6 Audit Vault Configuration Assistant (AVCA) Reference

Audit Vault Configuration Assistant (AVCA) is a command-line utility you use to manage various Audit Vault components (for example, adding or dropping collection agents). When you run these commands, remember the following:

• Enter the command in lowercase letters. The commands are case-sensitive.

• On UNIX systems, when you open a new shell to run a command, first set the appropriate environment variables. See Section 2.2.2 and Section 2.2.3 for more information.

• On Microsoft Windows systems, do not set any environment variables. Instead, run the command from the Audit Vault Server or collection agent ORACLE_HOME\bin directory.

• Oracle Audit Vault creates a log file of AVCA command activity. See Section A.1 and Section A.2 for more information.

Table 6-1 describes the Audit Vault Configuration Assistant commands and where each is used, whether on the Audit Vault Server, on the Audit Vault collection agent, or in both places.

Table 6-1 Audit Vault Configuration Assistant Commands

Command	Used Where?	Description
add_agent	Server	Adds a collection agent to Oracle Audit Vault
alter_remedy	Server	Reconfigures the Remedy ticket service to use the settings in the deployment descriptor properties file
alter_smtp	Server	Reconfigures the ticket notification service to use different SMTP server settings
create_credential	Both	Creates or updates a credential to be stored in the wallet
create_wallet	Collection agent	Creates a wallet to hold credentials
deploy_av	Server	Deploys the av.ear file to another node in an Oracle RAC environment
disable_remedy	Server	Disables the Remedy ticket service
disable_smtp	Server	Disables the SMTP configuration
drop_agent	Server	Drops a collection agent from Oracle Audit Vault
enable_remedy	Server	Enables the Remedy ticket service
enable_smtp	Server	Enables an existing SMTP configuration for the e-mail notification service
generate_csr	Server	Generates a certificate request
-help	Both	Displays help information for the AVCA commands
import_cert	Server	Imports the specified certificate into the wallet
redeploy	Both	Redeploys the av.ear file on the Audit Vault Server system or the AVAgent.ear file on the Audit Vault collection agent system
register_remedy	Server	Registers the Remedy ticket service with Oracle Audit Vault
register_smtp	Server	Registers or removes the Oracle Audit Vault e-mail notification service to use an SMTP server
remove_cert	Server	Removes the specified certificate from the wallet
secure_agent	Collection agent	Secures the Audit Vault collection agent by enabling mutual authentication with Oracle Audit Vault
secure_av	Server	Secures Audit Vault Server by enabling mutual authentication with the Audit Vault collection agent
secure_remedy	Server	Enables the Remedy ticket service to use a secure configuration
secure_smtp	Server	Enables the e-mail notification service to work with a secure SMTP server by specifying the type of connection protocol used to communicate to the SMTP server
set_server_tz	Server	Sets the time zone based on the UTC (GMC) time zone for use in generated reports
set_warehouse_retention	Server	Controls the amount of data kept online in the data warehouse fact table
show_remedy_config	Server	Shows the configuration details of the Remedy ticket service
show_server_tz	Server	Shows the configuration details for the avca set_server_tz command
show_smtp_config	Server	Displays the current SMTP configuration details used by the e-mail notification service
test_remedy	Server	Tests the connection of the Remedy ticket service
test_smtp	Server	Tests the connection of the ticket notification services with the SMTP server

Note:

In an Oracle RAC environment, you must run AVCA commands from the node on which Oracle Enterprise Manager resides. This is the same node on which the av.ear file is deployed.

If the node on which the av.ear file is deployed is down, deploy the av.ear file to another node using the avca deploy_av command.

6.1 add_agent

The avca add_agent command adds or registers a collection agent to Oracle Audit Vault. The collection agent is installed on the server that contains the source databases that you plan to audit.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca add_agent -agentname agent_name [-agentdesc desc] -agenthost host

Arguments

Argument	Description
-agentname agent_name	Enter a unique name for the collection agent that you want to create.
-agentdesc desc	Enter a description of the collection agent. Optional.
-agenthost host	Enter the name of an agent host name where this collection agent is to be installed.

Usage Notes

• The type of collector that you plan to use determines where you must create the agent. See Oracle Audit Vault Collection Agent Installation Guide for more information about deploying the collection agents.

• To find the names and source database locations of existing agents, log in to Audit Vault Console, click the Configuration tab, and then click Agent to display the Agent page. This page lists the agent, host (source database), port, and user.

• You will be prompted to create an agent user name and password. Oracle Audit Vault grants this user the AV_AGENT role and uses this account to start and stop the collectors. It is for internal use only. See the example that follows these usage notes.

• You may want to create one agent user for each agent, in the event that an agent user account is removed in the future. Alternatively, you can create one agent user for all the agents.

• After you create an agent, it is not running. You can start the agent by using the following commands: avctl start_agent command, described in Section 7.9.

Example

avca add_agent -agentname agent3 -agenthost turbokuksa.us.example.com 

Adding agent...
Enter agent user name: agent_user_name
Enter agent user password: agent_user_pwd
Re-enter agent user password: agent_user_pwd
Agent added successfully.

