|Oracle® Audit Vault Server Installation Guide
Release 10.3 for Linux x86-64
Part Number E23565-07
|PDF · Mobi · ePub|
Oracle Audit Vault is a powerful enterprisewide audit solution that efficiently consolidates, detects, monitors, alerts, and reports on audit data for security auditing and compliance. Oracle Audit Vault provides the ability to consolidate audit data and critical events into a centralized and secure audit warehouse.
Note:To upgrade previous releases of Oracle Audit Vault to version 10.3, see the upgrade section of the Oracle Audit Vault Release Notes.
This chapter provides an overview of the Oracle Audit Vault Server installation process. This chapter includes the following sections:
Install the Oracle Audit Vault Server (Audit Vault Server) on its own host computer or a host that contains other repository databases such as Enterprise Manager Grid Control or the Oracle Recovery Manager (RMAN) repository database. This enables Oracle Audit Vault to have high availability to these other databases. For scalability, the Audit Vault Server can implement Oracle Real Applications Cluster (Oracle RAC) and Data Guard for disaster recovery.
Oracle Audit Vault software installation consists of two parts:
Oracle Audit Vault Server installation that can be either:
Single Instance installation
Clustered using an Oracle Real Application Clusters (Oracle RAC) installation
Oracle Audit Vault collection agent installation (see Oracle Audit Vault Collection Agent Installation Guide)
You can choose different installation methods to install Oracle Audit Vault Server, as follows:
When you use the interactive method to install Oracle Audit Vault Server to perform a Basic or Advanced installation, Oracle Universal Installer displays a series of screens that enable you to specify all of the required information to install the Oracle Audit Vault Server software.
Oracle Audit Vault provides a response file template for Audit Vault Server (
av.rsp). The response template file can be found in the
AV installer location
/response directory on the Audit Vault Server installation media.
When you start Oracle Universal Installer and specify a response file, you can automate all of the Oracle Audit Vault Server installation. These automated installation methods are useful if you need to perform multiple installations on similarly configured systems or if the system where you want to install the software does not have X Window system software installed.
For Audit Vault Server, Oracle Universal Installer can run in silent (noninteractive) mode. For silent mode, specify both the
-responseFile options followed by the path of the response file on the command line when you invoke Oracle Universal Installer. For example:
./runInstaller -silent -responseFile path_of_response_file
Oracle Universal Installer runs in silent mode if you use a response file that specifies all required information. None of the Oracle Universal Installer screens are displayed, and all interaction (standard output and error messages) and installation logs appear on the command line.
You can prepare the response file by entering values for all parameters that are missing in the response file, then save the file. For parameters that should not be changed, a comment is included in the file to indicate that you should not change the parameter value. Refer to Section A.3.2 for more information about saving a response file.
See Section 4.7 for specific information about performing an Audit Vault Server silent installation.
For information about installing Oracle products using response files, see Appendix A.
The Audit Vault server installation consists of two options:
Create and configure Oracle Audit Vault - Performs a full installation and configuration of Audit Vault Server.
Install Oracle Audit Vault software only - Only lays down the software bits and does no configuration of the Oracle Audit Vault Server software.
The Audit Vault server installation consists of two methods of installation:
Basic installation – Simplifies the installation process and prompts for a minimal set of inputs from the user to perform a full installation. An Oracle RAC installation is not supported through this option; only a single instance installation is supported.
Advanced installation – Offers the user more control and options for the installation process, including storage options and backup options. This option supports the installation of Audit Vault Server on a cluster and as a single instance.
Communication at the management level between the Audit Vault Server and the Audit Vault collection agent can be secured after the installation is complete. This is done as part of the postinstallation configuration, in which SSL is configured for the mutual authentication between the Oracle Audit Vault management service on the server side and each collection agent over HTTPS.
After you check the requirements described in Section 1.6, the general steps to install Oracle Audit Vault Server include these tasks:
Run Oracle Universal Installer to perform Audit Vault Server installation.
Run postinstallation and configuration tasks using AVCA.
You can install Oracle Audit Vault Server as a software only installation for the purpose of installing software patches in which the installation installs only the software binaries and performs no configuration tasks. Then you can run the configuration assistants using a response file to automate the patch installation and configuration of the Audit Vault Server installation. The first configuration assistant will apply the patches, and the other configuration assistants will have fixes available to them before they run. This includes assistants that run Network Configuration Assistant (NETCA), Database Configuration Assistant (DBCA) or Database Upgrade Assistant (DBUA), Database Vault Configuration Assistant (DVCA), and Audit Vault Configuration Assistant (AVCA).
