A Audit Vault Configuration Assistant (AVCA) Reference

Audit Vault Configuration Assistant (AVCA) is a command-line utility that provides the Audit Vault administrator with the ability to manage various Audit Vault components.

The user running the AVCA commands must be granted the AV_ADMIN role.

Table A-1 describes the Audit Vault Configuration Assistant commands and where each is used, whether on the Audit Vault Server, on the Audit Vault Agent, or in both places.

Table A-1 Audit Vault Configuration Assistant Commands

Command	Used Where?	Description
add_agent	Server	Adds an agent to Oracle Audit Vault
create_credential	Both	Creates a credential to be stored in the wallet
create_wallet	Both	Creates a wallet to hold credentials
deploy_av	Server	Deploys the `av.ear` file to another node in an Oracle RAC environment
drop_agent	Server	Drops an agent from Oracle Audit Vault
help	Both	Displays Help for the AVCA commands
redeploy	Both	Redeploys the `av.ear` file on the Audit Vault Server system or the `AVAgent.ear` file on the Audit Vault Agent system
secure_agent	Agent	Secures the Audit Vault Agent by enabling mutual authentication with Audit Vault
secure_av	Server	Secures Audit Vault Server by enabling mutual authentication with the Audit Vault Agent
set_warehouse_retention	Server	Controls the amount of data kept online in the data warehouse fact table
set_warehouse_schedule	Server	Sets the schedule for refreshing data from the raw audit data store to the star schema
upgrade	Both	Upgrades the current Audit Vault Server and Audit Vault Agent installation to the next revision

Note:

In an Oracle RAC environment, AVCA commands must be issued from the node on which Oracle Enterprise Manager resides. This is the same node on which the av.ear file is deployed.

If the node on which the av.ear file is deployed is down, deploy the av.ear file to another node using the AVCA deploy_av command.

add_agent

Adds or registers an agent to Audit Vault. This command is run on the Audit Vault Server.

Syntax

avca add_agent -agentname <agent name> 
[-agentdesc <desc>] -agenthost <host> -agentusr <usr>

Arguments

Argument	Description
`-agentname <agent name>`	Specify the agent (by agent name) to be modified.
`[-agentdesc <desc>]`	Optionally, specify a description of the agent.
`-agenthost <host>`	Specify a new host value for this agent.
`-agentusr <usr>`	Specify the existing user name to represent the agent and for whom the `AV_AGENT` role has been granted.

Usage Notes

To install an Audit Vault Agent, perform the following steps:

Using the Database Vault Owner role, create an agent user at the Audit Vault Server.
Add the agent to Audit Vault using the AVCA add_agent command (as the Audit Vault administrator user with the AV_ADMIN role granted. This registers the Audit Vault Agent at the Audit Vault Server.
Install the Audit Vault Agent at the corresponding host system where the agent is to be installed.

Example

The following example shows how to add an agent to Audit Vault:

avca add_agent -agentname TTAgent2 -agenthost stapj40 -agentusr avagentt 
AVCA started
Adding agent...
Agent added successfully.

create_credential

Creates a credential to be stored in the wallet. This command is run on both the Audit Vault Server and Audit Vault Agent.

Syntax

avca create_credential -wrl <wallet_location> -wpwd <wallet_pwd> 
-dbalias <db_alias> -usr <usr>/<pwd>

Arguments

Argument	Description
`-wrl <wallet_location>`	The wallet location
`-wpwd <wallet_pwd>`	The wallet password (the password needed to open the wallet). This is the password of the agent user granted the `AV_AGENT` role. The `-wpwd` argument can be omitted if the corresponding environment variable, `AVCA_WPWD` is set to `wallet_pwd`. If the command-line argument `-wpwd` is specified, then the command-line argument overrides the environment variable.
`-dbalias <db_alias>`	The database alias
`-usr <usr>/<pwd>`	The target user name and password to be secured and stored in the wallet. Use a slash (/) to separate the user name and password. The `-usr` argument can be omitted if the corresponding environment variable, `AVCA_USR` is set to `usr/pwd`. If the command-line argument `-usr` is specified, then the command-line argument overrides the environment variable.

