5 Administrative Tasks

This chapter describes important administrative tasks to perform on the Audit Vault system. These tasks are especially important if your audit data collectors are collecting high volumes of audit records and rapidly filling default tablespace and disk space settings.

The Audit Vault system Administrator should perform the following administrative tasks on a running Audit Vault system:

• Monitoring Space Usage on the SYSAUX Tablespace

• Monitoring Disk Space Usage Where Archive Logs Are Stored

• Setting Up an Agent Listener to Listen to Other Nodes in an Oracle RAC Environment

• Making Connectivity to the Source from the Audit Vault Agent More Highly Available in an Oracle RAC Environment

• Changing Audit Vault User Passwords on a Regular Basis

• Back Up and Recovery of Oracle Audit Vault

5.1 Monitoring Space Usage on the SYSAUX Tablespace

Following an Audit Vault Server installation and the creation of the Audit Vault database, the SYSAUX tablespace is created by default with one data file. The SYSAUX tablespace is a locally managed tablespace with automatic segment space management.

The Audit Vault administrator should monitor the space usage for the SYSAUX tablespace and set up additional datafiles for storage as needed. See Oracle Database Administrator's Guide for more information about the SQL ALTER TABLESPACE command.

5.2 Monitoring Disk Space Usage Where Archive Logs Are Stored

During an Audit Vault Server installation, ARCHIVELOG mode is turned on by default. For this reason, the Audit Vault administrator must monitor the disk space usage for these files to prevent a small disk from quickly filling to capacity. See Oracle Database Administrator's Guide for more information about changing the LOG_ARCHIVE_DEST_n location to relocate these archive log files to larger disks. For information about backing up the archive logs, see Oracle Database Backup and Recovery Advanced User's Guide.

5.3 Setting Up an Agent Listener to Listen to Other Nodes in an Oracle RAC Environment

In an Oracle Real Application Clusters (Oracle RAC) environment, after the Audit Vault Agent is set up, the node on which the agent was installed has its listener set up to listen to only that node. Thus, only that node can be specified to which to connect. However, the administrator can set up the listener to listen to the other nodes.

For the OSAUD and DBAUD collectors, the Administrator must update the tnsnames.ora file during installation of the Audit Vault Agents.

After the agent is set up, the tnsnames.ora file located in $ORACLE_HOME/network/admin might have the following alias:

AV = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = node01)
(PORT = 1521))(CONNECT_DATA = (SERVICE_NAME = av.us.oracle.com))) 

For high availability, the administrator might need to edit the Audit Vault Agent home tnsnames.ora file after the agent is set up and add the host and port of the other listeners. For example:

AV = 
  (DESCRIPTION = 
    (ADDRESS = (PROTOCOL = TCP)(HOST = node01)(PORT = 1521)) 
    (ADDRESS = (PROTOCOL = TCP)(HOST = node02)(PORT = 1521)) 
    (ADDRESS = (PROTOCOL = TCP)(HOST = node03)(PORT = 1521)) 
    (ADDRESS = (PROTOCOL = TCP)(HOST = node04)(PORT = 1521)) 
    (LOAD_BALANCE = yes) 
    (CONNECT_DATA = 
      (SERVER = DEDICATED) 
        (SERVICE_NAME = av.us.oracle.com) 
    ) 
  ) 

For the REDO collector, the administrator must log in as the srcuser at the source database and re-create the database link for av.us.oracle.com. The new database link can either have a list of host and port numbers or point to a tnsnames entry with the list of host and port numbers.

5.4 Making Connectivity to the Source from the Audit Vault Agent More Highly Available in an Oracle RAC Environment

When a source is added to Oracle Audit Vault, the Audit Vault administrator must provide the host:port:service information for the source being added. This information is used for the following tasks from the agent:

• REDO collector: starting and stopping the capture process on the source

• DBAUD collector: retrieving rows from aud$ and fga_log$ tables

• Policy management: retrieving source dictionary information

Typically, when the Oracle Database instance on the host goes down or if the host machine goes down, the connectivity to the source from the Audit Vault Agent is broken and any attempt to perform these tasks is unsuccessful because this connection is not available:

The Audit Vault administrator can do any or all of the following operations to make the connection between the source and the Audit Vault Agent more highly available:

• Update in the Audit Vault Agent home, the tnsnames.ora file in the /network/admin directory on Linux or UNIX systems or in the \network\admin directory on Windows systems to add additional host or port information for the service. The user can also add options for load balancing and failure in the connect string. For additional information, see Oracle Database Net Services Administrator's Guide and specifically Chapter 13 "Enabling Advanced Features of Oracle Net Services".