6.2 alter_remedy

The avca alter_remedy command reconfigures the Remedy trouble ticket service connection to Oracle Audit Vault. The settings are based on the settings in the deployment descriptor properties file, described in Section 3.7.2. In other words, if you want to modify the Remedy trouble ticket service connection to Audit Vault, modify the deployment descriptor properties file and then run this command in the Audit Vault Server. Run this command after each time you modify or move the deployment descriptor properties file. For the full procedure, see Section 3.7.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca alter_remedy -conf deploymentDescriptor.properties 

Arguments

Argument	Description
-conf deploymentDescriptor.properties	Enter the path to the deployment descriptor properties file. By default, this file is located in the $ORACLE_HOME/av/conf directory.

Usage Notes

• Right after you complete the Remedy trouble ticket service configuration, it is enabled and ready to use.

• If the Remedy trouble ticket service is on a secure server, then run the avca secure_remedy command (Section 6.21) after you run avca register_remedy.

• To test the configuration, run the avca test_remedy command (Section 6.28).

Example

avca alter_remedy -conf $ORACLE_HOME/av/conf/remedy.properties

Remedy configuration altered successfully. 

6.3 alter_smtp

The avca alter_smtp command reconfigures the Oracle Audit Vault e-mail notification service.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca alter_smtp -server IP:port|host:port -sender_id string -sender_email e-mail -auth|-noauth

Arguments

Argument	Description
-server IP:port|host:port	Enter the server connection information, either using the IP address or the server name, and the outgoing server port number.
-sender_id string	Enter the user ID of the person responsible for sending the e-mail (that is, the e-mail address that appears after From).
-sender_email e-mail	Enter the e-mail address of the person whose ID you entered for the -sender_email argument, in Request For Comments (RFC) 822 format.
-auth|-noauth	Enter one of the following settings: -auth: Enables authentication for the recipient user. After you enter the avca alter_smtp command, you are prompted for this user's user name and password. See the example in this section. -noauth: Oracle Audit Vault assumes that the SMTP server needs no authentication. In that case, the command does not prompt for the user name and password interactively. It also ignores any settings for the AVCA_SMTPUSR variable.

Usage Notes

• After you complete the SMTP server connection, it is enabled and ready to use.

• If the SMTP server is a secure server, then run the avca secure_smtp command (Section 6.22) after you run avca register_smtp.

• The AVCA_SMTPUSR variable is an alternative way that you can use to set the username and password without having the command interactively prompt for the username and password. You can use this variable for scripts that run AVCA and do not want manual intervention. Ensure that you set this variable on the Audit Vault Server. For example:

  setenv AVCA_SMTPUSR user/password
  

• To test the configuration, run the avca test_smtp command (Section 6.29).

Example

avca register_smtp kuksanest:3924 -sender rmcmurphy -sender_email rmcmurphy@example.com -auth

Enter SMTP server username: dharding
Enter SMTP server password: password
 Re-enter SMTP server: password
 Credential stored successfully.
SMTP configuration altered successfully.

6.4 create_credential

The avca create_credential command creates or updates a credential to be stored in an Oracle wallet. Run this command on both the Audit Vault Server and Audit Vault collection agent during collector development.

Where to Run This Command

Either Audit Vault Server and collection agent:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2 for Audit Vault Server or Section 2.2.3 for the collection agent.

• Microsoft Windows: Go to the Audit Vault Server or collection agent ORACLE_HOME\bin directory.

Syntax

avca create_credential -wrl wallet_location -dbalias db_alias 

Arguments

Argument	Description
-wrl wallet_location	Enter the location of the Oracle Audit Vault wallet. Locations are as follows: UNIX and Linux-based systems: $ORACLE_HOME/network/admin/avwallet Microsoft Windows systems: ORACLE_HOME\network\ADMIN\avwallet
-dbalias db_alias	Enter the database alias. In the Audit Vault Server home, the database alias is the SID or Oracle instance identifier. You can find this SID by running the lsnrctl status command on the computer where you installed the source database.

Usage Notes

• Use this command to create a new certificate if another user changes the source user password on the source database, thus eventually breaking the connection between the collector and the source.

• If you installed the collection agent on a Microsoft Windows computer and want to run the avca create_credential command from there, run it from the ORACLE_HOME\bin directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.

Example

avca create_credential -wrl $ORACLE_HOME/network/admin/avwallet -dbalias av

AVCA started
Storing user credentials in wallet... 
Enter source user username: srcuser1
Enter source user password: password
Re-enter source user password: password
Credential stored successfully.

6.5 create_wallet

The avca create_wallet command creates a wallet to hold credentials.

Where to Run This Command

Audit Vault collection agent:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.3.

• Microsoft Windows: Go to the Audit Vault collection agent ORACLE_HOME\bin directory.

Syntax

avca create_wallet -wrl wallet_location

Arguments

Argument	Description
-wrl wallet_location	Enter the directory location for the wallet. Ensure that this directory already exists. Locations are as follows: Linux and UNIX-based systems: $ORACLE_HOME/network/admin/avwallet Microsoft Windows systems: ORACLE_HOME\network\ADMIN\avwallet

Usage Notes

• If you installed the collection agent on a Microsoft Windows computer, run the avca create_wallet command from the ORACLE_HOME\bin directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.

