Skip Headers
Oracle® Audit Vault Collection Agent Installation Guide
Release 10.3

E23588-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

3 Installing Oracle Audit Vault Collection Agent

This chapter includes the major steps required to install Oracle Audit Vault collection agent.

This chapter includes the following sections:

3.1 Oracle Audit Vault Collection Agent Preinstallation

You must add or register the Oracle Audit Vault collection agent at Oracle Audit Vault Server (Audit Vault Server) before you begin the installation of the collection agent to ensure Audit Vault Server has this metadata stored beforehand; otherwise, the collection agent installation will not be successful. Perform the following steps to complete this task.

  1. On the Audit Vault Server system, set the Oracle Audit Vault environment variables (ORACLE_HOME, ORACLE_SID, PATH, LD_LIBRARY_PATH (for Linux x86-64, and Solaris SPARC_64), SHLIB_PATH (for HP Itanium), or LIBPATH (for AIX), as applicable, or use the coraenv or oraenv scripts located in the server home bin directory ($ORACLE_HOME/bin) to perform this operation. Set ORACLE_HOME to point to the Audit Vault Server home. Set ORACLE_SID to the database name for a single instance installation (av is the default database name) or for an Oracle Real Application Clusters (Oracle RAC) installation, set it to the instance name. Set PATH to include $ORACLE_HOME/bin.

  2. Add or register the Oracle Audit Vault collection agent at Audit Vault Server and create the collection agent user if one has not been previously created, or if you have already created an collection agent user, enter that collection agent user name when prompted.

    Note:

    For information about Oracle Audit Vault collection agent deployment scenarios, see Section 1.1. This information describes where best to install the collection agent depending on the type of audit data that the collection agent collects.

    In addition, Oracle recommends creating different agent user names for each collection agent that you install.

    Run the following AVCA add_agent command. You must record the settings for this AVCA add_agent command so that you can provide this collection agent user name and collection agent name to the Oracle Audit Vault administrator who plans to install the Oracle Audit Vault collection agent software described in Section 3.2.1.

    Example 3-1 shows adding a collection agent and creating an collection agent user. You will be prompted for the collection agent user name and password, then you must verify the password.

    Example 3-2 shows adding an collection agent and using a previously created collection agent user. You will be prompted for just the collection agent user name.

    Example 3-1 Running the AVCA add_agent Command to Create the Collection Agent User and Register the Collection Agent with Oracle Audit Vault

    avca add_agent –agentname avagent-name [-agentdesc agent-description] 
    -agenthost name-of-host-where-agent-will-be-installed
    

    For example, if you have not previously created a collection agent user:

    avca add_agent -agentname agent1 -agenthost salesdb.us.example.com 
    Enter agent user name: agentusername
    Enter agent user password: agent_user_pwd
    Re-enter agent user password: agent_user_pwd
    Agent added successfully. 
    

    Example 3-2 Running the AVCA add_agent Command and Using a Previously Created Collection Agent User and Register the Collection Agent with Oracle Audit Vault

    For example, if you have previously created a collection agent user named agentuser1 as this example shows:

    avca add_agent -agentname agent1 -agenthost salesdb.us.example.com 
    Enter agent user name: agentuser1
    Agent added successfully. 
    

    The command arguments are as follows:

    • -agentname: The name of the collection agent, with no spaces. The collection agent name is case sensitive. The collection agent name must be unique to Audit Vault Server. You cannot reuse an collection agent name for another collection agent name on the same server, even after the deinstallation of a previously installed collection agent. Oracle Audit Vault does not delete collection agent names that are dropped; it disables the collection agent name and retains the collection agent name in its metadata.

      You should write this name down. You will enter it as part of the collection agent installation on the Agent Details page.

    • [-agentdesc desc]: Optional parameter. A description of the collection agent.

      This is optional.

    • -agenthost: The host name where the collection agent is installed, for example, salesdb.us.example.com.