• Configure a listener on the Oracle RAC nodes to support connecting to remote nodes and configuring the Oracle Database to communicate with remote listeners. This will help in the situation when the Oracle Database instance goes down, then the listener on the host can create connections on a different Oracle RAC node. For additional information, see Oracle Database Net Services Administrator's Guide and specifically Chapter 10 "Configuring and Administering the Listener".

• Provide host information using the virtual IP address of the node instead of the physical IP address. This will help when the host machine goes down, then all traffic to the host will get redirected to a different node.

5.5 Changing Audit Vault User Passwords on a Regular Basis

Most businesses and groups adhere to some internal policy for changing user name passwords. This is usually part of a password management policy. This policy often requires users to make password changes on a regular basis, such as every 120 days. Changing Audit Vault user name passwords should be considered part of the same password management policy. This section provides additional information about Audit Vault user names and source user names and how and where password changes are implemented.

Table 5-1 shows where the passwords for the Audit Vault user names and source user names are stored and where password changes must be made. Note that if a password for a source user name is updated in the source database, then the password, because it is also stored in the wallet in the Audit Vault Agent home, must also be updated.

Table 5-1 Where Passwords for the Audit Vault User Names and Source User Names Are Stored

Audit Vault Role	Audit Vault User Name	Is Password Stored in Wallet?	How Is Password Change Made?
AV_ADMIN	avadminusr	Yes	Use the mkstore command-line utility to change the password in the wallet in the Audit Vault Server home
AV_AGENT	avagentusr	Yes	Use the mkstore command-line utility to change the password in the wallet in the Audit Vault Agent home
Source user on source database	srcusr	Yes	Use the SQL ALTER USER command on the source databaseAudit Vault Server home. Use the mkstore command-line utility to change the password in the wallet in the Audit Vault Agent home
AV_AUDITOR	avauditorusr	No	Use the SQL ALTER USER command in the Audit Vault Server home
AV_SOURCE	avsrcusr	No	Use the SQL ALTER USER command in the Audit Vault Server home

Change the Passwords of the avauditorusr and avsrcusr User Names in the Audit Vault Server Home

To change the passwords of the avauditorusr and the avsrcusr user names, make the change in the Audit Vault Server home in the Audit Vault database using the SQL ALTER_USER command. Log in as the user with the role of Database Vault Account Manager.

For example, to change passwords of the avauditorusr and avsrcusr user names, perform the following steps:

1. Log in to SQL*Plus as the Database Vault Account Manager.

   For the Basic installation, log in as follows:

   sqlplus /nolog 
   SQL> connect <avadmin>dva
   Enter password: <avadmin user password>
   Connected.
   SQL>
   
   

   For the Advanced installation, log in as follows:

   sqlplus /nolog
   SQL> connect <dv_acctmgr user name>
   Enter password: <dv_acctmgr user password>
   Connected.
   SQL>
   
   

2. To change the avauditorusr name password, use the SQL ALTER USER command.

   SQL> alter user <avauditorusr name> identified by <avauditorusr password>;
   
   

3. To change the avsrcusr name password, use the SQL ALTER USER command.

   SQL> alter user <avsrcusr name> identified by <avsrcusr password>;
   SQL> exit
   
   

Change the Password of the avadminusr User Name in the Audit Vault Server Home

To change the password of the avadminusr user name in the wallet location, use the mkstore command-line utility found in the $ORACLE_HOME/bin directory on LINUX and UNIX systems or found in the ORACLE_HOME\bin directory on Windows systems of the Audit Vault Server home.

For example, to change password of the avadminusr user name, perform the following steps in the Audit Vault Server home:

1. To list all entries (all database service names (aliases) and the corresponding user name (schema) for that database) in the wallet, use the following mkstore command. The password that you enter is the current avadminusr user name password. For example:

   mkstore -wrl ORACLE_HOME/network/admin/avwallet -listCredential
   Enter password: <current avadminusr password>
   
   List credential (index: connect_string username)
   1: av avadminusr
   
   

2. To update the password for the credential, use the following mkstore command. The password that you enter is the new avadminusr user name password. At the Enter password: prompt, enter the new password for the avadminusr user name. For example:

   mkstore -wrl ORACLE_HOME/network/admin/avwallet -modifyCredential av avadmin <new avadminusr password>
   Enter password: <new avadminusr password>
   
   

Change the Passwords of the avagentusr and srcusr User Name in the Audit Vault Agent Home

To change the passwords of the avagentusr and srcusr user names in the wallet location, use the mkstore command-line utility found in the $ORACLE_HOME/bin directory on LINUX and UNIX systems or found in the ORACLE_HOME\bin directory on Windows systems of the Audit Vault Agent home.

