Oracle® Audit Vault Agent Installation Guide 10g Release 2 (10.2.2) Part Number E10087-03 |
|
|
View PDF |
This chapter includes the major steps required to install Oracle Audit Vault Agent.
This chapter includes the following sections:
Before you begin the Audit Vault Agent installation as described in Section 3.2.2, you must create an Audit Vault Agent user and add this agent user to Audit Vault database. Perform the following steps to complete these tasks.
Create a user in the Audit Vault database to represent the Audit Vault Agent.
Set the Audit Vault environment variables (ORACLE_HOME
, ORACLE_SID
, PATH
, LD_LIBRARY_PATH
(for Linux x86, Linux x86-64, and Solaris SPARC_64), SHLIB_PATH
(for HP-UX), or LIBPATH
(for AIX), as applicable, or use the coraenv
or oraenv
scripts located in the server home bin
directory ($ORACLE_HOME/bin
) to perform this operation. Set ORACLE_HOME
to point to the Audit Vault Server home. Set ORACLE_SID
to the database name for a single instance installation (av
is the default database name) or for an Oracle Real Application Clusters (Oracle RAC) installation, set it to the instance name. Set PATH
to include $ORACLE_HOME/bin
.
Log in to SQL*Plus as the Oracle Database Vault Account Manager.
For the Basic installation, log in as follows:
sqlplus /nolog SQL> connect <avadmin user name>dva Enter password: <dv_acctmgr user password> Connected. SQL>
For the Advanced installation, log in as follows:
sqlplus /molog SQL> connect <dv_acctmgr user name> Enter password: <dv_acctmgr user password> Connected. SQL>
Create the Audit Vault Agent user
SQL> create user <avagent user name> identified by <avagent password>; SQL> exit
Add or register the Oracle Audit Vault Agent at Oracle Audit Vault Server.
Run the following AVCA add_agent
command, as shown in Example 3-1.
Example 3-1 Running the AVCA add_agent Command to Add the Created av_agent User to Audit Vault
avca add_agent –agentname <avagent name> [-agentdesc <agent description>] -agenthost <name of host where agent will be installed> -agentusr <avagent user name>
For example:
avca add_agent -agentname agent1 -agenthost machine2.us.oracle.com -agentusr agentuser
The command arguments are as follows:
-agentname
: The name of the agent, with no spaces. The agent name must be unique to the Oracle Audit Vault Server. You cannot reuse an agent name for another agent name on the same server, even after the deinstallation of a previously installed agent. Oracle Audit Vault does not delete agent names that are dropped; it disables the agent name and retains the agent name in its metadata.
You should write this name down. You will enter it as part of the agent installation on the Agent Details page.
-agentdesc
: A description of the agent.
This is optional.
-agenthost
: The host name where the agent is installed, for example, machine2.us.mycompany.com
.
-agentusr
: The user name for the agent that you created previously in Step 1c.
You will enter this user name and password as part of the agent installation on the Agent Details page.
Provide this agent user name, agent password, and agent name to the Audit Vault administrator who plans to install the Oracle Audit Vault Agent software described in Section 3.2.2.
This section describes the following topics:
This section provides an overview of information specific to the installation detail screens for the Audit Vault Agent installation.
Audit Vault Agent Name – The name of the agent can be a maximum of 255 characters. The agent name is required.
Audit Vault Agent Home – Specify or browse to find the path to the Audit Vault Agent home where you want to install Oracle Audit Vault Agent. The path must contain only alphanumeric characters (letters and numbers). The path is required.
Only the special characters shown in Table 3-1 are allowed.
Audit Vault Agent installation prompts for the account name and password of the Audit Vault Agent user created in Step 1 in Section 3.1.
Agent User Name – This user account is granted the AV_AGENT
role. This user manages agents and collectors by starting, stopping, and resetting them. The agent user name is required.
Agent User Password – The password for the Audit Vault Agent user account. The password is required.
The Audit Vault Server connect string takes the form hostname:port:service name
, where these three items are delimited by the colon (:) character. This connect string will be used to configure the connectivity of the agent to the Audit Vault Server database. The host name represents the system where the Audit Vault Server resides. The listener port number and service name information are needed to access the Audit Vault Server database.
These three components must be in the following order, and information for each component must be provided: host name, listener port, and service name.
The host name cannot contain any space characters. The host name is required.
The listener port number must have a value between 0 and 65535. The listener port number is required. The Audit Vault Server listener port number can be determined by issuing the following command in the Audit Vault Server home:
lsnrctl status
The structure of the service name is <db_name>.<db_domain>
. The <db_name>
portion is the Audit Vault name specified during the Audit Vault Server installation. The <db_domain>
is the domain name portion of the full host name for the system where the Audit Vault Server is installed.
The steps to perform an Audit Vault Agent Installation are as follows:
Run Oracle Universal Installer (OUI) to install Oracle Audit Vault Agent. You should run the installer as the software owner account that owns the current ORACLE_HOME
environment. This is normally the oracle
account.
For Linux and UNIX-based systems, log in as the oracle
user. Alternatively, switch user to oracle
using the su -
command. Change your current directory to the directory that contains the installation files. Start Oracle Universal Installer from the Oracle Audit Vault Agent package.