• After you execute this command, then the .sso and .p12 files are generated in the wallet location.

Example

The following example shows how to create a wallet in the location specified as $T_WORK/tt_1:

avca create_wallet -wrl $T_WORK/tt_1 
Enter wallet password: password
Wallet created successfully.

6.6 deploy_av

The avca deploy_av command deploys the av.ear file to another node in an Oracle Real Application Clusters (Oracle RAC) environment. This command also modifies the server.xml file and other related files to enable Oracle Audit Vault management through the Oracle Enterprise Manager Database Control console.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca deploy_av -sid sid -dbalias db_alias -avconsoleport av_console_port

Arguments

Argument	Description
-sid sid	Enter the Oracle Database system identifier (SID) for the instance. You can verify the SID by running the lsnrctl status command on the computer where you installed the source database. Enter the Oracle Database system identifier (SID) for the Audit Vault Server instance. You can verify the SID by running the lsnrctl status command on the computer where you installed the source database. If you installed the Audit Vault Server in an Oracle RAC configuration, then use the svrctl status listener command.
-dbalias db_alias	Enter the database alias for Oracle Audit Vault. The database alias is the value that you provided in the Audit Vault Name field during installation.
-avconsoleport av_console_port	Enter the port number for the Audit Vault Console. You can find this number by entering the following command in the Audit Vault Server shell or command prompt: avctl show_av_status

Usage Notes

In an Oracle RAC environment, you must run the AVCA commands from the node on which Oracle Enterprise Manager resides. This is the same node on which the av.ear file is deployed.

If the host on which Oracle Enterprise Manager resides becomes unavailable, you can migrate the Audit Vault Web application file, av.ear, to a different node by using the avca deploy_av command. After you migrate the Web application, you must recreate the wallet entries for all the source databases managed by Oracle Audit Vault on this new node by using the avca create_credential command.

To use the Audit Vault Console from this other node, enter its host name or IP address (host) and port number (port) as you did previously in the Address field of the browser window (http://host:port/av), but replace the original host name or IP address with that for the other node.

Example

avca deploy_av -sid av -dbalias av -avconsoleport 5700

6.7 disable_remedy

The avca disable_remedy command disables the Remedy trouble ticket service configuration.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca disable_remedy

Arguments

None.

Usage Notes

• After you disable the configuration, Oracle Audit Vault preserves the most recent configuration. So, when you re-enable the configuration, this configuration is made active again.

• To find details about the current Remedy service configuration, issue the avca show_remedy_config command, described in Section 6.25.

Example

avca disable_remedy

Remedy integration is disabled.

6.8 disable_smtp

The avca disable_smtp command disables the SMTP configuration for the e-mail notification service.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca disable_smtp

Arguments

None.

Usage Notes

• After you disable the configuration, Oracle Audit Vault preserves the most recent configuration. So, when you re-enable the configuration, this configuration is made active again.

• To find details about the current SMTP configuration, issue the avca show_smtp_config command, described in Section 6.27.

Example

avca disable_smtp

SMTP integration is disabled. 

6.9 drop_agent

The avca drop_agent disables (but does not remove) a collection agent from Oracle Audit Vault.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca drop_agent -agentname agent_name 

Arguments

Argument	Description
-agentname agent_name	Enter the name of the collection agent to be dropped from Oracle Audit Vault.

Usage Notes

• The drop_agent command does not delete the collection agent from Oracle Audit Vault. It only disables the collection agent. The collection agent metadata is still in the database after you run the drop_agent command. If you want to re-create the collection agent, create it with a different name.

• Oracle Audit Vault displays an error if active collectors are still running in the collection agent.

Example

The following example shows how to drop a collection agent named sales_agt from Oracle Audit Vault:

avca drop_agent -agentname uberkuksa

Agent dropped successfully.

6.10 enable_remedy

The avca enable_remedy enables the Remedy trouble ticket service configuration that was registered with the avca register_remedy or avca alter_remedy command.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca enable_remedy

Arguments

None.

Usage Notes

• When you enable the Remedy registration, Oracle Audit Vault uses the configuration that was in place when you last disabled the Remedy trouble ticket service.

• To find details about the most recent Remedy service configuration, issue the avca show_remedy_config command, described in Section 6.25.

Example

avca enable_remedy

Remedy integration is enabled. 

6.11 enable_smtp

The avca enable_smtp command enables the SMTP configuration for the e-mail notification service that was created with the avca register_smtp command.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca enable_smtp

Arguments

None.

Usage Notes

• When you enable the configuration, Oracle Audit Vault uses the configuration that was in place when you last disabled the SMTP configuration.

• To find details about the most recent service configuration, issue the avca show_smtp_config command, described in Section 6.27.

Example

avca enable_smtp

SMTP integration is enabled.

6.12 generate_csr

The avca generate_csr command generates a certificate request in the format of a text file.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca generate_csr -certdn Audit_Vault_Server_host_DN [-keysize size]
             -out certificate_request_output_file

Arguments

Argument	Description
-certdn Audit_Vault_Server_host_DN	Enter the distinguished name (DN) of the Audit Vault Server host
keysize size	Enter the certificate key size (in bits). Optional. Possible values are: 512 1024 (default) 2048
-out certificate_request_output_file	Enter the path and name of the certificate request output file. Ensure that you have write permissions for this directory.