Usage Notes

Use this command to create a new certificate if someone changes the source user password on the source, thus eventually breaking the connection between the collector and the source.

You must modify the sqlnet.ora file as follows after executing this command:

Add one line "sqlnet.wallet_override=true" in the sqlnet.ora file.
Modify the wallet location correspondingly.
Set the environment variable (setenv $TNS_ADMIN) if needed.

Example

The following example shows how to create a credential to be stored in a wallet located at $T_WORK/tt_1. In this example, the AVCA_WPWD environment variable is set to welcome1, the wallet password; the AVCA_USR environment variable is set to scott/tiger, and both the -wpwd and -usr arguments are omitted.

avca create_credential -wrl $T_WORK/tt_1 -dbalias inst1 
AVCA started
Storing user credentials in wallet...
Create credential oracle.security.client.connect_string1
done.

create_wallet

Creates a wallet to hold credentials. This command is run on both the Audit Vault Server and Audit Vault Agent.

Syntax

avca create_wallet -wrl <wallet_location> -wpwd <wallet_pwd>

Arguments

Argument	Description
`-wrl <wallet_location>`	The wallet location
`-wpwd <wallet_pwd>`	The wallet password (the password needed to open the wallet). This is the password of the agent user granted `AV_AGENT` role. The `-wpwd` argument can be omitted if the corresponding environment variable, `AVCA_WPWD` is set to `wallet_pwd`. If the command-line argument `-wpwd` is specified, then the command-line argument overrides the environment variable.

Usage Notes

After you execute this command, .sso and .p12 files are generated in the wallet location.

Example

The following example shows how to create a wallet in the location specified as $T_WORK/tt_1. In this example, the AVCA_WPWD environment variable is set to welcome1, the wallet password, and the -wpwd argument is omitted.

avca create_wallet -wrl $T_WORK/tt_1
AVCA started
Creating wallet...
Wallet created successfully.

deploy_av

Deploys the av.ear file to another node in an Oracle Real Application Clusters (Oracle RAC) environment. This command is run on the Audit Vault Server.

Syntax

deploy_av -avadm <usr>/<pwd> -jdbc_str <jdbc connect string> 
          -sid <sid> -dbalias <db_alias> 
          -avconsoleport <av_console_port>

Arguments

Argument	Description
`-avadm <usr>/<pwd>`	The user name and password of the Audit Vault administrator (user granted `AV_ADMIN` role). Use a slash (/) to separate the user name and password. The `-avadm` argument can be omitted if the corresponding environment variable, `AVCA_AVADM` is set to `usr/pwd`. If the command-line argument `-usr` is specified, then the command-line argument overrides the environment variable.
`-jdbc_str` `<jdbc connect string>`	The JDBC connect string to connect to Audit Vault, which uses the format `jdbc:oracle:<driver type>:@//<host>:<port>/<service name>`
`-sid <sid>`	The Oracle system identifier (SID) for the instance
`-dbalias <db_alias>`	The database alias
`-avconsoleport <av_console_port>`	The port number for the Audit Vault Console

Options

None

Usage Notes

In an Oracle RAC environment, AVCA commands must be issued from the node on which Oracle Enterprise Manager resides. This is the same node on which the av.ear file is deployed.

If the node on which the av.ear file is deployed is down, deploy the av.ear file to another node using the AVCA deploy_av command.

Example

The following example shows how to deploy the av.ear file to another node in an Oracle RAC environment. In this example, the AVCA_AVADM environment variable is set to usr/pwd and the -avadm argument is omitted.

avca deploy_av -jdbc_str jdbc:oracle:<driver type>:@//system14:<port>/<service name> -sid av -dbalias av -avconsoleport 5700

drop_agent

Drops an agent from Audit Vault. This command is run on the Audit Vault Server.