    The collection agent user name is the collection agent user to whom the AV_AGENT role will be granted. The collection agent user name can only contain alphanumeric characters. Later, you will enter this same collection agent user name and then enter a password as part of the collection agent installation on the Agent Details page.

    Provide this collection agent user name and collection agent name to the Oracle Audit Vault administrator who plans to install the Oracle Audit Vault collection agent software described in Section 3.2.1.

3.2 Oracle Audit Vault Collection Agent Installation

This section describes the following topics:

3.2.1 Performing the New Oracle Audit Vault Collection Agent Installation

For an overview of requested information specific to the Oracle Audit Vault collection agent installation, see Section 3.2.2 and Section 3.2.3.

See Section 2.1.11 for important information about setting the correct locale.

The steps to perform a new Oracle Audit Vault collection agent installation are as follows:

  1. Run Oracle Universal Installer (OUI) to install Oracle Audit Vault collection agent. You should run the installer as the software owner account that owns the current ORACLE_HOME environment. This is normally the oracle account.

    For Linux and UNIX-based systems, log in as the oracle user. Alternatively, switch user to oracle using the su - command. Change your current directory to the directory that contains the installation files. Start Oracle Universal Installer from the Oracle Audit Vault collection agent package.

    For Linux and UNIX-based systems:

    cd directory-containing-the-Oracle-Audit-Vault-Agent-installation-files
    ./runInstaller
    

    For Microsoft Windows systems, locate the directory containing the Oracle Audit Vault collection agent installation files for Microsoft Windows, then double-click setup.exe to start Oracle Universal Installer.

    Oracle Universal Installer starts up by first checking the following installation requirements and displaying the results. For example, it shows what the value should be or must be greater than or at least equal to, then the actual value for each check and the check result status: Passed or Failed.

    • Checking operating system version: must be redhat-3, SuSE-9, SuSE-10, redhat-4, redhat-5, UnitedLinux-1.0, asiaunx-1, asianux-2, enterprise-4 or enterprise-5 Passed

    • Checking temp space: must be greater than 80MB. Actual 145332MB Passed

    • Checking swap space: must be greater than 150MB. Actual 3929MB Passed

    • Checking monitor: must be configured to display at least 256 colors. Actual 65536 Passed

    Then Oracle Universal Installer prepares to launch itself.

  2. Using the information that you recorded in Section 3.1, specify the following information on the Agent Details page, then click Next:

    1. Audit Vault Agent Name – The name of the collection agent (created in Step 2 of Section 3.1)

    2. Audit Vault Agent Home – Specify or browse to find the path to the Oracle Audit Vault collection agent home where you want to install Oracle Audit Vault collection agent. Specify a path other than the Oracle home or the Audit Vault Server home.

    3. Agent User Name – The account name of the Oracle Audit Vault collection agent User (provided in Step 2 of Section 3.1).

    4. Agent User Password – The password for the Oracle Audit Vault collection agent user account (provided in Step 2 of Section 3.1).

    5. Specify the Audit Vault Server Connect String that takes the form hostname:port:service name in that order using a (:) colon delimiter between each item, for example: salesdb.us.example.com:1521:av.us.example.com.

      The structure of the service name is db_name.db_domain. The db_name portion is the Oracle Audit Vault name specified during the Audit Vault Server installation, which is the global name. The db_domain is the domain name portion of the full host name for the system where the Audit Vault Server is installed. You can find the service name by checking the tnsnames.ora file.

      See Section 3.2.3.4 for more information about the Audit Vault Server connect string.

    See Section 3.2.3 for more information about specifying the Oracle Audit Vault collection agent information.

  3. Review the installation prerequisite checks on the Prerequisite Check page. This is when all installation prerequisite checks are performed and the results are displayed. Verify that all prerequisite checks succeed, then click Next.

    Oracle Universal Installer checks the system to verify that it is configured correctly to run Oracle software. If you have completed all of the preinstallation steps in this guide, all of the checks should pass.