The advantages of performing a software only installation includes the following patch installation scenarios:
Applying one or more required RDBMS patches that became available
Applying a required CPU patch that became available for the database
Applying a required Audit Vault 10.3.0.0 Bundle Patch that became available
Applying one or more required one-off patches that became available
In all cases, instead of applying these patches after the installation completes, you can follow the steps in Section 4.6 and apply these patches as part of the installation process. This is a more efficient and automated way to apply any required software patches during an initial Oracle Audit Vault Server installation.
See Section 4.6 for more information about the steps to follow to complete a software only installation.
This section contains information that you should consider before deciding how to install this product. It includes contains the following topics:
The platform-specific hardware and software requirements included in this guide were current when this guide was published. However, because new platforms and operating system versions might be certified after this guide is published, review the certification matrix on the My Oracle Support (formerly OracleMetaLink) Web site for the most up-to-date list of certified hardware platforms and operating system versions. The My Oracle Support Web site is available at
This product supports multiple Oracle homes. This means you can install this release of the software more than once on the same system, in different Oracle home directories. See Section 2.8.2 for more information.
The Oracle Grid Infrastructure for a standalone server provides the infrastructure to include your single-instance Oracle Audit Vault Server in an enterprise grid architecture. Because Oracle Audit Vault Server Release 10.3 installs a customized, specially configured release of Oracle Database 11g Release 2 (18.104.22.168.0), it combines these infrastructure products into one software installation called the Oracle Grid Infrastructure home. On a single-instance database, the Oracle Grid Infrastructure home includes Oracle Restart and Oracle Automatic Storage Management (Oracle ASM) software.
If you want to use Oracle ASM or Oracle Restart, then first install Oracle Grid Infrastructure for a standalone server, and then install Oracle Oracle Audit Vault Server Release 10.3.
Note:Oracle Audit Vault supports Oracle Restart, but only for the Audit Vault repository database. The Audit Vault Administrator must manually restart all Audit Vault services, those services being the Audit Vault Server (Audit Vault Console), the Audit Vault Collection Agent, and the Audit Vault Collectors, in that order, to complete the restart operation. See Oracle Audit Vault Administrator's Guide for more information.
See Also:Chapter 3 for more information about installing Oracle Grid Infrastructure for a standalone server
When you install Oracle Grid Infrastructure for a standalone server, Oracle Universal Installer (OUI) will configure the single-node version of Oracle Cluster Synchronization Services (CSS). The CSS service is required to enable synchronization between an Oracle ASM instance and the database instances that rely on it for database file storage. Because the service must be running before an Oracle ASM instance or database instance starts, it is configured to start automatically by Oracle Restart before the Oracle ASM instance is started.
For single-instance installations, the CSS daemon is installed in and runs from the Oracle Grid Infrastructure home which is the same home that runs Oracle ASM.
When you install Oracle Audit Vault Server, it creates a database during the installation, which is why you can specify one of the following storage options for database files:
Note:Installing files on raw devices is no longer an option during installation. You must use a file system or Oracle Automatic Storage Management (Oracle ASM).
If you use the file system option, then Oracle Database Configuration Assistant creates the database files in a directory on a file system mounted on the computer. Oracle recommends that the file system be separate from the file systems used by the operating system or the Oracle software. The file system can be any of the following:
A file system on a disk that is physically attached to the system
If you are creating a database on basic disks that are not logical volumes or RAID devices, then Oracle recommends that you follow the Optimal Flexible Architecture (OFA) recommendations and distribute the database files over more than one disk.
A file system on a logical volume manager (LVM) volume or a RAID device
If you are using multiple disks in an LVM or RAID configuration, then Oracle recommends that you use the stripe and mirror everything (SAME) methodology to increase performance and reliability. Using this methodology, you do not need to specify more than one file system mount point for the database storage.
A network file system (NFS) mounted from a certified network-attached storage (NAS) device. You also have the option to use the Direct NFS feature, which simplifies the administration of NFS configurations and also improves performance.
See Also:The "Direct NFS Client" section in the "Oracle Database Postinstallation Tasks" chapter in Oracle Database Installation Guide for Linux
If the NAS device is certified by Oracle, then you can store the database files on them.
If you use the Advanced database creation option, then you can also use the Oracle Managed Files feature with the new database. If you use this feature, then you must specify only the database object name instead of file names when creating or deleting database files.
Oracle Automatic Storage Management (Oracle ASM) is a high-performance storage management solution. For Oracle Audit Vault Server and Oracle Database files, it simplifies the management of a dynamic database environment, for example, creating and laying out databases and managing disk space.
Oracle ASM can be used with single database installations, multiple database installations, and in Oracle RAC environments. It can be used with databases created in Oracle Database 10g Release 1 (10.1.0.3 or later). However, Oracle Database 11g Release 2 (11.2) databases must use Oracle ASM from Oracle Database 11g Release 2 (11.2) or later. Oracle ASM is installed as part of the Oracle Grid Infrastructure installation. If you plan to use Oracle ASM, then you must install Oracle Grid Infrastructure before installing your database. If you want to upgrade an existing Oracle ASM installation, then you must upgrade Oracle ASM by running an Oracle Grid Infrastructure upgrade.