Syntax

avca drop_agent -agentname <agent name>

Arguments

Argument	Description
`-agentname <agent name>`	Specify the agent (by agent name) to be dropped from Audit Vault.

Usage Notes

The drop_agent command does not delete the agent from Audit Vault; it disables the agent. The user can neither add the same agent name again nor enable the dropped agent.
An error will be raised if active collectors are still running in the agent.

Example

The following example shows how to drop an agent named 'OC4JAgent1' from Audit Vault:

avca drop_agent -agentname OC4JAgent1 
AVCA started
Dropping agent...
Agent dropped successfully.

help

Displays Help for the AVCA commands. This command is run on both the Audit Vault Server and Audit Vault Agent.

Syntax

avca -help

avca <command> -help

Arguments

Argument	Description
`<command>`	The name of an AVCA command for which you want Help to appear

Options

None

Usage Notes

None

Example

The following example shows how to display general AVCA utility Help in the Audit Vault Server home.

avca -help
  --------------------------------------------
  AVCA Usage
  --------------------------------------------
  Oracle Audit Vault Server Installation commands
      avca secure_av -avkeystore <keystore location> -avkeystorepwd <keystore pwd> -avtruststore <truststore location>
      avca secure_av -remove
      avca upgrade -avsysdba <usr>/<pwd> -dvowner <usr>/<pwd>
 
  Oracle Audit Vault Configuration commands - Agent:
      avca add_agent -agentname <agent name> [-agentdesc <desc>] -agenthost <host> -agentusr <usr>
      avca drop_agent -agentname <agent name>
 
  Oracle Audit Vault Configuration commands - Warehouse:
      avca set_warehouse_schedule -schedulename <schedule name>
      avca set_warehouse_schedule -startdate <start date> -rptintrv <repeat interval> [-dateformat <date format>]
      avca set_warehouse_retention -intrv <year-month interval>
 
  Oracle Audit Vault Configuration commands - Authentication:
      avca create_wallet -wrl <wallet_location> -wpwd <wallet_pwd>
      avca create_credential -wrl <wallet_location> -wpwd <wallet_pwd> -dbalias<db alias> -usr <usr>/<pwd>
 
  avca -help

The following example shows how to display specific AVCA Help for the add_agent command in Audit Vault.

avca add_agent -help

  avca add_agent -agentname <agent name> [-agentdesc <desc>] -agenthost <host> -agentusr <usr>
  ------------------------------------------------
  -agentname <agent name>
  [-agentdesc <agent description>]
  -agenthost <agent host>
  -agentusr <the user which represents agent>
  ------------------------------------------------

The following example shows how to display general AVCA utility Help in the Audit Vault Agent home.

avca -help
  --------------------------------------------
  AVCA Usage
  --------------------------------------------
  Oracle Audit Vault Agent Installation commands
      avca secure_agent -agentkeystore <keystore location> -agentkeystorepwd <keystore pwd> -avdn <DN of Audit Vault> -agentdn <DN of agent>
      avca secure_agent -remove
      avca upgrade
 
  Oracle Audit Vault Configuration commands - Authentication:
      avca create_wallet -wrl <wallet_location> -wpwd <wallet_pwd>
      avca create_credential -wrl <wallet_location> -wpwd <wallet_pwd> -dbalias<db alias> -usr <usr>/<pwd>
 
  avca -help

redeploy

Redeploys the av.ear file on the Audit Vault Server system or the AVAgent.ear file on the Audit Vault Agent system.

Syntax

avca redeploy

Arguments

None

Options

None

Usage Notes

None

Example

The following example shows how to redeploy either the av.ear file on the Audit Vault Server system or the AVAgent.ear file on the Audit Vault Agent system.

avca redeploy

secure_agent

Secures the Audit Vault Agent by enabling mutual authentication with the Audit Vault Server. This command is run on the Audit Vault Agent. This command also removes mutual authentication with Audit Vault Server.

