vault in Enterprise Manager Cloud Control," for more information. See also Oracle Enterprise Manager Cloud Control Administrator's Guide for detailed information about working in a Cloud Control environment.

Updated Oracle Database Release for the Oracle Audit Vault Server

For this release, the Oracle Audit Vault Server uses Oracle Database Release 11.2.0.3

See Section 1.3.2 for more information about the Audit Vault Server components.

Updated Microsoft SQL Server JDBC Driver for SQL Server Source Databases

For this release, you must use Microsoft SQL Server JDBC Driver version 3.0 when you configure Microsoft SQL Server source databases.

See Section 2.4.1 for more information.

Support for Later Sybase ASE and IBM DB Releases

This release adds support for Sybase Adaptive Server Enterprise (ASE) 15.5 and IBM DB2 9.7 for Linux, UNIX, and Microsoft Windows.

Changed URL for Logging into the Audit Vault Console

In previous releases, the default port number in the Audit Vault Console was 5700. In this release, the default port number is the same port number that is used by Oracle Enterprise Manager. By default, this port number is 1158.

For example:

https://host:1158/av

If the port number 1158 is not available, then the Audit Vault Console uses the next available port number that is used by Enterprise Manager, such as 5500, 5501, and so on.

See Section 1.3.2.3 for more information.

Secure Sockets Layer (SSL) and HTTPS Automatically Configured

By default, Secure Sockets Layer (SSL) and HTTPS are already configured when you install Oracle Audit Vault Release 10.3. In addition to these protocols, Audit Vault supports TCPS for SQL*Net communications between the Audit Vault Agents and the Audit Vault Server.

See Section 5.6 for more information about managing the HTTPS configuration.

Deprecated avca Commands

The following commands have been removed from the avca utility because they are no longer needed:

  • secure_agent

  • secure_av

Oracle Audit Vault Release 10.2.3.2 New Features

This section contains:

Email Notifications for Oracle Audit Vault Alerts

In this release of Oracle Audit Vault, auditors can configure email notifications in response to Audit Vault alerts. For example, if an alert is triggered, an email can be sent automatically to the persons who must respond to it. Before an auditor can create email notifications, you must configure an SMTP server for the outgoing email.

See Section 3.6 for more information.

Trouble Ticket Integration

Oracle Audit Vault can now generate a Remedy trouble ticket in response to an Audit Vault alert. To accomplish this, you must configure the Audit Vault Server to communicate with the BMC Remedy Action Request (AR) System Server 7.x that is responsible for managing the trouble tickets. After you complete this configuration, an Audit Vault auditor can create the conditions necessary to automatically trigger the trouble ticket creation.

See Section 3.7 for more information.

Real-Time Oracle Audit Vault Data Warehouse Refreshes

Starting with this release, the Oracle Audit Vault data warehouse is automatically refreshed with incoming audit data as it collects audit data. Because the warehouse is refreshed in real-time, auditors can generate more accurate reports on audited activities.

Because of this enhancement, the avctl refresh_warehouse and avca set_warehouse_schedule commands are deprecated.

Note:

If you have just upgraded to the current release of Oracle Audit Vault, be aware that the upgrade process removes any warehouse job refresh settings that you had created before the upgrade.

See Section 3.4 for more information about managing the data warehouse.

Changes to Audit Trail Cleanup

This section contains:

Audit Trail Cleanup DBMS_AUDIT_MGMT PL/SQL Package Installed

By default, the DBMS_AUDIT_MGMT PL/SQL package is installed in the Oracle Audit Vault Server. You no longer need to download this package from My Oracle Support (formerly OracleMetaLink) if you want to automatically purge the Audit Vault Server audit trail.

See Section 4.10 for more information about purging the Audit Vault Server audit trail.

Audit Trail Cleanup Initialized on the Audit Vault Server

Starting with this release, the audit trail cleanup process is initialized from the Audit Vault Server, so that you can manage the Audit Vault Server database audit trail. As part of this change, the SYS.AUD$ and SYS.FGA_LOG$ tables are moved from the SYSTEM to the SYSAUX tablespace.

See Section 4.10 for more information about purging the Audit Vault Server audit trail.

Audit Trail Cleanup Default Purge Job for the Audit Vault Server Database

By default, the audit trail generated by the Audit Vault Server is now purged every 24 hours. You can modify or remove the cleanup operation if you want.

See Section 4.11 for more information purging the Audit Vault Server database audit trail.

Audit Trail Cleanup for Microsoft SQL Server Source Database Audit Data

You now can purge the C2 audit trace files and server-side trace files from a SQL Server source database automatically after all audit data has been collected by Audit Vault.

See Section 2.4.7 for more information.

Audit Trail Cleanup for IBM DB2 Source Database Audit Data

Before Oracle Audit Vault can collect audit records from an IBM DB2 source database, you must run the DB282ExtractionUtil or DB295ExtractionUtil script. These scripts convert the IBM DB2 audit file from a binary to an ASCII file format. Starting with this release, these scripts support automatic cleanup of the binary audit trail data, in addition to purging ASCII-formatted data.

See Section 2.6.6 for more information.