Usage Notes

• You must use this command to generate a certificate request. After generating the certificate request, send it to your certificate authority (CA) and get it signed and then returned as a signed certificate.

  The DN of the Audit Vault Server is typically of the following form:

  CN=fully_qualified_hostname,OU=Org_Unit,O=Organization,ST=State,C=Country
  

• On Microsoft Windows, enclose the DN in double quotation marks and a backslash (\) character. For example:

  avca generate_csr -certdn \"CN=kuksagruvin,OU=DBSEC,O=RisingDoughCo,ST=CA,C=US\" -out user_c:\oracle\product\10.2.3\avserver\certs\certificate.txt
  

• For detailed information about generating certificate requests when setting up the HTTPS protocol for Oracle Audit Vault, see Section 5.6.

• If you need to update the XDB certificate that you obtained from running the avca generate_csr command, see Section 5.7.

Example

The following example shows how to generate a certificate request for UNIX platforms:

avca generate_csr -certdn CN=kuksagruvin,OU=DBSEC,O=RisingDoughCo,ST=CA,C=US -out user_certificate.cer

Generating Certificate request... 
Certificate request generated successfully

6.13 -help

The avca -help command displays help information for the AVCA commands.

Where to Run This Command

Either Audit Vault Server and collection agent:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2 for Audit Vault Server or Section 2.2.3 for the collection agent.

• Microsoft Windows: Go to the Audit Vault Server or collection agent ORACLE_HOME\bin directory.

Syntax

avca -help

avca command -help

Arguments

Argument	Description
command	Enter the name of an AVCA command for which you want help messages to appear

Usage Notes

If you installed the collection agent on a Microsoft Windows computer and want to run the avca help command from there, run it from the ORACLE_HOME\bin directory. For UNIX or Linux installations, ensure that you have set the appropriate environment variables before running this command. See Section 2.2 for more information.

Example

The following example shows how to display general AVCA utility help in the Audit Vault Server home.

avca -help

-------------------------------------------- 
AVCA Usage
-------------------------------------------- 
Oracle Audit Vault Configuration commands - AV Server:
    avca deploy_av -sid <sid> -dbalias <db alias> -avconsoleport <av console port>
    avca generate_csr -certdn <Audit Vault Server host DN> [-keysize 512|1024|2048] -out <certificate request output file> 
    avca import_cert -cert <User/Trusted certificate> [-trusted] 
    avca remove_cert -certdn <Audit Vault Server host DN> 
    avca secure_av -avkeystore <keystore location> -avtruststore <truststore location> 
    avca secure_av -remove 
    avca set_server_tz -offset <[+/-]hh:mm> 
    avca show_server_tz 
  
Oracle Audit Vault Configuration commands - Agent:
    avca add_agent -agentname <agent name> [-agentdesc <desc>] -agenthost <host>
    avca drop_agent -agentname <agent name> 
  
Oracle Audit Vault Configuration commands - Warehouse:
    avca set_warehouse_retention -intrv <year-month interval> 
  
Oracle Audit Vault Configuration commands - SMTP:
    avca register_smtp -server <host:port> -sender_id <sender id> -sender_email <sender email> -auth|-noauth 
    avca register_smtp -remove 
    avca alter_smtp [-server <host:port>] [-sender_id <sender id>] [-sender_email <sender email>] [-auth|-noauth] 
    avca secure_smtp -protocol ssl|tls [-truststore <truststore location>] 
    avca secure_smtp -remove 
    avca show_smtp_config 
    avca enable_smtp 
    avca disable_smtp 
    avca test_smtp -to <recipient email>
  
Oracle Audit Vault Configuration commands - Remedy:
    avca register_remedy -config <remedy config file> 
    avca register_remedy -remove 
    avca alter_remedy -config <remedy config file> [-auth] 
    avca secure_remedy [-truststore <truststore location>] 
    avca secure_remedy -remove 
    avca show_remedy_config 
    avca enable_remedy 
    avca disable_remedy 
    avca test_remedy -ticket_id <remedy ticket id>
  
Oracle Audit Vault Configuration commands - Authentication:
    avca create_wallet -wrl <wallet_location> 
    avca create_credential -wrl <wallet_location> -wpwd <wallet_pwd> -dbalias <db alias> -usr <usr>/<pwd> 
 
avca -help

From the Audit Vault collection agent home, the avca -help output is as follows:

avca -help
 
  -------------------------------------------- 
  AVCA Usage
  -------------------------------------------- 
  Oracle Audit Vault Agent Installation commands
      avca secure_agent -agentkeystore <keystore location> -avdn <DN of Audit Vault> -agentdn <DN of agent>
      avca secure_agent -remove
  
  Oracle Audit Vault Configuration commands - Authentication:
      avca create_wallet -wrl <wallet_location> 
      avca create_credential -wrl <wallet_location> -wpwd <wallet_pwd> -dbalias <db alias> -usr <usr>/<pwd> 
  
  avca -help

The following example shows how to display specific AVCA help for the add_agent command in Audit Vault.

avca add_agent -help

  avca add_agent -agentname <agent name> [-agentdesc <desc>] -agenthost <host>
  ------------------------------------------------
  -agentname <agent name>
  [-agentdesc <agent description>]
  -agenthost <agent host>
  ------------------------------------------------

6.14 import_cert

The avca import_cert command imports the specified user or trusted certificate into the wallet.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca import_cert -cert User/Trusted_certificate [-trusted]

Arguments

Argument	Description
-cert User/Trusted_certificate	Enter the path and file name of the certificate to be imported into the wallet. See the usage notes.
-trusted	Include this argument if you want to indicate that the certificate is trusted. If it is a user certificate, then omit the trusted argument. Optional.