Syntax

avca secure_agent -agentkeystore <keystore location>
-agentkeystorepwd <keystore pwd> -avdn <DN of Audit Vault Server> 
-agentdn <DN of agent>

avca secure_agent -remove

Arguments

Argument	Description
`-agentkeystore <keystore location>`	Specify the key store location for this agent.
`-agentkeystorepwd <keystore pwd>`	Specify the key store password for this agent.The `-agentkeystorepwd` argument can be omitted if the corresponding environment variable, `AVCA_AGENTKEYSTOREPWD` is set to `keystore password`. If the command-line argument `-agentkeystorepwd` is specified, then the command-line argument overrides the environment variable.
`-avdn <DN of Audit Vault Server>`	Distinguished name (DN) of the Audit Vault Server
`-agentdn <DN of agent>`	DN of this Audit Vault Agent
`-remove`	Keyword to indicate removing mutual authentication with Audit Vault Server

Usage Notes

The key store and certificate must be in place at the agent side before you execute this command.
Use the following command to generate a key store:
```
$ORACLE_HOME/jdk/bin/keytool
```
When you issue the secure_agent command for the specified agent with both the agent and its collectors in a running state, the agent and all its collectors will shut down when the agent OC4J shuts down and starts up again. The specified agent and its collectors must all be manually started again.

Example

The following example shows how to secure the Audit Vault Agent by enabling mutual authentication with the Audit Vault Server. In this example, the AVCA_AGENTKEYSTOREPWD environment variable is set to welcome1 and the -agentkeystorepwd argument is omitted.

avca secure_agent -agentkeystore /tmp/agentkeystore
-agentdn "CN=agent1, OU=development, O=oracle,
L=redwoodshores, ST=ca, C=us" -avdn "CN=av1, OU=development, O=oracle,
L=redwoodshores, ST=ca, C=us"

The following example shows how to unsecure the Audit Vault Agent by disabling mutual authentication with the Audit Vault Server.

avca secure_agent -remove
AVCA started
Restarting agent OC4J...
OC4J restarted successfully.

secure_av

Secures Audit Vault Server by enabling mutual authentication with the Audit Vault Agent. This command is run on the Audit Vault Server. This command also removes mutual authentication with Audit Vault Agent.

Syntax

avca secure_av -avkeystore <keystore location> -avkeystorepwd <keystore pwd>
-avtruststore <truststore location>

avca secure_av -remove

Arguments

Argument	Description
`-avkeystore <keystore location>`	Specify the key store location for Audit Vault Server.
`-avkeystorepwd <keystore pwd>`	Specify the key store password for Audit Vault Server. The `-avkeystorepwd` argument can be omitted if the corresponding environment variable, `AVCA_AVKEYSTOREPWD` is set to `keystore password`. If the command-line argument `-avkeystorepwd` is specified, then the command-line argument overrides the environment variable.
`-avtruststore <truststore location>`	Specify the trust store location for Audit Vault Server.
`-remove`	Keyword to indicate removing mutual authentication with the Audit Vault Agent.

Usage Notes

The key store and certificate must be in place at Audit Vault Server before you execute this command.
Use the following command to generate a key store:
```
$ORACLE_HOME/jdk/bin/keytool
```
When you issue the secure_av command, the Audit Vault Console OC4J will shut down and start up again, requiring you to log in to Audit Vault Console again.

Example

The following example shows how to secure Audit Vault Server by enabling mutual authentication with the Audit Vault Agent. In this example, the AVCA_AVKEYSTOREPWD environment variable is set to welcome1 and the -avkeystorepwd argument is omitted.

avca secure_av -avkeystore /tmp/avkeystore 
-avtruststore /tmp/avkeystore

The following example shows how to unsecure Audit Vault Server by disabling mutual authentication with the Audit Vault Agent.

avca secure_av -remove
AVCA started
Stopping OC4J...
OC4J stopped successfully.
Starting OC4J...
OC4J started successfully.
Oracle Audit Vault 10g Database Control Release 10.2.2.0.0  Copyright (c) 1996,2005 Oracle Corporation.  All rights reserved.
http://stacd05.us.oracle.com:5700/av
Oracle Audit Vault 10g is running.
------------------------------------
 
Logs are generated in directory /scratch/10.2.2/av_1/av/log

set_warehouse_retention

Controls the amount of data kept online in the data warehouse fact table. This command is run on the Audit Vault Server.