    If a check fails, then review the cause of the failure listed for that check on the screen. If possible, rectify the problem and rerun the check. Alternatively, if you are satisfied that your system meets the requirements, then you can select the check box for the failed check to manually verify the requirement.

  4. On the installation Summary page, review the installation summary information. After reviewing this installation information, click Install to begin the installation procedure.

  5. Provide information or run scripts as the root user when prompted by Oracle Universal Installer. The root.sh script adds your environment variable settings to scripts, such as coraenv, that you can later use to set your environment variables. If you need assistance during installation, click Help. If you encounter problems during installation, then examine the Oracle Universal Installer actions recorded in the installation log file. The log file is located in the cfgtoollogs/oui directory, in the following location:

    For Linux and UNIX-based systems:

    $ORACLE_HOME/cfgtoollogs/oui/installActionsdate_time.log
    

    For Microsoft Windows systems:

    ORACLE_HOME\cfgtoollogs\oui\installActionsdate_time.log
    
  6. After the installation completes, on the Exit page, click Exit. Then, on the Confirmation message box, click Yes to exit Oracle Universal Installer.

  7. To check that the installation was successful, try the following test.

    1. Set the environment variables for the Audit Vault agent.

    2. Run the following command:

      avctl show_agent_status
      

      The output should be as follows:

      --------------------------------
      Agent is running
      --------------------------------
      

For Linux and UNIX-based platforms, the system should show that the oc4j process for the collection agent is running. This process can also be checked using the ps command on the command line. For example, from the Oracle Audit Vault collection agent home, run the following command:

ps -ef|grep oc4j

For Microsoft Windows, a Microsoft Windows service named Oracle Audit Vault Agent - agent name is created, where agent name is the name of the collection agent installed. This service is in a Stopped state. This is just a "bootstrap service"; it is not the collection agent itself, but rather a service used to start the collection agent. This bootstrap service completes its task of starting the collection agent and then shuts itself down, so it will never be seen in a running state. The collection agent process is a Java program running out of the Agent ORACLE_HOME directory.

See Oracle Audit Vault Administrator's Guide for more information about adding a source, adding a collector, and managing and monitoring the Oracle Audit Vault system.

3.2.2 The Select Installation Type Screen

This screen lets you select the type of Oracle Audit Vault collection agent installation you want to follow by selecting the respective installation type.

The Select Installation Type screen only appears if Oracle Universal Installer detects upgradable Oracle Audit Vault collection agent homes on the system. If the installation does not detect any upgradable Oracle Audit Vault collection agent homes, the Audit Vault Agent Installation Details screen displays instead.

The installation type is:

  • New Audit Vault Agent Installation – If this is a new Oracle Audit Vault collection agent installation, select this option.

Note:

On AIX systems, if you perform an Oracle Audit Vault collection agent installation using Simplified Chinese (zh_CN) or Japanese (ja_JP) languages, then accessing help on the installer screen will display a blank help window. For more information on this refer to the Oracle Audit Vault Release Notes.

3.2.3 The Audit Vault Agent Installation Details Screen

This section provides an overview of information specific to the Agent Details screen for the Oracle Audit Vault collection agent installation.

This Agent Details screen appears when you select the New Audit Vault Agent Installation installation type option.

3.2.3.1 Audit Vault Agent Name

Audit Vault Agent Name – The name of the collection agent can be a maximum of 255 characters. The agent name is required. This is the agent name you created in Section 3.1.

3.2.3.2 Audit Vault Agent Home

Audit Vault Agent Home – Specify or browse to find the path to the Oracle Audit Vault collection agent home where you want to install Oracle Audit Vault collection agent. The path must contain only alphanumeric characters (letters and numbers). The path is required.

Only the special characters shown in Table 3-1 are allowed.

Table 3-1 Special Characters Allowed in the Oracle Audit Vault Home Name

Symbol Character Name

\

Backslash

/

Slash

-

hyphen

_

Underscore

.

