Skip Headers
Oracle® Audit Vault Administrator's Guide
Release 10.2.3.2

Part Number E14459-11
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

3 Managing Oracle Audit Vault

This chapter contains:

3.1 About Managing Oracle Audit Vault

This chapter describes common management activities that you need to perform after you have completed the configuration tasks in Chapter 2. You can use the Audit Vault Console or the command-line tools described in this chapter to manage Oracle Audit Vault.

3.2 Managing the Audit Vault Server

This section contains:

3.2.1 About Managing the Audit Vault Console

The Audit Vault Console is a graphical user interface that you can use to perform commonly used Oracle Audit Vault administration tasks. If you prefer to use a command-line interface, you can use equivalent commands in the AVCA and AVCTL utilities.

3.2.2 Checking the Audit Vault Console Status

To check the status of the Audit Vault Console:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Run the following command:

    avctl show_av_status
    

3.2.3 Starting and Logging into the Audit Vault Console

To start the Audit Vault Console:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Ensure that the Audit Vault Console is running.

    avctl show_av_status
    

    If the avctl show_av_status command indicates that the Audit Vault Console is not running, then enter the following command:

    avctl start_av
    

At this stage, you can log in to the Audit Vault Console.

  1. From a Web browser, enter the following URL:

    http://host:port/av
    

    In this specification:

    • host: The host computer on which you installed the Audit Vault Server.

    • port: The port number reserved for the Audit Vault Server.

    If you are unsure of the host and port number values, then enter the avctl show_av_status command, which displays this information.

  2. In the Login page, enter the following information:

    • User Name: Enter the name of a user who has been granted the AV_ADMIN role.

    • Password: Enter the user's password.

    • Connect As: From the list, select AV_ADMIN.

  3. Click Login.

3.2.4 Stopping the Audit Vault Server Console

To stop the Audit Vault Server console:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Run the following command:

    avctl stop_av
    

3.2.5 Globally Disabling and Enabling Alert Settings

If you must perform maintenance tasks or other similar activities that do not require alert settings to be active, then you can globally enable or disable the alert settings that Oracle Audit Vault auditors create. Do not disable alerts unless you are directed to do so by Oracle Support Services or if you encounter a problem with the alerts table. By default, alerts are enabled.

To globally disable and enable alerts:

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Select the Configuration tab, and then select the Alert subpage.

    The Alert Settings page appears.

    Description of alertsettings.gif follows
    Description of the illustration alertsettings.gif

  3. At the Alert Processing Status label, select either Disable or Enable.

  4. Click Apply.

3.2.6 Viewing Audit Event Categories

Audit event category management consists of viewing the Oracle Audit Vault audit event categories, their attributes, and their audited events. An audit event category defines how various types of events are organized. For example, invalid records are placed in the Invalid Record event category. See Oracle Audit Vault Auditor's Guide for more information about audit event categories.

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Select the Configuration tab, and then select the Audit Event Category subpage.

    The Audit Event Category Management page appears.

  3. Select an audit event category, and then click View to find detailed information about that category.

    The View Audit Event Category page appears.

  4. From the Audit Source Type list, select from the available source types: ORCLDB, MSSQLDB, SYBDB, and DB2DB.

  5. Select the Attributes or Audit Events subpages to view detailed information about these categories.

  6. Click OK when you complete viewing the audit event information for the category you selected.

Figure 3-1 shows the Audit Event Category Management page.

Figure 3-1 Audit Event Category Management Page

Description of Figure 3-1 follows
Description of "Figure 3-1 Audit Event Category Management Page"

On the Audit Event Category Management page, audit event categories appear in a table with the following columns:

  • Audit Event Category

  • Audit Event Category Description

  • Format Name

  • Format Module

3.2.7 Viewing Operational Errors That Oracle Audit Vault Catches

You can use the Audit Vault Console to view operational errors that Oracle Audit Vault catches, such as broken database connections and missing files.

To view errors using Oracle Audit Vault:

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Select the Management tab, and then select the Audit Errors subpage.

    The Audit Errors page appears.

  3. After the Error Time label, specify a time range of errors to view.

    Select from the Last 24 Hours, Last One Week, or Last One Month options to view errors from those times, or select The Period and then enter a start date in the From field and end date in the To field to specify a different time range.

  4. Click Go.

Figure 3-2 shows the Audit Errors page with audit errors from the last 24 hours.

Figure 3-2 Audit Errors Page

Description of Figure 3-2 follows
Description of "Figure 3-2 Audit Errors Page"

The Audit Errors page displays error information as a table with the following column headings:

  • Error Time: Local time when the audit error was generated

  • Audit Source: The audit source database on which the audit error originated

  • Collector: The collector on which the audit error originated

  • Module: The module name involved in the audit error

  • Message: The content of the audit error message

3.3 Altering Collector Properties and Attributes

This section contains:

3.3.1 About Collector Properties and Attributes

After you add a collector to a database source, Oracle Audit Vault creates the collector with a set of default properties that are internal to Oracle Audit Vault. They have no effect on the source database. These properties control aspects such as the frequency of audit data collection from the source database, the name of the source database, and so on.

3.3.2 Altering Collector Properties and Attributes Using the Audit Vault Console

To alter collector properties and attributes using the Audit Vault Console:

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Select the Configuration tab, and then select the Audit Source subpage.

    The Source Configuration Management page appears.

  3. Select the Collector subpage.

    The Collector Configuration Management page appears, which displays the current settings for the available collectors.

  4. Select the collector that you want to modify, and then click the Edit button.

    The Edit Collector page appears.

  5. Under Attributes, modify the attributes for the collectors by editing the values in the Value column.

    For more information about these attributes, see the following sections:

  6. Click OK.

  7. Restart the collector.

    Return to the Collectors subpage, select the collector from the list, and click the Stop button. Then click Start to restart the collector.

3.3.3 Altering Collector Properties and Attributes from a Command Line

To alter collector properties from a command line:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Run the alter_collector command for each collector type, as shown in the following examples:

    For Oracle Database:

    avorcldb alter_collector -srcname ORCL -collname DBAUD_Collector  AUDAUDIT_DELAY_TIME=60 
    

    See Section 8.4 for more information about the avorcldb alter_collector command.

    For Microsoft SQL Server:

    avmssqldb alter_collector -srcname mssqldb4 -collname MSSQLCollector NO_OF_RECORDS=1500 DESCRIPTION="MSSQLDB collector 45" SERVERSIDE_TRACE_FILEPATH="c:\SQLAuditFile*.trc"
    

    See Section 9.4 for more information about the avmssqldb alter_collector command.

    For Sybase ASE:

    avsybdb alter_collector -srcname sybdb4 -collname SybaseCollector 
    NO_OF_RECORDS=1500 DESCRIPTION="Sybase collector 45" 
    

    See Section 10.4 for more information about the avsybdb alter_collector command.

    For IBM DB2:

    avdb2db alter_collector -srcname db2db4 -collname DB2Collector 
    NO_OF_RECORDS=1500 DESCRIPTION="IBM DB2 collector 95" 
    

    See Section 11.4 for more information about the avdb2db alter_collector command.

  3. Restart the collector.

    In the Audit Vault Server shell, run commands similar to the following:

    avctl stop_collector -collname DBAUD_Collector -srcname ORCL 
    avctl start_collector -collname DBAUD_Collector -srcname ORCL
    

    See Section 7.14 for more information about avctl stop_collector and Section 7.11 for information about avctl start_collector.

3.4 Managing the Oracle Audit Vault Data Warehouse

This section contains:

3.4.1 About Managing the Oracle Audit Vault Data Warehouse

The collectors collect audit data from their source databases and send it to the Oracle Audit Vault repository. The repository stores the data in an internal format. This repository also contains a data warehouse, which is automatically refreshed with the latest audit records. Oracle Audit Vault provides predefined reports that display the data in the warehouse to the auditor.

You can perform the following activities with the Oracle Audit Vault data warehouse:

  • Set a retention period for the data that has been refreshed. The data warehouse then contains the most recent data for that length of time.

  • Load older data from the raw audit data store into the data warehouse tables. You can load older data into the data warehouse so that it can be available for analysis in the Oracle Audit Vault reports. However, you cannot load data from outside sources—just data that has been previously collected by the collectors but is too old to be loaded into the data warehouse as part of a normal refresh.

  • Purge audit data. If you load older audit data into the warehouse, you can purge it from the data warehouse. Oracle Audit Vault still maintains this data in the Audit Vault repository but does not make is available for analysis in the warehouse.

3.4.2 Setting the Audit Vault Data Warehouse Retention Period

This section contains:

3.4.2.1 About Setting a Retention Period

Oracle Audit Vault initially inserts audit data from the databases into a raw audit data store (that is, the internal format) as well as into the data warehouse so that it can be made available for the Oracle Audit Vault reports. As an AV_ADMIN user, you can specify how long the audit data should remain in the warehouse tables for online reporting. You can set a retention period that determines the content of an Audit Vault report.

For example, suppose on August 19, 2009, you set the warehouse retention period for 1 year. One month later, the retention period will have shifted forward: Now the data warehouse contains audit data from September 19, 2008 to September 19, 2009. Using a nightly job, Oracle Audit Vault then deletes the audit data from the warehouse tables used by the reports before September 19, 2008, because now it is older than the retention period. This way, you always have the most recent year of audit data, right up to the current time. The AV_AUDITOR user can specify the retention period for the raw audit data store. When audit records are deleted from the warehouse, a compressed copy of the audit data remains in the repository that may be reloaded in back into the warehouse for future reporting needed.

You can create a retention period from either the Audit Vault Console or at a shell or command prompt by using the AVCA utility.

See Also:

  • Oracle Audit Vault Auditor's Guide for more information about the raw audit data store in the Audit Vault data warehouse schema

  • Section 3.4.3 for information about loading audit data to the Audit Vault data warehouse

  • Section 3.4.4 for information about purging audit data from the Audit Vault data warehouse

3.4.2.2 Creating a Retention Period Using the Audit Vault Console

To create the retention period using the Audit Vault Console:

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Select the Configuration tab, and then select the Warehouse subpage.

    The Warehouse Settings page appears.

    Data Warehouse management
    Description of the illustration dw_mgmt.gif

  3. Set the retention window, that is, the period of time during which the data sent to the Oracle Audit Vault data warehouse remains in storage.

    For example, suppose that you want to keep the audit data in storage for the next year and a half. To do so, you would enter 1 in the Year field and 6 in the Months field.

  4. Click Apply.

3.4.2.3 Creating a Retention Period from a Command Line

To create a retention period from a command line:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Run the avca set_warehouse_retention command to set the retention period.

    For example, to specify a period of 1 year and 6 months, enter the following command:

    avca set_warehouse_retention -intrv +01-06
    

    See Section 6.24 for more information about the avca set_warehouse_retention command.

3.4.3 Loading Data to the Oracle Audit Vault Data Warehouse

This section contains:

3.4.3.1 About Loading Data into the Oracle Audit Vault Warehouse

You can load data that is older than the retention period from the raw audit data store into the Oracle Audit Vault data warehouse tables. After you load this data, it is available to auditors to generate reports or perform analysis.

To find the current retention period setting, view the Warehouse Settings page of the Audit Vault Console (see Section 3.4.2).

3.4.3.2 Loading Data Warehouse Data Using the Audit Vault Console

To load the data warehouse data using the Audit Vault Console:

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Optionally, disable the alert settings.

    See Section 3.2.5 for more information.

  3. Select the Management tab, and then select the Warehouse subpage.

    The Warehouse Activity page appears.

  4. Select the Load Activity subpage.

    The Load Activity page appears.

    Description of warehouse_load.gif follows
    Description of the illustration warehouse_load.gif

  5. In the Start Date field, enter the beginning date of the data that you want to load. For example, suppose the source database contains audit data that is 10 years old, and you want to load the last 5 years worth of audit data into the Oracle Audit Vault data warehouse. Assuming that today's date is August 8, 2008, you would specify August 8, 2003 as the start date.

  6. In the Number of Days field, enter the number of days, starting from the start date, through which you want to load data.

  7. Click the Load Now button.

    Oracle Audit Vault schedules the data load operation, which is listed on this page the next time you access it.

  8. Reenable the alert settings if you had disabled them.

    See Section 3.2.5 for more information.

3.4.3.3 Loading Data Warehouse Data from a Command Line

To load the data warehouse data from a command line:

  1. Optionally, disable the alert settings.

    See Section 3.2.5 for more information.

  2. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  3. Run the avctl load_warehouse command.

    For example, to load 10 days of audit data that was recorded starting on August 8, 2003, enter the following command:

    avctl load_warehouse -startdate 08-AUG-03 -numofdays 10
    

    See Section 7.2 for more information about the avctl load_warehouse command.

  4. Reenable the alert settings if you had disabled them.

    See Section 3.2.5 for more information.

3.4.4 Purging Data from the Oracle Audit Vault Data Warehouse

This section contains:

3.4.4.1 About Purging the Oracle Audit Vault Data Warehouse

When you no longer need the audit data that you have loaded into Audit Vault Server using the avctl load_warehouse command for reporting, you can remove it from the Oracle Audit Vault data warehouse. If in the future you decide that you need to run reports against this purged data, follow the instructions in Section 3.4.3 to reload the necessary data into the data warehouse.

3.4.4.2 Purging Data Warehouse Data Using the Audit Vault Console

To purge the data warehouse data using the Audit Vault Console:

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Select the Management tab, and then select the Warehouse subpage.

    The Warehouse Activity page appears.

  3. Select the Purge Activity page.

    The Purge Activity subpage appears.

  4. In the Start Date field, enter the beginning date of the data that you want to purge.

  5. In the Number of Days field, enter the number of days, starting from the start date, through which you want to purge data.

  6. Click the Purge Now button.

    Oracle Audit Vault schedules the data purge operation, which is listed on this page the next time you access it.

3.4.4.3 Purging Data Warehouse Data from a Command Line

To purge the data warehouse data from a command line:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Run the avctl purge_warehouse command.

    For example, to purge 10 days of audit data that was recorded starting on January 1, 2004, and to specify that the operation wait until the previous purge job completes, enter the following command:

    avctl purge_warehouse -startdate 01-JAN-04 -numofdays 10 -wait
    

    See Section 7.3 for more information about the avctl purge_warehouse command.

3.5 Altering Source Database Attributes

This section contains:

3.5.1 About Source Database Attributes

After you register a source database, Oracle Audit Vault creates a set of properties that reflect general aspects of the source database itself, such as its port number and IP address. These properties are internal to Oracle Audit Vault and have no effect on the source database.

3.5.2 Altering Source Database Attributes Using the Audit Vault Console

To alter the source database attributes using the Audit Vault Console:

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Select the Configuration tab, and then select the Audit Source subpage.

    The Source Configuration Management page appears.

  3. Select the Source subpage.

    The Source Configuration Management page displays the current settings for the available collectors.

    Description of srcconfigmgmt.gif follows
    Description of the illustration srcconfigmgmt.gif

  4. Select the source database that you want to modify, and then click the Edit button.

    The Edit Source page appears.

  5. Under Properties, optionally modify the description of the source database.

  6. Under Attributes, modify the attributes for the source database by editing the values in the Value column.

    For more information about these attributes, see the following sections:

    • Section 8.5 for the Oracle Database source database attributes

    • Section 9.5 for the SQL Server source database attributes

    • Section 10.5 for the Sybase ASE source database attributes

    • Section 11.5 for the IBM DB2 source database attributes

  7. Click OK.

3.5.3 Altering Source Database Attributes from a Command Line

To alter source database attributes from a command line:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Run the alter_source command for each source database type, as shown in the following examples.

    For Oracle Database:

    avorcldb alter_source -srcname ORCL PORT=1522 
    

    See Section 8.5 for more information about the avorcldb alter_source command.

    For Microsoft SQL Server:

    avmssqldb alter_source -srcname mssqldb4 DESCRIPTION="HR Database"
    

    See Section 9.5 for more information about the avmssqldb alter_source command.

    For Sybase ASE:

    avsybdb alter_source -srcname sybdb4 DESCRIPTION="HR Database" 
    

    See Section 10.5 for more information about the avsybdb alter_source command.

    For IBM DB2:

    avdb2db alter_source -srcname db2db4 DESCRIPTION="HR Database"  
    

    See Section 11.5 for more information about the avdb2db alter_source command.

3.6 Configuring E-Mail Notifications

This section contains:

3.6.1 About E-Mail Notification Usage with Oracle Audit Vault

You can configure Oracle Audit Vault to send users e-mail notifications when Audit Vault alerts are generated. The e-mail notifications can be sent in text format to mobile devices, or routed through an SMS gateway if you already have one.

Note the following:

  • You can configure one SMTP (or ESMTP) server for each Oracle Audit Vault installation.

  • You can configure Oracle Audit Vault to work with both unsecured SMTP servers as well as secured and authenticated SMTP servers.

After you have configured the e-mail notification service, then an Oracle Audit Vault auditor can configure the Audit Vault to generate e-mail alerts.

See Also:

3.6.2 Configuring the E-Mail Notification Service

To configure the e-mail notification service:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Register the SMTP server details that your e-mail server uses.

    For example, to register an SMTP server that requires authentication:

    avca register_smtp -server 192.0.2.8:2223 -sender_id ikuksa -sender_email ima.kuksa@example.com -auth
    
    Enter user: idaneau
    Enter password: password
    Re-enter password: password
    

    In this example:

    • -server: Enter either the IP address or host name of the server, and its port number.

    • -sender_id: Enter the name of the user on whose behalf the Oracle Audit Vault e-mail alerts will be sent.

    • -sender_email: Enter the e-mail ID of the user on whose behalf the e-mail alerts will be sent.

    • -auth: Enter either -auth to indicate that the SMTP server requires authentication, or enter -noauth to indicate the SMTP needs no authentication.

    • Enter user: Enter the name of the user with which to connect to SMTP Server.

    • Enter password and Re-enter password: Enter the password of the user with which to connect to the SMTP server.

    See Section 6.17 for detailed information about the avca register_smtp command.

  3. If the SMTP server is a secure server, then specify the type of protocol it uses and optionally, the truststore to validate the server certificate chain.

    For example, to register an SMTP server that requires transport layer security (TLS) authentication:

    avca secure_smtp -protocol tls -truststore $ORACLE_HOME/wallets/smtp_keystore
    

    In this example:

    • -protocol: Enter the protocol type. Acceptable values are SSL (Secure Sockets Layer) or TLS (Transport Layer Security). These values are case insensitive.

    • -truststore: Enter the directory path to the truststore used to validate the server certificates.

    See Section 6.22 for detailed information about the avca secure_smtp command.

  4. Optionally, test the configuration by trying to send an e-mail notification to a user in your network.

    For example:

    avca test_smtp -to idaneau@example.com
    

    In this example, user Ida Neau should receive an e-mail similar to the following:

    • Subject header: Oracle Audit Vault: Test Message

    • Body text: This is a test message from Oracle Audit Vault

    If the test fails, then check the configuration and status by running the avca show_smtp_config (Section 6.27) and avctl show_smtp_status (Section 7.8) commands. You can recreate the configuration by using the avca alter_smtp command (Section 6.3).

3.7 Configuring Oracle Audit Vault for the Remedy Trouble Ticket System

This section contains:

3.7.1 About Using the Remedy Trouble Ticket System with Oracle Audit Vault

You can configure Oracle Audit Vault to connect to BMC Remedy Action Request (AR) System Server 7.x. This connection enables Oracle Audit Vault auditors to raise trouble tickets in response to Audit Vault alerts. You can configure one Remedy server for each Oracle Audit Vault installation. After you have configured this connection, an Audit Vault auditor can create templates and the necessary configuration to handle the details of the alert.

See Also:

3.7.2 Configuring the Remedy Trouble Ticket Server Connection

To configure Oracle Audit Vault to connect to the Remedy trouble ticket server:

  1. Make a copy of the remedy.properties.tmpl descriptor properties file, which by default is located in the $ORACLE_HOME/av/conf directory of the Audit Vault Server.

  2. Modify the remedy.properties.tmpl descriptor properties file.

    Follow the instructions in the file to change the appropriate settings, and then save the file. You can store the file in any location within the Audit Vault Server.

  3. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  4. Run the avca register_remedy command to register the BMC Remedy Action Request System server with Oracle Audit Vault.

    For example:

    avca register_remedy -config $ORACLE_HOME/av/conf/remedy.properties
    

    The change takes place right away. You do not need to restart the Audit Vault Server.

  5. If the BMC Remedy Action Request System Server is on a secure server, then run the following command:

    avca secure_remedy -truststore $ORACLE_HOME/wallets/remedy_keystore
    

    See Section 6.21 for more information.

  6. Optionally, test the configuration by using an existing Remedy trouble ticket number.

    You can use any trouble ticket number in the Remedy system.

    For example:

    avca test_remedy -ticket_id INC000000000010
    

    If the test is successful, then the avca test_rememdy command displays a summary of the trouble ticket's fields. If the test fails, then check the configuration and status by running the avca show_remedy_config (Section 6.25) and avctl show_remedy_status (Section 7.7) commands. You can recreate the configuration by using the avca alter_remedy command (Section 6.2).    

3.8 Removing Source Databases from Oracle Audit Vault

This section contains:

3.8.1 About Removing Source Databases from Oracle Audit Vault

If you no longer need to have a source database registered with Oracle Audit Vault, you can use either the Audit Vault Console or the command-line utilities to remove the source database from Oracle Audit Vault. After you have removed the source database, its audit data still resides in the data warehouse within its retention period. To purge this audit data, see Section 3.4.4. You can check the length of the retention period in the Audit Vault Console; see Section 3.4.2.

Remember that after you have removed a source database, its identity data remains in Oracle Audit Vault so that there will be a record of source databases that have been dropped. Therefore, you cannot add a new source database with the name of a dropped source database. Remove the source database only if you no longer want to collect its data or if it has moved to a new host computer.

3.8.2 Removing a Source Database Using the Audit Vault Console

To remove a source database from Oracle Audit Vault using the Audit Vault Console:

  1. Log in to the Audit Vault Console as a user who has been granted the AV_ADMIN role.

    See Section 3.2.3 for login instructions.

  2. Select the Configuration tab, and then select the Audit Source subpage.

    The Source Configuration Management subpage appears.

  3. From the list of source databases, select the database that you want to remove, and then click Delete.

    You can search for a source database by entering data in the Source Type and Source fields.

  4. Click Yes in the Confirmation window.

3.8.3 Removing a Source Database from a Command Line

To remove a source database from Oracle Audit Vault from a command line:

  1. Open a shell or command prompt for the Audit Vault Server.

    • UNIX: Set the environment variables, as described in Section 2.2.2.

    • Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

  2. Run the drop_source command for the source database, as shown in the following examples:

    For Oracle Database:

    avorcldb drop_source -srcname ORCL 
    

    See Section 8.7 for more information about the avorcldb drop_source command.

    For Microsoft SQL Server:

    avmssqldb drop_source -srcname mssqldb4 
    

    See Section 9.7 for more information about the avmssqldb drop_source command.

    For Sybase ASE:

    avsybdb drop_source -srcname sybdb4  
    

    See Section 10.7 for more information about the avsybdb drop_source command.

    For IBM DB2:

    avdb2db drop_source -srcname db2db4
    

    See Section 11.7 for more information about the avdb2db drop_source command.