Oracle® Audit Vault Administrator's Guide 10g Release 2 (10.2.2) Part Number B25321-02 |
|
|
View PDF |
Audit Vault Control (AVCTL) is a command-line utility that provides the Audit Vault administrator with the ability to control various Audit Vault components.
Table B-1 describes the Audit Vault Control commands and where each is used, whether on the Audit Vault Server, on the Audit Vault Agent, or in both places.
Table B-1 Audit Vault Control Commands
Command | Where Used | Description |
---|---|---|
Both |
Displays Help for the AVCTL commands |
|
Server |
Loads older data from the raw audit data store into the data warehouse tables for analysis |
|
Server |
Purges older data from the data warehouse tables |
|
Server |
Refreshes the data warehouse dimensions and fact table with the data in the raw audit data store since the last refresh operation. |
|
Server |
Shows the status (metric) of an agent |
|
Server |
Shows the status (metric) of the Audit Vault Console |
|
Server |
Shows the status (metric) of a collector |
|
Agent |
Shows the status (metric) of the agent OC4J |
|
Server |
Starts the agent |
|
Server |
Starts the Audit Vault Console |
|
Server |
Starts the collector |
|
Agent |
Starts the agent OC4J |
|
Server |
Stops the agent |
|
Server |
Stops the Audit Vault Console |
|
Server |
Stops the collector |
|
Agent |
Stops the agent OC4J |
Note:
In an Oracle RAC environment, AVCTL commands must be issued from the node on which Oracle Enterprise Manager resides. This is the same node on which theav.ear
file is deployed.
If the node on which the av.ear
file is deployed is down, deploy the av.ear
file to another node using the AVCA deploy_av command.
Displays Help for the AVCTL commands. This command is run on both the Audit Vault Server and the Audit Vault Agent.
Syntax
avctl -help avctl <command> -help
Arguments
Argument | Description |
---|---|
<command> |
The name of an AVCTL command for which you want Help to appear |
Usage Notes
None
Example
The following example shows how to display general AVCTL utility Help in the Audit Vault Server home.
avctl -help -------------------------------------------- AVCTL Usage -------------------------------------------- Oracle Audit Vault Control commands - AV Server: avctl start_av [-loglevel error|warning|info|debug] avctl stop_av avctl show_av_status Oracle Audit Vault Control commands - Agent: avctl start_agent -agentname <agent name> avctl stop_agent -agentname <agent name> avctl show_agent_status -agentname <agent name> Oracle Audit Vault Control commands - Collector: avctl start_collector -collname <collector name> -srcname <source name> avctl stop_collector -collname <collector name> -srcname <source name> avctl show_collector_status -collname <collector name> -srcname <source name> Oracle Audit Vault Control commands - Warehouse: avctl refresh_warehouse [-wait] avctl load_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait] avctl purge_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait] avctl -help
The following example shows how to display specific AVCTL Help for the start_agent command in Audit Vault.
avctl start_agent -help avctl start_agent -agentname <agent name> ------------------------------------------------ -agentname <agent name> ------------------------------------------------
The following example shows how to display general AVCTL utility Help in the Audit Vault Agent home.
-------------------------------------------- AVCTL Usage -------------------------------------------- Oracle Audit Vault Control commands - Agent OC4J: avctl start_oc4j [-loglevel error|warning|info|debug] avctl stop_oc4j avctl show_oc4j_status avctl -help
Loads older data from the raw audit data store into the data warehouse tables for analysis. This command is run on the Audit Vault Server.
Syntax
avctl load_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait]
Arguments
Argument | Description |
---|---|
-startdate <startdate> |
Specify the start date for the events to be loaded into the data warehouse tables using the default format DD-MON-YY. To use a different format, specify the -dateformat argument. |
-numofdays <num of days> |
Specify the number of days' worth of data to be loaded. |
[-dateformat <date format>] |
Optionally, specify the date format for the -startdate argument. |
[-wait] |
Optionally, specify that the command wait for the load job to complete. If this argument is not specified, a DBMS job is started, and the command returns immediately. |
Usage Notes
The audit records received from the value of the -startdate
argument for the given number of days specified by the -numofdays
argument will be loaded into the data warehouse.
Example
The following example shows how to load the data warehouse with 10 days' worth of audit data beginning with January 1, 2004:
avctl load_warehouse -startdate 01-JAN-04 -numofdays 10 AVCTL started Loading older audit records into warehouse... done.
The following example shows how to load the data warehouse with 10 days' worth of audit data beginning with January 1, 2004 and to specify that the operation wait until the previous load job completes.
avctl load_warehouse -startdate 01-JAN-04 -numofdays 10 -wait AVCTL started Loading older audit records into warehouse... Waiting for load to complete... done.
The following example shows how to load the data warehouse with 10 days' worth of audit data beginning with January 1, 2004 using the DD/MM/YYYY date format.
avctl load_warehouse -startdate 01/01/2004 -numofdays 10 -dateformat DD/MM/YYYY AVCTL started Loading older audit records into warehouse... done.