Period

:

Colon


3.2.3.3 Audit Vault Agent Account

Oracle Audit Vault collection agent installation prompts for the account name and password of the Oracle Audit Vault collection agent provided in Step 2 in Section 3.1.

Agent User Name – This user account is granted the AV_AGENT role. This user manages agents and collectors by starting, stopping, and resetting them. The Oracle Audit Vault collection agent user name is required. The collection agent user name can only contain alphanumeric characters.

Agent User Password – The password for the Oracle Audit Vault collection agent user account. The password is required.

3.2.3.4 Connect String

The Audit Vault Server connect string takes the form hostname:port:service name, where these three items are delimited by the colon (:) character. This connect string will be used to configure the connectivity of the collection agent to the Audit Vault Server database. The host name represents the system where the Audit Vault Server resides. The listener port number and service name information are needed to access the Audit Vault Server database.

These three components must be in the following order, and information for each component must be provided: host name, listener port, and service name.

The host name cannot contain any space characters. The host name is required.

The listener port number must have a value between 0 and 65535. The listener port number is required. The Audit Vault Server listener port number can be determined by issuing the following command in the Audit Vault Server home:

lsnrctl status

3.2.4 Configuring Oracle Audit Vault Collection Agent to Connect When Audit Vault Server is Configured in an Oracle RAC Environment

For Oracle Audit Vault collection agent to be able to connect across the Oracle RAC Audit Vault Server nodes, you must establish the proper configuration. This configuration allows all the Oracle Audit Vault collection agents to be able to connect when Audit Vault Server is configured in an Oracle RAC environment should the Audit Vault Server failover to another node.

Update the contents of each tnsnames.ora file in the Oracle Audit Vault collection agent Oracle home located at Agent_home/network/admin/tnsnames.ora as follows:

AV-SID = (DESCRIPTION = (ENABLE = BROKEN)
(ADDRESS = (PROTOCOL = TCP)(HOST = VIP-address-of-node1)(PORT = listener-port))
(ADDRESS = (PROTOCOL = TCP)(HOST = VIP-address-of-node2)(PORT = listener-port))
(LOAD_BALANCE = yes)
(CONNECT_DATA = (SERVICE_NAME = AV-GDN)
(FAILOVER_MODE=(TYPE=select)
(METHOD=basic)(RETRIES=20)
(DELAY=15))))

3.3 Performing a Silent Installation Using a Response File

Follow these brief steps to perform a silent installation using a response file:

  1. Ensure all prerequisites are met for the installation of Oracle Audit Vault collection agent.

  2. Prepare the Oracle Audit Vault collection agent response file. A template response file can be found at AV-agent-installer-location/response/avagent.rsp on Linux and UNIX-based systems at the Oracle Audit Vault collection agent installation media and at AV-agent-installer-location\response\avagent.rsp on Microsoft Windows systems at the Oracle Audit Vault collection agent installation media.

    Prepare the response file by entering values in the first part of the response file for all parameters, then save the file. Do not edit any values in the second part of the response file.

  3. Invoke Oracle Universal Installer using the following options:

    For Linux and UNIX-based systems:

    ./runInstaller -silent -responseFile Path-of-response-file
    

    For Microsoft Windows systems:

    setup.exe -silent -responseFile Path-of-response-file
    

    In this example:

    Path of response file identifies the full path of the response file.

    -silent runs Oracle Universal Installer in silent mode and suppresses the Welcome window.

    For more information about these options, see Section 1.2.2. For general information about these options and about how to complete an installation using these response files, see the platform specific Oracle Database installation guides and Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for Linux and "Installing Oracle Products" in Oracle Universal Installer and OPatch User's Guide for more information about installing and using response files.

3.4 Postinstallation Collection Agent Tasks

This section describes the following topics:

3.4.1 Download Patches

You can find mandatory Oracle Audit Vault patchsets on the My Oracle Support (formerly OracleMetaLink) Web site.

To find and download patchsets for Oracle Audit Vault:

  1. Log in to My Oracle Support from the following URL:

    https://support.oracle.com

  2. In Quick Find:

    • Select Knowledge Base from the menu.

    • Enter Audit Vault in the search box.

  3. Click Go.

  4. In the list of articles that appears, search for the phrase Mandatory Patches, and then look for any patches that apply to the current release of Oracle Audit Vault.

  5. Select the article and then read the associated summary text that describes the patch contents.

  6. Under In this Document, click Patches.

    The Patches section lists the patches that you must apply.

  7. Click the link for the first patch.

    The Download page for the first page appears.

  8. Click View Readme to read about the patch details, and then click Download to download the patch to your computer.

  9. Repeat Step 7 through Step 8 for each patch listed in the Patches section.

Note:

No Oracle Database one-off patches should be applied to the Oracle Audit Vault database unless directed to do so by Oracle Support Services.

3.4.2 Download Critical Patch Updates

A critical patch update (CPU) is a collection of patches for security vulnerabilities. It includes non-security fixes required (because of interdependencies) by those security patches. Critical patch updates are cumulative, and they are provided quarterly on the Oracle Technology Network. You should periodically check My Oracle Support for critical patch updates.

To find and download critical patch updates for Oracle Audit Vault:

  1. Follow Step 1 through Step 3 in Section 3.4.1to find the critical patch updates for Oracle Audit Vault.

  2. In the list of articles that appears, search for the phrase Oracle Critical Patch Update.

  3. Select the most recent critical patch update article, and then read its instructions.

    Download the most recent critical patch update for Oracle Audit Vault. In most critical patch update articles, there is section entitled "Patch Download Procedure," which explains how to download the critical patch update.

For more information about critical patch updates, see:

http://www.oracle.com/security/critical-patch-update.html

For the latest information on whether a specific critical patch update is certified with Oracle Audit Vault, review the certification matrix on the My Oracle Support Web site, at:

https://support.oracle.com

If you do not have a current Oracle Support Services contract, then you can access the same information at:

http://www.oracle.com/technology/support/metalink/content.html

3.4.3 Download JDBC Driver Files for Microsoft SQL Server, Sybase ASE Database, and IBM DB2 Connectivity

Oracle Audit Vault enables you to collect audit trails from Microsoft SQL Server, Sybase Adaptive Server Enterprise (ASE), and IBM DB2 databases.

To allow connectivity between Audit Vault Server and Microsoft SQL Server databases, Audit Vault Server and Sybase ASE databases, and Audit Vault Server and IBM DB2 databases, you must download and copy the respective JDBC Driver jar files to the designated location.

Section 3.4.3.1, Section 3.4.3.2, and Section 3.4.3.3 describe this download and copy process for each JDBC Driver.

Section 3.4.3.4 describes how to ensure that these JDBC Driver jar files used by the MSSQLDB, SYBDB, and DB2DB collectors are present in the Oracle Audit Vault OC4J Web container.

3.4.3.1 Download SQL Server JDBC Driver Version 3.0 for SQL Server Connectivity

Oracle Audit Vault requires a JDBC connection to the SQL Server database. Audit Vault supports the use of Microsoft SQL Server JDBC Driver version 3.0 for this purpose. This driver provides high performance native access to Microsoft SQL Server 2000, 2005, and 2008 database data sources.

SQL Server JDBC Driver version 3.0 is not compatible with the Oracle Audit Vault 10.2.3.2.x Server and collection agents, which require version 1.2 of this driver. Version 1.2 is no longer available for download from Microsoft SQL Server.