Oracle ASM Release 22.214.171.124 requires Oracle Clusterware Release 126.96.36.199. Oracle Audit Vault 10.3 requires Cluster Ready Services (CRS) 188.8.131.52, which installs with Oracle Clusterware Release 184.108.40.206.
See Also:Chapter 3 for more information about installing the Oracle Grid Infrastructure software
Oracle ASM manages the storage of all database files, such as redo logs, control files, and data pump export files.
Oracle ASM can manage the Oracle Audit Vault Server executable binary files and any other non-database file by creating a file system with Oracle Automatic Storage Management Cluster File System. Although Oracle Automatic Storage Management Cluster File System is cluster-aware, it also works as a file system on a single-instance database.
See Also:"Introduction to Oracle ACFS" in Oracle Automatic Storage Management Administrator's Guide for information about Oracle Automatic Storage Management Cluster File System
At a high level, implementing Oracle ASM involves allocating partitioned disks for Oracle Audit Vault Server with preferences for striping and mirroring. Oracle ASM manages the disk space for you. This helps avoid the need for traditional disk management tools, such as Logical Volume Managers (LVM), file systems, and the numerous commands necessary to manage both. The synchronization between Oracle ASM and the database instance is handled by CSS.
The following are components of an Oracle ASM installation:
A disk group is a set of disk devices that Oracle ASM manages as a single unit. Each disk device can be an individual physical disk, a multiple disk device, such as a RAID storage array or logical volume, or a partition on a physical disk. In most cases, disk groups consist of one or more individual physical disks. To enable Oracle ASM to balance input/output operations and storage efficiently within the disk group, you must ensure that all devices in the disk group have similar, if not identical, storage capacity and performance.
You can set the redundancy and striping attributes of individual file types within a disk group by using Oracle ASM disk group templates. When you create a disk group, Oracle ASM creates a set of default templates for that disk group. Default template settings depend on the disk group type. For example, the default template for control files for both normal and high redundancy disk groups is set to three-way mirroring. All other file templates are two-way mirrored. For a high redundancy disk group, the default mirroring cannot be changed, which implies that all files are always three-way mirrored in a high redundancy disk group. You can modify the default templates to suit your site's needs. See Oracle Automatic Storage Management Administrator's Guide for more information.
Oracle ASM spreads data evenly across all the devices in the disk group to optimize performance and utilization. You can add or remove disk devices from a disk group without shutting down the database. When you add or remove disks, Oracle ASM rebalances the files across the disk group. You can create multiple disk groups to do specific tasks, such as backup and recovery operations, in addition to regular file storage activities.
When you add a device to a disk group, you can specify a failure group for that device. Failure groups identify disk devices that have common failure characteristics, for example, devices that are attached to the same controller. If the controller fails, then all devices attached to it become unavailable. By default, each device also belongs to its own failure group. By using the failure groups you specify, Oracle ASM can distribute data among the devices in the disk group to minimize the risk of data loss caused by component failures.
The Oracle ASM instance is a special Oracle instance that manages Oracle ASM disk groups. The Oracle ASM instance and the
ASMSNMP account are created and started, if necessary, when you install Oracle Grid Infrastructure. Oracle Enterprise Manager uses this account to monitor Oracle ASM instances to retrieve data from Oracle ASM-related data dictionary views. The
ASMSNMP account status is set to
OPEN upon creation, and it is granted the SYSDBA privilege.
Oracle recommends that you have the Oracle ASM instance in its own Oracle home. Oracle also recommends that you run this instance before you start a database instance that uses Oracle ASM.
For an Oracle Audit Vault Server installation, you only need one Oracle ASM instance, regardless of the number of database instances on the computer.
See Also:"Managing Oracle ASM Users with Oracle Enterprise Manager" in Oracle Automatic Storage Management Administrator's Guide for information about the
Deploy Oracle Enterprise Manager centrally in the environment
To deploy Oracle Enterprise Manager centrally, you must install at least one Oracle Management Repository and one Oracle Management Service within the environment, then install an Oracle Enterprise Management Agent on every computer that you want to manage. You can then use a single HTML interface to manage and monitor software and hardware targets on all of those systems. Targets can include Oracle databases, application servers, net listeners, and third-party software. This single interface is called Oracle Enterprise Manager Grid Control (Grid Control).