Purges older data from the data warehouse tables. This command is run on the Audit Vault Server.
Syntax
avctl purge_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait]
Arguments
Argument | Description |
---|---|
-startdate |
Specify the start date for the events to be removed from the data warehouse tables using the default format DD-MON-YY. To use a different format, specify the -dateformat argument. |
-numofdays |
Specify the number of days' worth of data to be removed. |
[-dateformat] |
Optionally, specify the date format for the -startdate argument. |
[-wait] |
Optionally, specify that the command wait for the purge job to complete. If this argument is not specified, a DBMS job is started, and the command returns immediately. |
Usage Notes
The audit records received from the -startdate
argument for the given number of days specified by the -numofdays
argument will be removed from the data warehouse tables.
Only data loaded using the AVCTL load_warehouse command can be purged using the purge_warehouse
command. The data loaded using the AVCTL refresh_warehouse command is removed automatically based on the warehouse duration specified using the AVCA set_warehouse_retention command.
Example
The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004:
avctl purge_warehouse -startdate 01-JAN-04 -numofdays 10 AVCTL started Purging older audit records from warehouse... done.
The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004 and to specify that the operation wait until the previous purge job completes:
avctl purge_warehouse -startdate 01-JAN-04 -numofdays 10 -wait AVCTL started Purging older audit records from warehouse... Waiting for purge to complete... done.
The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004 using the date format of DD/MM/YYYY.
avctl purge_warehouse -startdate 01/01/2004 -numofdays 10 -dateformat DD/MM/YYYY AVCTL started Purging older audit records from warehouse... done.
Refreshes the data warehouse dimensions and fact table with the data from the raw audit data store since the last refresh operation. This command is run on the Audit Vault Server.
Syntax
avctl refresh_warehouse [-wait]
Arguments
Argument | Description |
---|---|
[-wait] |
Optionally, specify that the command wait for the refresh job to complete. If this argument is not specified, a DBMS job is started, and the command returns immediately. |
Usage Notes
The last refresh operation could have been an explicit refresh using this command or a scheduled refresh based on the schedule set using the AVCA set_warehouse_schedule command.
Example
The following example shows how to refresh the data warehouse:
avctl refresh_warehouse AVCTL started Refreshing warehouse... done.
The following example shows how to specify that the refresh operation wait until the previous refresh job completes before refreshing the data warehouse:
avctl refresh_warehouse -wait AVCTL started Refreshing warehouse... Waiting for refresh to complete... done.
Shows the status (metric) of an agent. This command is run on the Audit Vault Server.
Syntax
avctl show_agent_status -agentname <agent name>
Arguments
Argument | Description |
---|---|
-agentname |
Specify the agent (by agent name). |
Usage Notes
None
Example
The following example shows the agent status for the OC4JAGENT1 agent:
avctl show_agent_status -agentname OC4JAGENT1 AVCTL started Getting agent metrics... -------------------------------- Agent is running -------------------------------- Metrics retrieved successfully.
Shows the Audit Vault Console status or the metric of the Audit Vault Server. This command is run on the Audit Vault Server.
Syntax
avctl show_av_status
Arguments
None
Usage Notes
When the Audit Vault Console becomes inaccessible, issue this command to determine its status.
Example
The following example shows the Audit Vault Console status:
avctl show_av_status AVCTL started Oracle Audit Vault 10g Database Control Release 10.2.2.0.0 Copyright (c) 1996, 2005 Oracle Corporation. All rights reserved. http://atacw05.us.oracle.com:5521/av Oracle Audit Vault 10g is running. ------------------------------------ Logs are generated in directory /oracle/product/10.2.2/av_1/av/log
Shows the status (metric) of a collector. This command is run on the Audit Vault Server.
Syntax
avctl show_collector_status -collname <collector name> -srcname <source name>
Arguments
Argument | Description |
---|---|
-collname |
Specify the target collector (by collector name). |
-srcname |
Specify the source (by source name) to which this collector belongs. |
Usage Notes
None
Example
The following example shows the collector status for the DBAUD_Collector collector:
avctl show_collector_status -collname DBAUD_Collector -srcname RODSRC1.US.ORACLE.COM AVCTL started Getting collector metrics... -------------------------------- Collector is running. --------------------------------
Shows the agent OC4J status (metric). This command is run on the Audit Vault Agent.
Syntax
avctl show_oc4j_status
Arguments
None
Usage Notes
None
Example
The following example shows the agent OC4J status for when it is running and when it is not running:
avctl show_oc4j_status AVCTL started ------------------------------------ OC4J is running ------------------------------------ avctl stop_oc4j AVCTL startedStopping OC4J...OC4J stopped successfully. avctl show_oc4j_status AVCTL started------------------------------------OC4J is not running------------------------------------
Starts the agent. This command is run on the Audit Vault Server.