For Linux and UNIX-based systems:
cd <directory containing the Oracle Audit Vault Agent installation files> ./runInstaller
For Windows systems, locate the directory containing the Oracle Audit Vault Agent installation files for Windows, then double-click setup.exe
to start Oracle Universal Installer.
Specify the following information on the Agent Details page, then click Next:
Audit Vault Agent Name – The name of the agent (created in Step 2 of Section 3.1)
Audit Vault Agent Home – Specify or browse to find the path to the Audit Vault Agent home where you want to install Oracle Audit Vault Agent
Agent User Name – The account name of the Audit Vault Agent User (created in Step 1c of Section 3.1).
Agent User Password – The password for the Audit Vault Agent user account (created in Step 1c of Section 3.1).
Specify the Audit Vault Server Connect String that takes the form hostname:port:service name
in that order using a (:) colon delimiter between each item, for example: machine2.us.company.com:1521:av.us.oracle.com
.
See Section 3.2.1.4 for more information about the Audit Vault Server connect string.
See Section 3.2.1 for more information about specifying the Audit Vault information.
Review the installation prerequisite checks on the Prerequisite Check page. This is when all installation prerequisite checks are performed and the results are displayed. Verify that all prerequisite checks succeed, then click Next.
Oracle Universal Installer checks the system to verify that it is configured correctly to run Oracle software. If you have completed all of the preinstallation steps in this guide, all of the checks should pass.
If a check fails, then review the cause of the failure listed for that check on the screen. If possible, rectify the problem and rerun the check. Alternatively, if you are satisfied that your system meets the requirements, then you can select the check box for the failed check to manually verify the requirement.
On the installation Summary page, review the installation summary information. After reviewing this installation information, click Install to begin the installation procedure.
Provide information or run scripts as the root
user when prompted by Oracle Universal Installer. If you need assistance during installation, click Help. If you encounter problems during installation, then examine the Oracle Universal Installer actions recorded in the installation log file. The log file is located in the cfgtoollogs/oui
directory, in the following location:
For Linux and UNIX-based systems:
$ORACLE_HOME/cfgtoollogs/oui/installActionsdate_time.log
For Windows systems:
ORACLE_HOME\cfgtoollogs\oui\installActionsdate_time.log
After the installation completes, on the Exit page, click Exit. Then, on the Confirmation message box, click Yes to exit Oracle Universal Installer.
For Linux and UNIX-based platforms, the system should show that the oc4j process for the agent is running. This process can be checked using the ps
command on the command line. For example, from the Audit Vault Agent home, run the following command:
ps -ef|grep oc4j
For Windows, a Windows service named Oracle Audit Vault Agent -
<agent name>
is created, where <agent name>
is the name of the agent installed. This service is in a Stopped
state. This is just a "bootstrap service"; it is not the agent itself, but rather a service used to start the agent. This bootstrap service completes its task of starting the agent and then shuts itself down, so it will never be seen in a running state. The agent process, identified as avoscoll.exe
, should be running and can be checked by looking at the process list in Task Manager.
See Oracle Audit Vault Administrator's Guide for more information about adding a source, adding a collector, and managing and monitoring the Audit Vault system.
For the agent to be able to fail over across the Oracle RAC Audit Vault nodes, you must establish the proper configuration.
Update the contents of the <Agent_home>/network/admin/tnsnames.ora
file as follows:
<AV SID> = (DESCRIPTION = (ENABLE = BROKEN)(ADDRESS = (PROTOCOL = TCP) HOST = <VIP address of node1>)(PORT = <listener port>)) (ADDRESS = (PROTOCOL = TCP)(HOST = <VIP address of node2>) (PORT = <listener port>))(LOAD_BALANCE = yes) (CONNECT_DATA = (SERVICE_NAME = <AV GDN>) (FAILOVER_MODE=(TYPE=select)(METHOD=basic)(RETRIES=20)(DELAY=15))))
Follow these brief steps to perform a silent installation using a response file:
Make sure all prerequisites are met for the installation of Audit Vault Agent.
Prepare the Audit Vault Agent response file. A template response file can be found at <AV agent installer location>/response/avagent.rsp
on Linux and UNIX-based systems at the Audit Vault Agent installation media and at <AV agent installer location>\response\avagent.rsp
on Windows systems at the Audit Vault Agent installation media.
Prepare the response file by entering values in the first part of the response file for all parameters, then save the file. Do not edit any values in the second part of the response file.
Invoke Oracle Universal Installer using the following options:
For Linux and UNIX-based systems:
./runInstaller -silent -responseFile <Path of response file>
For Windows systems:
setup.exe -silent -responseFile <Path of response file>
In this example:
Path of response file
identifies the full path of the response file.
-silent
runs Oracle Universal Installer in silent mode and suppresses the Welcome window.
For more information about these options, see Section 1.1.2. For general information about these options and about how to complete an installation using these response files, see the platform specific Oracle Database installation guides and Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for Linux and "Installing Oracle Products" in Oracle Universal Installer and OPatch User's Guide for more information about installing and using response files.
After Audit Vault Server and Audit Vault Agent installation is complete, see Oracle Audit Vault Administrator's Guide for some Audit Vault Administration tasks to perform to ensure that additional security for communication is in place, to set up collectors, and to manage and to monitor the audit data collection system.