Time Zone Configuration for Oracle Audit Vault Reports and Alerts

Starting with this release, you can set the time zone format for Oracle Audit Vault reports and alerts. This enables auditors to generate reports that are timestamped using their local times. In addition, alert notifications and Remedy trouble tickets can contain local times. To accomplish this, you use the avca set_server_tz command. To find the status of the current time zone setting, you can run the avca show_server_tz command.

See the following sections for more information:

Failover Recovery for Collectors

Depending on the audit trail type, you can now configure the Oracle Database, Microsoft SQL Server, and Sybase ASE source databases to move the collector from one agent to another. This feature is useful for failover recovery if the host computer running the original agent fails. To accomplish this, you configure the agent for the collector by setting its AGENTNAME property by using the avorcldb, avmssqldb, avsybdb alter_collector commands.

See the following sections for more information:

  • Oracle Database source databases. This feature applies to the DBAUD collector only. See Section 9.4 for more information about the avorcldb alter_collector command.

  • Microsoft SQL Server source databases. This feature applies to server-side trace files only. See Section 10.4 for more information about the avmssqldb alter_collector command.

  • Sybase ASE source databases. See Section 11.4 for more information about the avsybdb alter_collector command.

Changes to Server-Side Oracle Audit Vault Utilities

This section contains:

New Oracle or Changed Audit Vault Utility Commands

The following utilities have been enhanced for this release:

  • Audit Vault Configuration Assistant (AVCA). AVCA now has several new commands.

    Commands used to configure email notifications:

    • register_smtp

    • secure_smtp

    • test_smtp

    • show_smtp_config

    • alter_smtp

    • enable_smtp

    • disable_smtp

    Commands used to configure the Remedy trouble ticket service:

    • register_remedy

    • secure_remedy

    • test_remedy

    • show_remedy_config

    • alter_remedy

    • enable_remedy

    • disable_remedy

    Commands used to configure time zones for reports:

    • set_server_tz

    • show_server_tz

    See Chapter 7, "Audit Vault Configuration Assistant (AVCA) Reference" for more information.

  • Audit Vault Control (AVCTL). AVCTL now has the following new commands:

    • show_smtp_status

    • show_remedy_status

    See Chapter 8, "Audit Vault Control (AVCTL) Reference" for more information.

  • Audit Vault Oracle Database (AVORCLDB). AVORCLDB has a new attribute for the alter_collector command: AGENTNAME. See Section 9.4 for more information about the avorcldb alter_collector command.

  • Audit Vault Microsoft SQL Server (AVMSSQLDB). AVMSSQLDB has the following changes for these commands:

    • add_source and verify: In previous releases, you specified the source database through the host name and port number. Now, you can specify the source database connection information by using one of the following formats:

      myhost:myport
      'myhost\myinstance'
      

      The ability to specify the port or the instance name is useful for configurations in which the instance is not on the default port or does not have a default name. For configurations with multiple instances on one server, you must specify the host and instance name.

      See Section 10.3 for information about avmssqldb add_source and Section 10.10 for information about avmssqldb verify.

    • alter_collector: There is now a new attribute for the alter_collector command: AGENTNAME. See Section 10.4 for more information about the avmssqldb alter_collector command.

  • Audit Vault Sybase ASE (AVSYBDB). AVSYBDB has a new attribute for the alter_collector command: AGENTNAME. See Section 11.4 for more information about the avsybdb alter_collector command.

Deprecated Oracle Audit Vault Utility Commands

The following commands have been deprecated on the Audit Vault Server:

  • avca set_warehouse_schedule

  • avctl refresh_warehouse

  • avctl show_agent_status

  • avctl start_agent

  • avctl stop_agent

See "Real-Time Oracle Audit Vault Data Warehouse Refreshes" for more information about enhancements to the data warehouse refresh feature.

Changes to Oracle Audit Vault Collection Agent Utilities

The following Oracle Audit Vault collection agent commands names have changed:

Previous Name New name
avctl show_oc4j_status avctl show_agent_statusFoot 1 
avctl start_oc4j avctl start_agent
avctl stop_oc4j avctl stop_agent

Footnote 1 In addition, starting with this release, the avctl show_agent_status command no longer has any arguments.

See Chapter 8, "Audit Vault Control (AVCTL) Reference" for more information about the AVCTL commands.

Updated Oracle Database Release for the Oracle Audit Vault Server

For this release, the Oracle Audit Vault Server uses Oracle Database Release 10.2.0.4

Information About Checking and Modifying Port Numbers

This guide now explains how you can check which ports are being used by an Oracle Audit Vault installation, and to modify them.

See the following sections for more information:

  • Section 1.3.2.3 for default Audit Vault Server port information

  • Section 1.3.4.3 for default Audit Vault collection agent and collector port information

  • Section 4.9 for information about changing port numbers

Oracle Audit Vault Release 10.2.3.1 New Features

This section contains:

Collectors for Sybase ASE and IBM DB2 Databases

This release provides collectors for the Sybase Adaptive Server Enterprise (ASE) and IBM DB2 database products. The supported releases for these two database products are as follows:

  • Sybase ASE: ASE 12.5.4 and ASE 15.0.2 on platforms based on Linux and UNIX, and on Microsoft Windows platforms

  • IBM DB2: IBM DB2 Version 8.2 and Version 9.5 on platforms based on Linux and UNIX, and on Microsoft Windows platforms. If you are using Version 8.2, ensure that you have installed Fixpack 16.

See the following sections for more information: