| Oracle® Audit Vault Release Notes 10g Release 2 (10.2.2.0.0) Part Number B31587-01 |
|
| View PDF |
| Oracle® Audit Vault Release Notes 10g Release 2 (10.2.2.0.0) Part Number B31587-01 |
|
| View PDF |
Release Notes
10g Release 2 (10.2.2.0.0)
B31587-01
April 2007
These release notes describe issues and workarounds for Oracle Audit Vault 10g Release 2 (10.2.2.0.0).
For the latest release notes, and to view other Audit Vault documentation, see the Oracle Documentation page on the Oracle Technology Network. The URL is as follows:
http://www.oracle.com/technology/documentation
This document contains the following sections:
Government regulations require businesses to provide security for data on customers, employees, and partners. Databases, applications, and other systems produce vast quantities of data. Auditors must analyze this data in a timely fashion across geographically dispersed and heterogeneous systems. Business users must consolidate data across all systems and monitor the data for a holistic view of enterprise data access. The consolidation process must use a single audit data warehouse that is secure, scalable, reliable, and highly available.
Oracle Audit Vault is an enterprise-wide auditing solution that monitors corporate data and provides alerts and reports for security auditing and compliance. Oracle Audit Vault collects audit data and critical events from databases and consolidates the data in a centralized and secure audit warehouse.
Oracle Audit Vault solves security and audit problems by performing the following functions:
Consolidating audit information from multiple systems across the enterprise
Detecting changes to data and generating reports and alerts
Protecting audit data from modification
For information on platform support, licensing, and installation, read the following documents:
Oracle Audit Vault Server Installation Guide for Solaris Operating System (SPARC 64-Bit)
Oracle Audit Vault Server Installation Guide for AIX 5L Based Systems (64-Bit)
Oracle Audit Vault Server Installation Guide for HP-UX PA-RISC (64-Bit)
Oracle Audit Vault Server Installation Guide for Linux x86-64
The rest of this section describes known issues and workarounds pertaining to installation and uninstallation. The following topics are discussed:
The Silent Installer Does Not Issue an Error When the SID Is Omitted
The Silent Installer for the Agent Does Not Validate Against the Server
Silent Installation Proceeds Even When Variables Are Not Populated
Silent Installation for the Agent Does Not Report Incorrect Parameters
The Required Storage Is Not Updated When Adding to the ASM Diskgroup
The Same sysdba Password Is Required for Audit Vault and ASM
An Error Occurs After Selecting a Non-Empty Oracle Home for Agent Installation
After a RAC Installation, Start Oracle Enterprise Manager Database Control
After a RAC Installation, an Error Is Issued During Creation of the Database
In a RAC Environment, Preparatory Steps Are Required Before Installing Additional Nodes
In a RAC Environment, the dvca -action optionrac Command on a Remote Node Returns an Error
Database Is in an UNKNOWN State after Rebooting Cluster Nodes
Manual Cleanup Is Required After Uninstalling the Audit Vault Database
(Bug 5739374)When peforming silent installation for the Audit Vault server, if you do not provide a value for the s_dbSid option, the SID defaults to av.
The workaround is to ensure that you have set the correct value for the s_dbSid option in the response file before running the silent installation.
(Bug 5747235)When performing a silent installation of the Audit Vault agent, the installer does not connect to the specified Audit Vault server and check the user-provided information. This type of validation is only available when using one-click installation.
The following are workarounds:
Ensure that you are installing the agent on the computer that you specified when issuing the avca add_agent command on the server.
Manually check the user-provided information in the response file for the silent installation.
Verify that the Audit Vault database is up.
(bug 5892119)When running a silent installation, the dvca command may fail to run. However, the silent installer will report that it ran successfully.
The workaround for this issue is to check the installation logs after running silent installation. The log files are located as follows:
ORACLE_HOME/cfgtoollogs/oui/installActionsdate_time.log
(Bug 5859406)When you run the silent installation program, as follows, you may receive an error:
./runInstaller -silent -responseFile <absolute path to av.rsp file>
If you have not properly supplied all required variables in the silent installation file, the following error appears:
'SEVERE:Abnormal program termination. An internal error has occured. Please provide the following files to Oracle Support :'.