Usage Notes

• To obtain the certificate, contact the certificate authority. Place the certificate in a directory that you can easily access, for the -cert argument. Ensure that the certificate matches a pending certificate request in the wallet. You must import the trusted certificate for this certificate first.

• For detailed information about configuring wallets when setting up the HTTPS protocol for Oracle Audit Vault, see Section 5.6.

Example

The following example shows how to import a certificate into the wallet.

avca import_cert -cert user_certificate.cer

Importing Certificate...
Certificate imported successfully.

This example shows how to import a trusted certificate into the wallet.

avca import_cert -cert ca_certificate.cer -trusted

Importing Certificate...
Certificate imported successfully.

6.15 redeploy

The avca redeploy command redeploys the av.ear file on the Audit Vault Server system or the AVAgent.ear file on the Audit Vault collection agent system.

Where to Run This Command

Either Audit Vault Server and collection agent:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2 for Audit Vault Server or Section 2.2.3 for the collection agent.

• Microsoft Windows: Go to the Audit Vault Server or collection agent ORACLE_HOME\bin directory.

Syntax

avca redeploy

Arguments

None.

Usage Notes

If you installed the collection agent on a Microsoft Windows computer and want to run the avca redeploy command from there, run it from the ORACLE_HOME\bin directory. For UNIX or Linux installations, ensure that you have set the appropriate environment variables before running this command. See Section 2.2 for more information.

Example

The following example shows how to redeploy either the av.ear file on the Audit Vault Server system or the AVAgent.ear file on the Audit Vault collection agent system.

avca redeploy

Deploying AV web application...
Getting EM home = stapp03.us.oracle.com_sx4
Stopping OC4J...
OC4J stopped successfully.
Expanding av.ear
Looking for directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av
Deleting directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av
Creating directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av
Looking for directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av/av
Creating directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av/av
Deploying pre-compiled jsps
Starting OC4J...
OC4J started successfully. 

6.16 register_remedy

The avca register_remedy command registers or removes the BMC Remedy Action Request (AR) System Server 7.x trouble ticket service from Oracle Audit Vault. The registration is based on the settings in the deployment descriptor properties file, described in Section 3.7.2. For the full procedure, see Section 3.7. You can register only one Remedy trouble ticket with each Oracle Audit Vault installation.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca register_remedy -config deploymentDescriptor.properties 

avca register_remedy -remove

Arguments

Argument	Description
-config deploymentDescriptor.properties	Enter the path to the deployment descriptor properties file. By default, a template for this file is located in the $ORACLE_HOME/av/conf directory.
-remove	Include this keyword to remove the Remedy trouble ticket service from Oracle Audit Vault.

Usage Notes

• Right after you register the Remedy trouble ticket service configuration, it is enabled and ready to use.

• If the Remedy trouble ticket service is on a secure server, then run the avca secure_remedy command (Section 6.21) after you run avca register_remedy.

• To test the configuration, run the avca test_remedy command (Section 6.28).

Examples

The following example demonstrates how to register the Remedy trouble ticket service:

avca register_remedy -config $ORACLE_HOME/av/conf/remedy.properties

Enter Remedy server username: Remedy_server_username
Enter Remedy server password: password
Re-enter Remedy server password: password
Credential stored successfully.
Remedy server registered successfully. 

The command does not create any users; it just stores the user input in the Oracle wallet.

This example shows how to unregister the Remedy trouble ticket service:

avca register_remedy -remove

Remedy server unregistered successfully.

6.17 register_smtp

The avca register_smtp command registers or unregisters the Oracle Audit Vault e-mail notification service to use an SMTP server. For the full procedure required to complete this type of registration, see Section 3.6.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca register_smtp -server IP:port|host:port -sender_id string -sender_email e-mail -auth|-noauth

avca register_smtp -remove

Arguments

Argument	Description
-server IP:port|host:port	Enter the server connection information, either using the IP address or server name, and the outgoing server port number.
-sender string	Enter the user ID of the person responsible for sending the e-mail (that is, the e-mail address that appears after From).
-sender_email e-mail	Enter the e-mail address of the person whose ID you entered for the -sender argument, in Request For Comments (RFC) 822 format.
-auth|-noauth	Enter one of the following settings: -auth: Enables authentication for the recipient user. After you enter the avca alter_smtp command, you are prompted for this user's user name and password. See the example in this section. -noauth: Oracle Audit Vault assumes that the SMTP server needs no authentication. In that case, the command does not prompt for the username and password interactively. It also ignores any settings for the AVCA_SMTPUSR variable.
-remove	Include this keyword to remove the SMTP service from Oracle Audit Vault.

