Oracle® Audit Vault Release Notes Release 10.2.3.2 Part Number E11061-05 |
|
View PDF |
Release Notes
Release 10.2.3.2
E11061-05
February 2011
These Release Notes contain important information that was not included in the Oracle Audit Vault Release 10.2.3.2 documentation.
This document contains these topics:
Installing the Oracle Audit Vault Patch Set on the Audit Vault Server
Installing the Oracle Audit Vault Patch Set on the Audit Vault Agent
You can download the most current version of this document from the following Web site:
In this release, you can install Oracle Audit Vault Server on Microsoft Windows. If you plan to do so, then see Oracle Audit Vault Server Installation Guide for Microsoft Windows (32-Bit) or Oracle Audit Vault Server Installation Guide for Microsoft Windows x64 (64-Bit) for installation instructions. Do not use the instructions in this document to install Oracle Audit Vault Server on Windows.
If you are installing Oracle Audit Vault on Microsoft Windows x64 (64-Bit), then see also Oracle Audit Vault Release Notes for Microsoft Windows x64 (64-bit), which is available as the README.html
file in the Oracle Audit Vault download files.
After you complete the installation, do one of the following:
If you want to install a new Audit Vault agent: See Oracle Audit Vault Collection Agent Installation Guide.
If you want to upgrade an existing Audit Vault agent: See Section 4, "Installing the Oracle Audit Vault Patch Set on the Audit Vault Agent."
Because this is the first release of Audit Vault Server Release 10.2.3.2 on the Microsoft Windows platform, there is no upgrade feature. Note that you cannot upgrade from Release 10.2.2.1.0 to Release 10.2.3.2.
This section describes how to install Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0) for the Oracle Audit Vault Server. It applies to both Release 10.2.3.0 and 10.2.3.1.0.
You must install this patch set on the Oracle Audit Vault Server release before you can upgrade the Agent release installation. This procedure takes approximately an hour and 45 minutes to complete, depending on the speed of your computer.
This section contains:
Step 1: For Oracle RAC, Check the Cluster Ready Services Version
Step 4: Manually Disable Database Vault on Oracle RAC Instances
Step 5: Unset the NLS_LANG and ORACLE_HOME Environment Variables
Step 6: Install the Oracle Audit Vault Patch Set into the Audit Vault Server Home
Step 7: Manually Enable Database Vault on Oracle RAC Instances
If you plan to install the Oracle Audit Vault Server patch set on Oracle Real Application Clusters (Oracle RAC), then ensure that the Cluster Ready Services (CRS) version is Release 10.2.0.4 or later. If the CRS version is not Release 10.2.0.4 or later, then you must first patch CRS to Release 10.2.0.4 before installing the Audit Vault Server patch set.
As a best practice, you should back up your Oracle Audit Vault database, the Audit Vault Server home, and the Audit Vault collection agent home before you begin the upgrade.
You cannot roll back or re-apply the Oracle Audit patch set if the patch set installation fails. Therefore, back up the files before you apply and test the patch upgrade.
After cleanly shutting down the instance following the analysis of the database, perform a full backup of the database. Complete the following steps:
Start RMAN
:
$ rman target /
Issue the following RMAN
commands. In the following example, the tag is named before_upgrade
.
BACKUP DATABASE FORMAT 'backup_directory%U' TAG before_upgrade; BACKUP CURRENT CONTROLFILE FORMAT 'save_controlfile_location';
See Also:
Oracle Database Backup and Recovery Basics for more information about backing up a database.Back Up Oracle Audit Vault Server Home
Because the patch set updates files in the Oracle Audit Vault Server home directory, back up or copy these files to another directory until after you have tested the patch set.
This section contains:
To stop the collectors:
In the server where you installed the Oracle Audit Vault Server, open a shell.
Set the appropriate environment variables for the Oracle Audit Vault Server.
See "Checking and Setting Environment Variables" in Chapter 2 of Oracle Audit Vault Administrator's Guide.
Run the following command to stop the collectors:
$ avctl stop_collector -collname collector-name -srcname source_name
Leave this shell open.
To stop the agents:
In the shell that you opened in Section 3.3.1, run the following command:
$ avctl stop_agent -agentname agent_name
Leave this shell open.