If you receive this error, check the silent installation response file and ensure that you have provided proper input for all required variables.
(bug 5910202)On Windows, silent installation of the Audit Vault agent can report that the avca command succeeded, even if you supplied incorrect parameters in the response file.
You should check the installation logs after completing silent installation. Errors are reported correctly in the log file.
(Bug 5764944)When when adding disks to an existing Automatic Storage Management (ASM) disk group during Audit Vault installation, the amount of required storage space may not be updated.
The workaround is to click the Change Discovery Path button and update the discovery path before adding the disks.
(Bug 5841694)In this release, the installer does not support the -record option.
(Bug 5845686)After installing Automatic Storage Management (ASM) and Oracle Audit Vault, you may receive the following error when connecting to ASM:
"Supllied ASM SYSDBA password is invalid"
The workaround is to provide the same sysdba password for both ASM and Audit Vault.
(Bug 5874570)When installing an Audit Vault agent, if you select a non-empty Oracle Home directory, you receive the following error:
Recommendation: Choose a new Oracle Homme or a home that contains Oracle Database 10g Client Release 1 software of a home that contains Oracle Database 10g Release 2 software for installing this product.
This message is applicable to the Oracle 10g Release 1 client, not the Audit Vault agent. You should install the Audit Vault agent in a new home directory, or in an existing Oracle Audit Vault home directory.
(Bug 5891914)On Windows, if you run setup.exe using additional options, for example, -record, or if the system is running Cluster Ready Services (CRS), the one-click installation program may not start up.
The workaround is to add the following option when invoking setup.exe with additional options:
-oneclick
After you finish installing the Audit Vault Server in a RAC environment, Oracle Enterprise Manager Database Control may be down. If it is down, start it using the following commands. If you have an Oracle RAC environment, run these commands on all nodes:
$ORACLE_HOME/bin/emctl stop dbconsole $ORACLE_HOME/bin/emctl start dbconsole $ORACLE_HOME/bin/avctl start dbconsole
(bug 5488388)After installing Audit Vault, the following error appears when creating a RAC database using the dbca command:
Failed to retrieve network listener Resources
The workaround for this error is to click yes on the error screen and continue the installation.
(bug 5735952)You can receive an SPFILE error when running the dvca command on a remote node after installation in a RAC environment.
To avoid this error, perform the following steps after installing Audit Vault on a single node in a RAC environment, and before adding other nodes using the addnode script on the local node:
Stop the database, as follows:
srvctl stop database -d db_name -c "sys/sys passwd as sysdba"
Where db_name is the name of the database you are stopping, sys is the ID that was generated during the database installation, and sys passwd is the corresponding password.
Start the database with the NOMOUNT option, as follows:
$ sqlplus /NOLOG
SQL> CONNECT SYS/SYS_password AS SYSDBA
SQL> STARTUP NOMOUNT
Create an SPFILE from PFILE, as follows:
SQL> CREATE SPFILE='SHARED_LOCATION/SPFILE.ORA'
FROM 'PFILE=pfile_location/init.ora'
Where pfile_location is usually ORACLE_HOME/admin/db_name/pfile for Optimal Flexible Architecture-compliant databases.
Shut down the database:
SQL> SHUTDOWN IMMEDIATE SQL> EXIT
Clear the contents of the PFILE located at ORACLE_HOME/dbs/initsid.ora and set the value of SPFILE to SHARED_LOCATION/SPFILE.ORA.
Restart the database.
When installing Audit Vault on a single node in a RAC environment, the following messages are written to the dvca_install.log file:
Error executing task INIT_AUDIT_SYS_OPERATIONS:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup Error executing task INIT_REMOTE_OS_AUTHENT:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup Error executing task INIT_REMOTE_OS_ROLES:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup Error executing task INIT_OS_ROLES:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup Error executing task INIT_SQL92_SECURITY:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup Error executing task INIT_OS_AUTHENT_PREFIX:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup @ Error executing task INIT_REMOTE_LOGIN_PASSWORDFILE:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup Error executing task INIT_RECYCLEBIN:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup
You can ignore the errors, and after the installation is complete, edit the pfile using the following information and restart the database:
audit_sys_operations=TRUE remote_os_authent=FALSE remote_os_roles=FALSE os_roles=FALSE sql92_security=TRUE os_authent_prefix='' remote_login_passwordfile=EXCLUSIVE recyclebin=OFF
The pfile location is usually ORACLE_HOME/admin/db_name/pfile for Optimal Flexible Architecture-compliant databases.
(Bug 5735952)When Audit Vault Server is installed on a single node in an Oracle RAC environment, after performing the addnode script from the local node to add a second node, then adding the Listener and adding the instance on the remote node, and executing dvca -action optionrac command, returns the following error message:
ORA-32001: write SPFILE requested but no SPFILE specified at startup
This problem is encountered in the case of CFS storage type.
The workaround to this problem is to perform the following operations before executing the addnode script on the local node:
Stop the database.
srvctl stop database -d <db_name> -c "sys/<sys passwd> as sysdba"
Start the database with the NOMOUNT option:
$ sqlplus /NOLOG SQL> CONNECT SYS/SYS_password AS SYSDBA SQL> STARTUP NOMOUNT
Create a SPFILE from a PFILE by entering the following command where pfile_location is usually $ORACLE_HOME/admin/db_name/pfile for Optimal Felxible Architecture compliant database:
SQL> CREATE SPFILE='SHARED_LOCATION/SPFILE.ORA' FROM 'PFILE=pfile_location/init.ora'
Shut down the database:
SQL> SHUTDOWN IMMEDIATE SQL> EXIT
Clear the contents of PFILE located at $ORACLE_HOME/dbs/initsid.ora and set the value of SPFILE as SHARED_LOCATION/SPFILE.ORA.
Restart the database.
(Bug 5735912)In an Audit Vault in an Oracle RAC environment, if you reboot the cluster nodes after installation the database can revert to an UNKNOWN status. For example, if you enter the following command, the application state is listed as UNKNOWN:
crs_stat -t Name Type Target State Host ------------------------------------------------------------ ora....v1.inst application ONLINE UNKNOWN staka09 ora....v2.inst application ONLINE UNKNOWN staka10 ora.av.db application ONLINE OFFLINE ora....09.lsnr application ONLINE ONLINE staka09 ora....a09.gsd application ONLINE ONLINE staka09
To return the database to an ONLINE state, restart the database after rebooting the nodes, as follows:*
$ORACLE_HOME/bin/srvctl stop database –d db_name -c Òsys/<sys passwd> as sysdbaÓ $ORACLE_HOME/bin/srvctl start database –d db_name -c Òsys/<sys passwd> as sysdbaÓ
Where db_name is the name of the database, sys is the ID that was generated during database installation, and sys passwd is the corresponding password.
(bug 5768129)After uninstalling the Audit Vault database, the configuration files that Audit Vault created are not removed.
You must manually delete the Audit Vault home directory after uninstalling the Audit Vault database.
This section discusses administration and configuration issues and workarounds.
This section discusses the following topics:
Some Agent and Alert Configuration Messages Are Inaccurate or Unclear
Changing the Focus of an Alert Can Cause the Administration Console to Crash
500 Error Occurs if You Specify An Invalid Warehouse Retention Time
(bug 5921442)When configuring Audit Vault, you can encounter a few error messages that require clarification.
The following is a list of errors that you may find misleading:
When you add an agent, you can receive the message, "Agent added successfully" even if the agent has not been added to av$avagent.
When you edit an agent, you can receive the error, "Please provide the agentname" even if you have supplied the agent name.
The same message can appear when you click OK on this page.
When enabling an alert, you can recive the following message:
"Enabling Alerts Failed"
This message should state, "Enabling Alerts Failed. Alerts are already enabled."
A similar problem occurs when disabling an alert.
(bug 5849780)Some error messages are displayed in English even if the rest of the Audit Vault product has been localized. For example, if you do the following in a localized version of Audit Vault you may see an English error:
Log in to the administrative console as an administrator.
Click the Agent sub-tab.
Click Start for an already-started agent.
(bug 5899718)If you enter an invalid multibyte user name on the login page for the Audit Vault administration console, an error is displayed and the user name is displayed in a garbled manner.
For example, this problem occurs if you do the following:
Set the browser to simplified Chinese.
Access the Audit Vault administration console.
On the login page, enter an invalid multibyte user name and click Login.
(bug 5717147)When working in the administrative console, after an inactivity timeout you must supply your login credentials. However, when you re-enter your credentials, the administrative console issues an error.
(bug 5914160)When you click the trash icon in the Remove column to remove an alert, the alert is removed immediately.
In other sections of the Audit Vault administration console, a confirmation page appears.
(bug 5938314)When configuring an alert, the administration console can exit unexpectedly. For example, this can happen when you do the following:
From the administration console, select Audit Policy, then Alerts.
Change the default focus from Basic to Advanced, then back to Basic.
Click OK.
(bug 5944565)Policy names can only have alphanumeric characters. If you use a special character, for example a hyphen ("-") in the name, the Audit Vault database truncates everything that follows the special character.
For example, if you do the following, the policy name "Test-123" is truncated to "Test":
From the Dashboard, click the Audit Policy tab.
If required, click Audit Settings in the upper left.
Select the Audit Source where you want to define settings.
Go to the Overview page and create a policy named Test-123.
(bug 5940950)If you provide an illegal retention time for the data warehouse, you can receive a "500 Internal Server Error."
For example, this problem can occur if you do the following:
Install an Audit Vault server and agent.
Set up and start a source and REDO, DB, and OS Collectors for a database.
Log in as an Audit Vault administrator.
Go to Configuration, then Warehouse.
Set an invalid retention time, for example, specify 15 in the Month field.
Click Reply.
An error similar to the following appears:
500 Internal Server Error java.lang.NumberFormatException at oracle.sql.INTERVALYM.toBytes(INTERVALYM.java:173) at oracle.sql.INTERVALYM.<init>(INTERVALYM.java:108) atoracle.sysman.emo.avt.configuration.AVWarehouseConfigViewObject. getIntervalString(AVWarehouseConfigViewObject.java:485) at oracle.sysman.emo.avt.facade.AVWarehouseConfigService.setDuration (AVWarehouseConfigService.java:156) at oracle.sysman.db.adm.avt.AVWarehouseConfigController.handleEvent (AVWarehouseConfigController.java:189) at oracle.sysman.emSDK.svlt.PageHandler.handleRequest(PageHandler. java:376) at oracle.sysman.db.adm.RootController.handleRequest(RootController. java:170) at oracle.sysman.db.adm.AVControllerResolver.handleRequest (AVControllerResolver.java:125) ...
(bug 5908436)In the administration console pages for Warehouse configuration, buttons are missing for Load Warehouse and Purge Warehouse.
The workaround for this is to use the command line for these functions, as follows:
avctl load_warehouse -startdate start_date -numofdays number_of_days [-dateformat date_format] [-wait] avctl purge_warehouse -startdate start_date -numofdays number_of_days [-dateformat date_format] [-wait]
See the Oracle Audit Vault Administrator's Guide for details.
(bug 5919096)The REDO collector uses Oracle Streams technology to retrieve logical change records (LCRs) from the REDO logs. On the source database, a Streams capture process uses LogMiner to extract new LCRs from the REDO logs based on capture rules that are defined by the user.
If you configure initialization parameters for a streams pool with subpool durations for instance, session, cursor, and execution, you can receive 403 errors.
The workaround is to combine the durations into one pool using the following initialization parameter in init.ora:
_enable_shared_pool_durations = false
The disadvantage of this parameter is that the streams pool will never shrink.
Another possible solution is to find what allocations made a particular duration subpool too large and change their durations, for example, from session to cursor or execution.
This section discusses source issues that you may encounter with Audit Vault. It also provides the workarounds for these issues.
This section discusses the following topics:
Some Source Configuration Messages Are Inaccurate or Unclear
The Administrative Console Does Not Show Agent-to-Source Mapping
(bug 5921442)When configuring Audit Vault, you can encounter a few error messages that require clarification.
The following is a list of errors that you may find unhelpful:
After adding a source, you can receive a message stating that the add action has failed, however, after a short delay the source is added and appears in the user interface.
If you go to the Configuration tab, then Audit Source, then Source, then click View, the port number is shown as a floating number (8235.0).
It should be a whole number.
If you go to the Configuration tab, then Audit Source, then Source, then click Edit, then click OK, an error appears even if no values have been changed.
(bug 5920326)When conducting a search for a source in an environment that uses a double-byte character set, a search field can be pre-populated with garbled data.
For example, if you do the following, this problem can occur.
Log in as an auditor using zh_CN as the locale in the browser.
Go to the administrative console.
Click Audit Policy.
Select a source with a multi-byte name and click Retrieve from Source.
Click the link for the retrieved source.
Click FGA, then Create.
Click the icon next to the Object field.
In the Search and Select page, the multi-byte source name in the input field is garbled.
The workaround is to manually enter the name in the input field.
(bug 5862275)When adding a source in the administration console, no agent mappings are displayed. To work around this issue, use the command line to add the source, for example:
avorcldb add_source -src lnxserver:2222:source1db.domain.com -srcusr srcuser1/<pwd> -avsrcusr avsrcuser1 -desc 'HR Database' -agentname agent1
The -agentname parameter maps the source to the agent.
This section contains issues regarding Collector configuration for Oracle Audit Vault.
This section discusses the following topics:
Some Collector Configuration Messages Are Inaccurate or Unclear
When Starting a Collector, Multibyte Error Messages Are Not Displayed Properly
(bug 5937597)After several restarts, a Collector can take a while to start up.
The workaround is to wait until startup is complete. Operations should be normal after the Collector has finished starting up.
(bug 5921442)When configuring a Collector, you can encounter a few error messages that require clarification.
The following is a list of errors that you may find unhelpful:
After adding a Collector, you can receive a message stating that the add action has failed, however, after a short delay the Collector is added and appears in the user interface.
When you edit a Collector, the edited information may not appear in the user interface.
When you delete a Collector, you can receive a message stating that the delete action failed, even if the Collector has been deleted.
(bug 5899513)If there is an error when starting up a Collector on a browser that is configured for a multibyte language, the error message is displayed partially in English and partially in a garbled format in the target language, as follows:
"Failed to initialize Audit Service, ORA-28150: garbled multibyte text"
For example, this can occur if you do the following:
Set the browser to simplified Chinese.
Log in to the Audit Vault administrative console as an administrator.
Select Management, then Collector.
Select a Collector and click Start.
(bug 5901006)When you configure multibyte source and collector names, you can receive an error when you start the Collector, as follows:
Add a multibyte source name using the avorcldb add_source command.
Add a multibyte collector name using the avorcldb add_collector command.
Run avorcldb setup using the multibyte source name.
Start the Collector as follows:
avctl start_collector -collname from_step_2 -srcname from_step_1
You will receive an "Error executing task start_collector" message with garbled multibyte source and Collector names.
The workaround is as follows:
On the host for the agent, set the LANG and NLS_LANG environment variables to the character set for your multibyte language.
For example, you can configure Simplifed Chinese as follows:
LANG=zh_CN.gbk NLS_LANG=.zhs16gbk
To support multiple languages, set the environment variables to use Unicode, as follows:
LANG=zh_CN.utf-8 NLS_LANG=.al32utf8
Restart OC4J.
(bug 5917038)When you turn on a trace for a REDO Collector, the Collector can crash.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
TTY Access to Oracle Support Services
Oracle provides dedicated Text Telephone (TTY) access to Oracle Support Services within the United States of America 24 hours a day, seven days a week. For TTY support, call 800.446.2398.
Oracle Audit Vault Release Notes, 10g Release 2 (10.2.2.0.0) for Windows (32-bit) and Linux x86
B31587-01
Copyright © 2007 Oracle. All rights reserved.
The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited.
The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose.
If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the Programs, including documentation and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and we disclaim liability for any damages caused by such use of the Programs.
Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
The Programs may provide links to Web sites and access to content, products, and services from third parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites. You bear all risks associated with the use of such content. If you choose to purchase any products or services from a third party, the relationship is directly between you and the third party. Oracle is not responsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with the third party, including delivery of products or services and warranty obligations related to purchased products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party.