Syntax

avca set_warehouse_retention -intrv <year-month interval>

Arguments

Argument	Description
`-intrv <year-month interval>`	Specify the year month interval in the form [+]YY-MM.

Usage Notes

The interval set defines the lifetime of the partitions in the fact table.
Partitions that are older than the lifetime are removed during the next refresh of the fact table.
The interval must be positive.
Only data loaded using the AVCTL load_warehouse command can be purged using the AVCTL purge_warehouse command . The data loaded using the AVCTL refresh_warehouse command is removed automatically based on the warehouse retention specified using the AVCA set_warehouse_retention command.

Example

The following example shows how to control the amount of data kept online in the data warehouse table. In this case, a time interval of one year is specified.

avca set_warehouse_retention -intrv +01-00 
AVCA started
Setting warehouse retention period...
done.

set_warehouse_schedule

Sets the schedule for refreshing data from the raw audit data store to the star schema. This command is run on the Audit Vault Server.

Syntax

avca set_warehouse_schedule -schedulename <schedule name>

avca set_warehouse_schedule -startdate <start date> 
     -rptintrv <repeat interval> [-dateformat <date format>]

Arguments

Argument	Description
`-schedulename <schedule name>`	Specify the schedule name created using the `DBMS_SCHEDULER.create_schedule` procedure.
`-startdate <start date>`	Specify the start date for a warehouse refresh job using the default format DD-MON-YY. To use a different format, specify the `-dateformat` argument.
`-rptintrv <repeat interval>`	Specify the repeat interval for the schedule using the syntax used in the `DBMS_SCHEDULER.create_schedule` procedure.
`[-dateformat <date format>]`	Optionally, specify the date format for the `-startdate` argument.

Usage Notes

The schedule can be set using a named schedule created using the DBMS_SCHEDULER.create_schedule procedure, or the schedule can be set by providing the start date and repeat interval.
The following are error conditions:
- The schedule name argument must be a valid schedule created using the DBMS_SCHEDULER.create_schedule procedure.
- The repeat interval argument must be a valid interval specification consistent with the DBMS_SCHEDULER package.

Example

The following examples show how to set the schedule for refreshing data from the raw audit data store to the star schema by schedule name and by start date using the AVCA set_warehouse_schedule command.

The following example uses a schedule name argument based on a valid schedule created using the DBMS_SCHEDULER.create_schedule procedure.

avca set_warehouse_schedule -schedulename daily_refresh 
AVCA started
Set warehouse schedule...
done.

The following example uses a start date and repeat interval argument.

avca set_warehouse_schedule -startdate 01-JUL-06 -rptintrv 'FREQ=DAILY;BYHOUR=0'
AVCA started
Set warehouse schedule...
done.

The following example uses a start date with a specified date format and a repeat interval argument.

avca set_warehouse_schedule -startdate 01-07-2006 -dateformat 'DD-MM-YYYY'
-rptintrv 'FREQ=DAILY;BYHOUR=0'
AVCA started
Set warehouse schedule...
done.

upgrade

Upgrades an Audit Vault Server or an Audit Vault Agent to the current release from the previous release. This command is run on both the Audit Vault Server and on the Audit Vault Agent.

Syntax

For upgrading the Audit Vault Server:

avca upgrade -avsysdba <usr>/<pwd> -dvowner <ysr>/<pwd>

For upgrading the Audit Vault Agent.

avca upgrade

Arguments

Argument	Description
`-avsysdba <usr>/<pwd>`	Specify the Audit Vault sysdba user name and password.
`-dvowner <sys>/<pwd>`	Specify the Oracle Database Vault Owner user name and password.

Usage Notes

None

Example

The following example shows how to upgrade an Audit Vault Agent:

avca upgrade