Syntax
avctl start_agent -agentname <agent name>
Arguments
Argument | Description |
---|---|
-agentname |
Specify the agent (by agent name) to be started. |
Usage Notes
On successful completion of this command, the agent is moved to a RUNNING state. If an error is encountered, the agent is moved to an ERROR state.
Audit Vault accepts audit records only from agents in the RUNNING state.
Example
The following example shows how to start the agent in Oracle Audit Vault:
avctl start_agent -agentname OC4JAGENT1 AVCTL started Starting Agent... Agent started successfully.
Starts the Audit Vault Console. This command is run on the Audit Vault Server.
Syntax
avctl start_av [-loglevel error|warning|info|debug]
Arguments
Argument | Description |
---|---|
[-loglevel error|warning|info|debug] |
Optionally, specify the desired level of logging. |
Usage Notes
This command executes an emctl start dbconsole
command.
Example
The following example shows how to start the Audit Vault Console:
avctl start_av AVCTL started Starting agent OC4J... OC4J started successfully. Oracle Audit Vault 10g Database Control Release 10.2.2.0.0 Copyright (c) 1996,2005 Oracle Corporation. All rights reserved. http://atacw05.us.oracle.com:5521/av Oracle Audit Vault 10g is running. ------------------------------------ Logs are generated in directory /oracle/product/10.2.2/av_1/av/log
Starts the collector. This command is run on the Audit Vault Server.
Syntax
avctl start_collector -collname <collector name> -srcname <source name>
Arguments
Argument | Description |
---|---|
-collname |
Specify the collector (by collector name) to be started. |
-srcname |
Specify the name of the source to which the collector (specified in the -collname argument) belongs. |
Usage Notes
On successful completion of this command, the collector is moved to a RUNNING state. If an error is encountered, the collector is moved to an ERROR state.
Audit Vault accepts audit records only from collectors in the RUNNING state.
Example
The following example shows how to start the collector in Audit Vault:
avctl start_collector -collname REDO_Collector -srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM AVCTL started Starting Collector... Collector started successfully.
Starts the agent OC4J. This command is run on the Audit Vault Agent.
Syntax
avctl start_oc4j [-loglevel error|warning|info|debug]
Arguments
Argument | Description |
---|---|
[-loglevel error|warning|info|debug] |
Optionally, specify the desired level of logging. |
Usage Notes
It is possible for the Agent OC4J process to terminate abnormally. Use this command on the command line to manually start the agent OC4J.
Example
The following example shows how to start OC4J:
avctl start_oc4j AVCTL started Starting agent OC4J... OC4J started successfully.
Stops the agent. This command is run on the Audit Vault Server.
Syntax
avctl stop_agent -agentname <agent name>
Arguments
Argument | Description |
---|---|
-agentname |
Specify the agent (by agent name) to be stopped. |
Usage Notes
This command will first stop all collectors running at this agent, and then stop the agent itself.
On successful completion of this command, the agent and its collectors are moved to a STOPPED state.
If an error is encountered, the agent is moved to an ERROR state. Audit Vault accepts audit records only from agents in the RUNNING state.
This is usually a maintenance operation.
Example
The following example shows how to stop the agent in Audit Vault:
avctl stop_agent -agentname OC4JAGENT1 AVCTL started Stopping Agent... Agent stopped successfully.
Stops the Audit Vault Console. This command is run on the Audit Vault Server.
Syntax
avctl stop_av
Arguments
None
Usage Notes
This command executes an emctl stop dbconsole
command.
Example
The following example shows how to stop the Audit Vault Console:
avctl stop_av AVCTL started Stopping OC4J... OC4J stopped successfully.
Stops the collector. This command is run on the Audit Vault Server.
Syntax
avctl stop_collector -collname <collector name> -srcname <source name>
Arguments
Argument | Description |
---|---|
-collname |
Specify the collector (by collector name) to be stopped. |
-srcname |
Specify the name of the source to which the collector (specified in the -collname argument) belongs. |
Usage Notes
On successful completion of this command, the collector is moved to a STOPPED state.
If an error is encountered, the collector is moved to an ERROR state.
Audit Vault accepts audit records only from collectors in the RUNNING state.
This is usually a maintenance operation.
Example
The following example shows how to stop the collector in Oracle Audit Vault:
avctl stop_collector -collname STREAMSCOLLECTOR -srcname ORCL.REGRESS.RDBMS.DEV.US.ORACLE.COM AVCTL started Stopping Collector... Collector stopped successfully.
Stops the agent OC4J. This command is run on the Audit Vault Agent.
Syntax
avctl stop_oc4j
Arguments
None
Usage Notes
This is usually a maintenance operation.
Example
The following example shows how to stop the agent OC4J:
avctl stop_oc4j AVCTL started Stopping agent OC4J... OC4J stopped successfully.