Usage Notes

• Right after you create the SMTP server connection, it is enabled and ready to use.

• If the SMTP server is a secure server, then run the avca secure_smtp command (Section 6.22) after you run avca register_smtp.

• To test the configuration, run the avca test_smtp command (Section 6.29).

Example

avca register_smtp -server kuksanest:3924 -sender imanoyd -sender_email inoydt@example.com -auth

Enter SMTP server username: idaneau
Enter SMTP server password: password
Re-enter SMTP server: password
Credential stored successfully.
SMTP configuration registered successfully.

The following example removes the SMTP registration:

avca register_smtp -remove

SMTP server unregistered successfully.

6.18 remove_cert

The avca remove_cert command removes the specified certificate from the wallet.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca remove_cert -certdn Audit_Vault_Server_host_DN 

Arguments

Argument	Description
-certdn Audit_Vault_Server_host_DN	Enter the distinguished name (DN) of the Audit Vault Server host that was used for the avca generate_csr command.

Usage Notes

• Oracle Audit Vault removes the certificate or key pair for the DN matching the given DN from the wallet. For example, you can use this command to remove a certificate that expires or is revoked by the CA, and replace it with a renewed certificate.

  You, the Oracle Audit Vault administrator, provide the DN of the Audit Vault Server is typically of the form:

  CN=hostname_fully_qualified,OU=Org_Unit,O=Organization,ST=State,C=Country
  

• On Microsoft Windows, enclose the DN in double quotation marks and a backslash (\) character. For example:

  avca remove_cert -certdn -hrdb.example.com \"CN=kuksagruvin,OU=DBSEC,O=RisingDoughCo,ST=CA,C=US\" 
  

Example

The following example shows how to remove a certificate from the wallet.

avca remove_cert -certdn -hrdb.example.com CN=kuksagruvin,OU=DBSEC,O=RisingDoughCo,ST=CA,C=US

Removing Certificate...
Certificate removed successfully.

6.19 secure_agent

The avca secure_agent command secures the Audit Vault collection agent by enabling mutual authentication with the Audit Vault Server. If you specify the remove argument, this command removes mutual authentication with the Audit Vault Server.

Where to Run This Command

Audit Vault collection agent:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.3.

• Microsoft Windows: Go to the Audit Vault collection agent ORACLE_HOME\bin directory.

Syntax

avca secure_agent -agentkeystore keystore_location
 -avdn Audit_Vault_Server_host_DN 
 -agentdn agent_DN [-agentkeystore_pwd keystore_pwd]

avca secure_agent -remove

Arguments

Argument	Description
-agentkeystore keystore_location	Enter the keystore file location for this collection agent. See Section 5.6 for more information about the keystore file.
-avdn Audit_Vault_Server_host_DN	Enter the distinguished name (DN) of the Audit Vault Server.
-agentdn agent_DN	Enter the DN of this Audit Vault collection agent.
-remove	Include this keyword to remove mutual authentication with the Audit Vault Server.

Usage Notes

• If you installed the collection agent on a Microsoft Windows computer, run the avca secure_agent command from the ORACLE_HOME\bin directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.

• The avca secure_agent command prompts for the agent key password. You can bypass this prompt if the corresponding environment variable, AVCA_AGENTKEYSTOREPWD is set. If you enter the password, then it overrides the environment variable. This argument is provided for backward compatibility.

• On Microsoft Windows, enclose the DN in double quotation marks with a backslash (\) character, as shown in the examples following these notes.

• The keystore and certificate must be in place at the collection agent site before you execute this command.

• Use the following command to generate a keystore:

  $ORACLE_HOME/jdk/bin/keytool
  

• When you issue the secure_agent command for the specified collection agent with both the collection agent and its collectors in a running state, the collection agent and all its collectors will shut down when the agent OC4J shuts down and then restarts. You must manually restart the collection agent and its collectors.

• For detailed information about configuring mutual authentication when setting up the HTTPS protocol for Oracle Audit Vault, see Section 5.6.

Example

The following example shows how to secure the Audit Vault collection agent by enabling mutual authentication with the Audit Vault Server.

avca secure_agent -agentkeystore /tmp/agentkeystore
  -agentdn \"CN=agent1, OU=sales, O=example, L=nomadcity, ST=ca, C=us\" 
  -avdn \"CN=av1, OU=sales, O=example, L=nomadcity, ST=ca, C=us\" 

Enter Audit Vault Agent keystore password:  password
Stopping agent... 
Agent stopped successfully. 
Starting agent... 
Agent started successfully.

The following example shows how to unsecure the Oracle Audit Vault collection agent by disabling mutual authentication with the Audit Vault Server.

avca secure_agent -remove

Stopping agent... 
Agent stopped successfully. 
Starting agent... 
Agent started successfully.