Oracle Enterprise Manager is available separately on the Oracle Enterprise Manager Grid Control installation media, and on the Oracle Technology Network Web site at:
For the latest certification information, see My Oracle Support note 412431.1, "Oracle Enterprise Manager Grid Control Certification Checker" at:
Deploy Oracle Enterprise Manager Database Control locally on the database system
Oracle Enterprise Manager Database Control software is installed by default with every Oracle Audit Vault Server installation. This local installation provides a Web-based interface called Oracle Enterprise Manager Database Control. The Database Control is similar to the Grid Control, but it can manage only a single database. If you want to administer more than one database on a system, then you must either configure a separate Database Control for each database, or you must install Oracle Enterprise Manager Grid Control.
See Also:Oracle Enterprise Manager Concepts manual and the Oracle Enterprise Manager Grid Control Basic Installation Guide on the Oracle Enterprise Manager Grid Control installation media for more information about Oracle Enterprise Manager
This section contains the following topics:
When you install Audit Vault Server, you must select the Oracle Enterprise Manager interface that you want to use to manage the Audit Vault repository database. The following options are available:
Use Grid Control for central database management
This option is available only if an Oracle Enterprise Manager Database Control Agent is installed on the system. When Oracle Universal Installer detects an Oracle Management Agent on the system, you can choose this option and specify the Oracle Management Service that you want to use to manage the database.
If an Oracle Management Agent is not installed, then you must use Database Control to manage the database. However, if Oracle Management Agent is installed after Oracle Audit Vault Server, then you can use Grid Control to manage this database.
Use Database Control for local database management
This option is selected by default if an Oracle Management Agent is not installed on the system. However, even if a Management Agent is installed, you can still configure Database Control to manage the database.
Oracle Enterprise Manager Database Control provides a Web-based user interface that enables you to monitor, administer, and maintain an Oracle database. You can use it to perform all database administration tasks. You can also use it to determine information about the database, such as:
Instance name, database version, Oracle home location, media recovery options, and other instance data
Current instance availability
Database alert information
Session and SQL-related performance information
Space usage matrix
In addition, it provides you with automatic notification of security alerts and the ability to download and apply patches for the software.
If you use Oracle Enterprise Manager Database Control during the installation, then you can optionally enable automated database backups that use the Oracle-suggested default backup strategy. You do not have to enable automated backups during the installation. If you prefer, you can use Oracle Enterprise Manager Database Control or Grid Control to configure automated backups after you install the software and create a database.
This section contains the following topics:
Oracle Database 2 Day DBA for information about using Oracle Enterprise Manager Database Control to configure or customize automated backups or to recover a backed up database
Oracle Database Backup and Recovery User's Guide for more detailed information about defining a backup strategy and backing up and recovering Oracle databases
If you enable automated backups, then Oracle Enterprise Manager schedules a daily backup job that uses Oracle Recovery Manager (RMAN) to back up all of the database files to a disk storage area called the fast recovery area. The first time the backup job runs, it creates a full backup of the database. Subsequent backup jobs perform incremental backups, which enable you to recover the database to its state at any point during the preceding 24 hours.
To enable automated backup jobs during installation, you must specify the following information:
The location of the fast recovery area
You can use either a file system directory or an Oracle ASM disk group for the fast recovery area. To set the default values for fast recovery area and data file location, use Oracle base as the starting point. See Section 2.12.1 for more information on Oracle base.
Default fast recovery area:
Default data file location:
The default disk quota configured for the fast recovery area is 2 GB. For Oracle ASM disk groups, the required disk space depends on the redundancy level of the disk group that you choose. Section 4.10.4 describes how to choose the location of the fast recovery area and identifies its disk space requirements.
An operating system user name and password for the backup job
Oracle Enterprise Manager uses the operating system credentials that you specify when running the backup job. The user name that you specify must belong to the UNIX group that identifies database administrators (the
ORA_DBA group). This user also must have Logon As A Batch Job privilege.
If you enable automated backups after choosing one of the preconfigured databases during the installation, then automated backup is configured with the following default settings:
The backup job is scheduled to run every morning at 2.00 a.m.
The disk quota for the fast recovery area is 2 GB.
If you enable automated backups by using Oracle Database Configuration Assistant, either during or after the installation, then you can specify a different start time for the backup job and a different disk quota for the fast recovery area.
If you use the Oracle Enterprise Manager Database Control during the installation, then you can configure Oracle Enterprise Manager to send an email when specific events occur. These events can include occurrences such as the disk space reaching a critical limit (a threshold) or a database shutting down unexpectedly.
If you enable email notifications, then you must specify the following information:
The host name of a Simple Mail Transfer Protocol (SMTP) server
The email address that should receive the alerts
The email address that you specify could belong to an individual, or a shared email account, or a distribution list.
You can use Oracle Enterprise Manager Database Control to set up, change, or customize email notifications after you create the database.