For example, to change the passwords of the avagentusr and srcusr user names, perform the following steps in the Audit Vault Agent home:

1. To list all entries (all database service names (aliases) and the corresponding user name (schema) for that database) in the wallet, use the following mkstore command. The password that you enter is the current avagentusr user name password. For example:

   mkstore -wrl ORACLE_HOME/network/admin/avwallet -listCredential
   Enter password: <current avagentusr password>
   List credential (index: connect_string username)1: AV avagentusr
   2: SRCDB1 srcusr
   
   

2. To update the passwords, use the following mkstore command. The passwords that you enter are the new avagentusr user name password or the new srcusr user name password. At the Enter password: prompt, enter the new password for each user name. For example:

   mkstore -wrl $ORACLE_HOME/network/admin/avwallet -modifyCredential AV agentuser1 <new avagntusr password>
   Enter password: <new avagntusr password>
   
   mkstore -wrl ORACLE_HOME/network/admin/avwallet -modifyCredential SRCDB1 srcusr <new srcusr password>
   Enter password: <new srcusr password>
   
   

Check To Ensure All Changed User Name Passwords Work Correctly

Always check to make sure all changed passwords for Audit Vault user names and source user names are working correctly. To check the passwords of the avadminusr and avauditorusr user name, open a Web browser and log in to the Audit Vault Console as the Audit Vault administrator. Then log out and log in to the Audit Vault Console as the Audit Vault auditor. A successful log in indicates that the new avadminusr and avauditor user name passwords are working fine. If your login is not successful after several attempts, repeat the steps previously mentioned in this section to change the password again for that particular Audit Vault user name and retry the login.

Next, stop the agent and collectors and start the agent and each collector. If the agent and the collectors each start up and collectors are collecting audit records again, the new avagntusr, avsrcusr, and srcusr user name passwords are all working.

If you experience problems, check the log files (see Chapter 6 for more information) to determine which user name password might be the source of the problem. Then, if needed, repeat the steps previously mentioned to change the password for that user name and try to start up the agent and the collectors again.

5.6 Back Up and Recovery of Oracle Audit Vault

Oracle Audit Vault patches do not have the ability to be rolled back, therefore you should take precautions to backup the files before any Oracle Audit Vault patch is applied until you have tested the patchset apply.

Back Up the Database

Out of the box, Audit Vault does not enable the SYSDBA privilege. Therefore, if you will be using RMAN to backup the database, you will need to follow the directions in Section 3.7.2 "Enabling or Disabling Connections with the SYSDBA Privilege" in the Audit Vault Server installation guide for the respective platform install documentation. After cleanly shutting down the instance following the analysis of the database, you should perform a full backup of the database. Complete the following steps:

1. Sign on to RMAN:

   rman "target / nocatalog"
   
   

2. Issue the following RMAN commands:

   RUN
   {
       ALLOCATE CHANNEL chan_name TYPE DISK;
       BACKUP DATABASE FORMAT 'some_backup_directory%U' TAG before_upgrade;
       BACKUP CURRENT CONTROLFILE TO 'save_controlfile_location';
   }
   
   

   Caution:

   If you encounter problems with the upgrade and wish to abandon the upgrade completely, then you will need to restore the database from this backup. Therefore, make sure you back up your database now as a precaution.

   See Also:

   Oracle Database Backup and Recovery Basics for more information about backing up a database.

Back Up Audit Vault Server Home

Because the patchset will update files in the Audit Vault Server Home, these files should all be backed up or copied to another directory until the patchset has been tested.

Back Up Audit Vault Collection Agent Home

Because the patchset will update files in the Audit Vault Collection Agent Home, these files should be backed up or copied to another directory until the patchset has been tested.

Abandon the Upgrade

If the patchset apply is not successful, to abandon the upgrade, perform the following steps:

1. Copy (Restore) the Audit Vault Server Home files back.

2. Copy (Restore) the Audit Vault Agent Home files back.

3. If you completed the steps in Back Up the Database to back up your database, then restore that backup. Complete the following steps:

   1. Log in to the system as the owner of the Oracle home directory of the previous release.

   2. Sign on to RMAN:

      rman "target / nocatalog"
      
      

   3. Issue the following RMAN commands:

      STARTUP NOMOUNT
      RUN
      {
          REPLICATE CONTROLFILE FROM 'save_controlfile_location';
          ALTER DATABASE MOUNT;
          RESTORE DATABASE FROM TAG before_upgrade
          ALTER DATABASE OPEN RESETLOGS;
      }