6.20 secure_av

The avca secure_av command secures the Audit Vault Server by enabling mutual authentication with the Audit Vault collection agent. If you specify the remove argument, this command removes mutual authentication with Audit Vault collection agent.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca secure_av -avkeystore keystore_location -avtruststore truststore_location
               [-avkeystorepwd keystore_pwd>]

avca secure_av -remove

Arguments

Argument	Description
-avkeystore keystore_location	Enter the keystore file location for the Audit Vault Server. By default, this file is located in the Audit Vault Server home directory. It has the file extension of .keystore. See Section 5.6 for more information about the keystore file.
-avtruststore truststore_location	Enter the trust store location for the Audit Vault Server. This file can be the same file as the avkesytore file. Ensure that this file has the CA certificates imported into it.
-remove	Include this keyword to remove mutual authentication with the Audit Vault collection agent

Usage Notes

• The keystore and certificate files must be in place at the Audit Vault Server before you run this command.

• Use the following command to generate a keystore:

  $ORACLE_HOME/jdk/bin/keytool
  

• When you issue the avca secure_av command, the Audit Vault Console agent OC4J restarts, which requires you to log in to Audit Vault Console again.

• The avca secure_av command prompts for the keystore password for the Audit Vault Server. If the corresponding environment variable, AVCA_AVKEYSTOREPWD, is set, then you can bypass this prompt. If you enter the password anyway, it overrides the environment variable. This argument is provided for backward compatibility.

• For detailed information about configuring mutual authentication when setting up the HTTPS protocol for Oracle Audit Vault, see Section 5.6.

Example

The following example shows how to secure the Audit Vault Server by enabling mutual authentication with the Oracle Audit Vault collection agent.

avca secure_av -avkeystore /tmp/avkeystore -avtruststore /tmp/avkeystore 
Enter keystore password: password

The following example shows how to unsecure Audit Vault Server by disabling mutual authentication with the Audit Vault collection agent.

avca secure_av -remove

Stopping OC4J...
OC4J stopped successfully.
Starting OC4J...
OC4J started successfully.
Oracle Audit Vault 10g Database Control Release 10.2.3.2.0  Copyright (c) 1996,2008 Oracle Corporation.  All rights reserved.
http://av_srv.us.example.com:5700/av
Oracle Audit Vault 10g is running.
------------------------------------
 
Logs are generated in directory $ORACLE_HOME/10.2.3/av_1/av/log

6.21 secure_remedy

The avca secure_remedy command enables or disables a secure configuration for the Remedy ticket service. Run this command if the BMC Remedy Action Request System Server is on a secure server.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca secure_remedy -truststore truststore

avca secure_remedy -remove

Arguments

Argument	Description
-truststore truststore	Enter the path to the truststore file used to validate the server certificates. Optional.
-remove	Include this keyword to disable the Remedy ticket service from being a secure configuration.

Usage Notes

• Run this command after you run either the avca register_remedy (Section 6.16) or avca alter_remedy (Section 6.2) command.

Example

avca secure_remedy -truststore ca_cert.ce

Setting Truststore to ca_cert.cer
Updated Remedy server configuration to not use secure protocol.

6.22 secure_smtp

The avca secure_smtp command enables the e-mail notification service to work with a secure SMTP server by specifying the type of connection protocol used to communicate to the SMTP server. Only run this command if the SMTP server that you are configuring is a secure server.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca secure_smtp -protocol ssl_type -truststore truststore

avca secure_smtp -remove

Arguments

Argument	Description
-protocol ssl_type	Specify one of the following types of protocol: SSL: Secure Sockets Layer (default) TLS: Transport Layer Security
-truststore truststore	Enter the path to the truststore file used to validate the server certificates. Optional.
-remove	Include this keyword to disable the e-mail notification service from being a secure configuration.

Usage Notes

Run this command after you run either the avca register_smtp (Section 6.17) or avca alter_smtp (Section 6.3) command.

Examples

The following example shows how to configure the truststore to use the TLS protocol:

avca secure_smtp -protocol tls -truststore $ORACLE_HOME/wallets/smtp_keystore 

Updated SMTP server configuration to use secure protocol. 

These example demonstrates how to disable the e-mail configuration service:

avca secure_smtp -remove 

Updated SMTP server configuration to not use secure protocol.

6.23 set_server_tz

The avca set_server_tz command sets the time zone format for Oracle Audit Vault reports and alerts, using an offset of the UTC time zone. It takes effect the next time you generate a report or an alert. Use this command if the time stamps in the generated Audit Vault reports and alerts must be in a time zone other than UTC. (The Audit Vault Server itself always uses the UTC time zone.)

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca set_server_tz -offset offset_value  

Arguments

Argument	Description
-offset offset_value	Enter the offset value in the following format: +/-HH:MM

Usage Notes

To find the current UTC time zone setting, run the avca show_server_tz command, described in Section 6.26.

Example

The following example shows how to set the offset value for U.S. Pacific Daylight Time (PDT):

avca set_server_tz -offset +07:00

Updated timezone offset successfully.

6.24 set_warehouse_retention

The avca set_warehouse_retention command controls the amount of data kept online in the data warehouse fact table.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca set_warehouse_retention -intrv year_month_interval  

Arguments

Argument	Description
-intrv year_month_interval	Enter the year-month interval in the following format: +YY-MM

Usage Notes

• The interval setting must be a positive value.