To download SQL Server JDBC Driver version 3.0:

  1. Go to the following Web site: http://msdn.microsoft.com/en-us/sqlserver/aa937724

  2. Click the Download Microsoft SQL Server JDBC Driver 3.0 link.

  3. Select 1033\sqljdbc_3.0.1301.101_enu.tar.gz and then click Download.

  4. In a temporary directory, extract the files from this tar file.

  5. Find the sqljdbc.jar file and place it in the $ORACLE_HOME/jlib directories in both the Audit Vault Server and Audit Vault collection agent homes. You can use this file for both Windows and UNIX systems.

  6. Verify that the sqljdbc.jar file is present in the Oracle Audit Vault collection agent before you start the collection agent.

3.4.3.2 Download jConnect JDBC Driver for Sybase ASE Connectivity

Download jConnect for JDBC, which provides high performance native access to Sybase ASE data sources, from the following link:

http://www.sybase.com/products/allproductsa-z/softwaredeveloperkit/jconnect

jConnect for JDBC (jconn3.jar) is a high performance JDBC Driver from Sybase that communicates directly to Sybase data sources.

Copy the jconn3.jar file to the Oracle Audit Vault collection agent home location:

ORACLE_HOME/jlib

3.4.3.3 Copy the IBM DB2 Data Server Driver for JDBC and SQLJ to the Audit Vault Homes

Copy the IBM Data Server Driver for JDBC and SQLJ (db2jcc.jar) to the $ORACLE_HOME/jlib directories in both the Audit Vault Server and Audit Vault Agent homes. Oracle Audit Vault requires version 3.50 or later of the driver. This version of the db2jcc.jar file is available in either IBM DB2 UDB version 9.5 or IBM DB2 Connect version 9.5 or later.

This driver provides high performance native access to IBM DB2 database data sources. The DB2 collector uses this driver to collect audit data from IBM DB2 databases, so the driver must be present in Oracle Audit Vault OC4J before you can start the agent OC4J.

3.4.3.4 Stop and Start the Agent

After copying these JDBC Driver jar files to the designated location, you must ensure that they are present in Oracle Audit Vault OC4J Web container, before starting the agent. If the agent was already running during the download and copy process, you must stop it and start it up again. The sequence of steps to do this are as follows:

  1. Stop each running collector in the collection agent.

    On the Audit Vault Server, use the avctl stop_collector command.

  2. Stop the running collection agent.

    On the Audit Vault Server, use the avctl stop_agent command.

  3. Start the collection agent.

    On the Audit Vault Server, use the avctl start_agent command.

  4. Start each collector in the collection agent.

    On the Audit Vault Server, for each collector use the avctl start_collector command.

See the reference information for the Oracle Audit Vault Control (AVCTL) command-line utility in Oracle Audit Vault Administrator's Guide for more information about each of these commands.

3.5 Next Steps to Perform as an Oracle Audit Vault Administrator

After Audit Vault Server and Oracle Audit Vault collection agent installation are complete, see Oracle Audit Vault Administrator's Guide for some Oracle Audit Vault Administration tasks to perform. These tasks include:

  1. For Linux and UNIX platforms only: Check and set environment variables in the shells in which you will be interacting with the Audit Vault Server and the Oracle Audit Vault collection agent (see the information about Checking and Setting Linux and UNIX Environment Variables).

  2. For collecting audit records from Oracle Database audit sources, see the information about registering Oracle Database sources and collectors.

  3. For collecting audit records from SQL Server Database audit sources, see the information about registering Microsoft SQL Server database sources and collector.

  4. For collecting audit records from Sybase ASE Database audit sources, see the information about registering Sybase ASE sources and collector.

  5. For collecting audit records from IBM DB2 database audit sources, see the information about registering IBM DB2 sources and collector.

  6. To start collecting audit records from a database audit source, see the information about starting up collection agents and collectors.

  7. To perform other Oracle Audit Vault configuration tasks, see the information about performing additional Oracle Audit Vault configuration tasks.

  8. To manage and monitor an Oracle Audit Vault system, see the information about managing Oracle Audit Vault.

  9. Before going into production be sure to secure management communications, see the information about Oracle advanced security and secure management communication.