• As the retention period shifts forward in time, Oracle Audit Vault removes the data that was loaded before the retention period. For example, if you set the retention period for 1 year, any data before that year is discarded.

• See Section 3.4 for detailed information about creating a retention period.

Example

The following example shows how to control the amount of data kept online in the data warehouse table. In this case, a time interval of 1 year and 6 months is specified.

avca set_warehouse_retention -intrv +01-06 

AVCA started
Setting warehouse retention period...
done.

6.25 show_remedy_config

The avca show_remedy_config command displays the configuration for the Remedy trouble ticket service connection with Oracle Audit Vault.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca show_remedy_config

Arguments

None.

Usage Notes

To reconfigure the Remedy trouble ticket service connection, run the avca alter_remedy (Section 6.2) command.

Examples

In the following example, the Remedy trouble ticket service has not been registered:

avca show_remedy_config

Error executing command show_remedy_config
OAV-46856: no remedy server registered

In this example, the Remedy trouble ticket service has been successfully registered:

avca show_remedy_config

Remedy server configuration details: 
--------------------------------
Action Request host: kuksavoid.com
Mid-tier host: kuksavoid.com 
Mid-tier port: 3128 
Version: 7.5 
Helpdesk Form name: HPD:IncidentInterface 
Create Ticket URL: http://kuksavoid.com:3128/arsys/services/ARService?server=kuksavoid&webService=HPD_IncidentInterface_Create_WS 
Get Ticket URL: http://kuksavoid.example.com:3128/arsys/services/ARService?kuksavoid=shobeen&webService=HPD_IncidentInterface_WS 
Auth String: None 
Locale: en_US 
Locale: UTC 
Security protocol: None 
User name: Remedy_server_username 
Password: ***** 
State: Enabled  
--------------------------------

6.26 show_server_tz

The avca show_server_tz shows the configuration details for the avca set_server_tz command.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca show_server_tz

Arguments

None.

Usage Notes

To set the UTC time zone for reports and alerts, run the avca set_server_tz command, described in Section 6.23.

Example

avca show_server_tz

Server Timezone UTC07:00

6.27 show_smtp_config

The avca show_smtp_config command displays the current SMTP configuration details used by Oracle Audit Vault.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca show_smtp_config

Arguments

None.

Usage Notes

To reconfigure the SMTP service connection, run the avca alter_smtp (Section 6.3) command.

Example

avca show_smtp_config

SMTP server configuration details: 
--------------------------------
Host: kuksanest.example.com
Port: 465
Sender name: ida.neau@example.com "<ida.neau@example.com>"
Security protocol: SSL
Truststore: Default
Authentication required: No
State: Enabled 
--------------------------------

6.28 test_remedy

The avca test_remedy command tests the Remedy ticket service connection for the provided ticket ID. You can enter any Remedy ticket number, not just Oracle Audit Vault-related Remedy ticket numbers.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca test_remedy -ticket_id

Arguments

Argument	Description
-ticket_id id	Enter the ID of any Remedy ticket in your system.

Usage Notes

• If the test fails, then check the configuration by running the avca show_remedy_config (Section 6.25) and avctl show_remedy_status (Section 7.7) commands.

• You can recreate the configuration by running the avca alter_remedy command (Section 6.2).

Example

avca test_remedy -ticket_id INC000000000005

Querying Remedy Server for ticket ID "INC000000000005"... 
Assigned Group: Backoffice Support 
Assigned Support Company: Calbro Services 
Assigned Support Organization: IT Support 
Assignee: Allen Allbrook 
Summary: Test Ticket manually
Priority: Low 
Service Type: Infrastructure Event 
Status: Assigned 
Urgency: 4-Low 

6.29 test_smtp

The avca test_smtp command tests the Oracle Audit Vault e-mail notification service.

Where to Run This Command

Audit Vault Server:

• UNIX: Set the appropriate environment variables, as described in Section 2.2.2.

• Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME\bin directory.

Syntax

avca test_smtp -to e-mail 

Arguments

Argument	Description
-to e-mail	Recipient to whom to send the test e-mail notification.

Usage Notes

• If the test fails, then check the configuration by running the avca show_smtp_config (Section 6.27) and avctl show_smtp_status (Section 7.8) commands.

• You can recreate the configuration by running the avca alter_smtp command (Section 6.3).

Example

avca test_smtp -to ida.kuksa@example.com

Sending Test e-mail to "ida.kuksa@example.com"... 
Test e-mail sent successfully. Please check the recipients mailbox to see if the e-mail has been delivered. 

In this example, user Ida Kuksa should receive an e-mail similar to the following:

• Subject header: Oracle Audit Vault: Test Message

• Body text: This is a test message from Oracle Audit Vault

If the test fails, then an error message similar to the following appears:

Sending Test e-mail to "ida.kuksa@example.com"... 
Error: SEND_EMAIL_ERROR. Message is: Sending failed;
  nested exception is: 
        javax.mail.MessagingException: Unknown SMTP host: shobeen.example.com;
  nested exception is: 
        java.net.UnknownHostException: shobeen.example.com. 

See the Usage Notes for advice on handling this situation.