To stop the Oracle Audit Vault Console:
In the shell that you opened in Section 3.3.1, run the following command:
$ avctl stop_av
Leave this shell open.
From the Oracle Audit Vault Server home, use the following command to shut down the Oracle Audit Vault Database.
$ sqlplus /nolog
SQL> CONNECT SYS/AS SYSOPER
Enter password: password
Connected.
SQL> SHUTDOWN IMMEDIATE
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> EXIT
In an Oracle RAC environment, run the following command from the node on which the Audit Vault Console is running:
$ORACLE_HOME/bin/srvctl stop database –d AVdatabase_name -q Connect string: [/ as sysdba] sys/sys_password as sysdba
From the Oracle Audit Vault Server home, run the following command to stop the listener. The listener name is usually LISTENER
. You can run the lsnrctl status
command to check the name of the listener.
$ lsnrctl stop listener_name
In an Oracle RAC environment, run this command on all nodes where Oracle Audit Vault Server is installed.
If the Audit Vault Server is running on Oracle RAC, manually disable Database Vault before the installation, as follows:
Ensure that you have shut down the database in the Audit Vault Server home directory to be patched, as described in Section 3.3.
For each Oracle RAC node, relink the oracle
executable with the dv_off
command.
$ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk dv_off ioracle
Connect to the Audit Vault Server database on the Oracle RAC instance.
$ sqlplus "/ as sysdba"
Start the database instance.
SQL> STARTUP MOUNT
Turn off the archivelog feature.
SQL> ALTER DATABASE NOARCHIVELOG; SQL> ALTER DATABASE OPEN;
Issue the following commands to disable the Oracle Database Vault-related DDL triggers.
SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE; SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;
Shut down the database instance.
SQL> SHUTDOWN IMMEDIATE
Stop the listener on that node.
$ lsnrctl stop listener_name
Do not set the NLS_LANG
and ORACLE_HOME
environment variables.
To unset these environment variables for the C shell:
$ unsetenv NLS_LANG $ unsetenv ORACLE_HOME
For Bourne, Bash, or Korn:
$ unset NLS_LANG $ unset ORACLE_HOME
Perform the following steps to install the Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0) in the Oracle Audit Vault Server home. You must use the same download executable for both the Audit Vault Server and Audit Vault Agent upgrades.
Log in to My Oracle Support (formerly OracleMetaLink) and download Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0).
You can access My Oracle Support from the following Web site:
Start Oracle Universal Installer (OUI) from the directory that contains the runInstaller
program.
$ cd directory-containing-Oracle-Audit-Vault-Patchset-Installation-Files
./runInstaller
Oracle Universal Installer starts. It verifies the operating system version and then presents a summary of the checks it performs.
In the Welcome window, click Installed Products to display the Inventory window.
This window indicates the name of the Oracle Audit Vault Server home installed on your computer. For example, it may be named OraAV10g_home1
. The Path field updates to correspond with the Oracle home directory in the Name field.
Click Close to close the Inventory window and return to the Welcome window. Then the click Next.
In the Specify Home Details window, in the Name field, click the down arrow at the end of the field and select the name of the Oracle Audit Vault Server home you found in the previous step (Step 3). Then click Next.
In the next window, optionally, provide your e-mail address and My Oracle Support password if you want to receive Oracle security updates. Then click Next.
For an Oracle RAC installation, a node selection window appears with all fields disabled. This window displays the nodes that this patch set is going to be installed on.
When the Product-Specific Prerequisite Checks window appears, Oracle Universal Installer then performs product-specific prerequisite checks.
In the Summary Page window check the space requirements.
For a single instance installation, 832 MB of space is required to install Patch Set 2, which includes 50 MB of temporary space.
For an Oracle RAC installation, for local node 854 MB of space is required and for remote node 804 MB of space is required to install Patch Set 2, which includes 50 MB of temporary space.
Review each of the items that are about to be installed.
Click Install.
When the installation completes, the Configuration Assistants window appears.
The Configuration Assistants window displays, and the configuration begins. When the configuration completes, the End of Installation window appears and displays the URL for the Oracle Audit Vault Console. It is the same URL used for the previous Oracle Audit Vault installation.
Click Exit to exit the Oracle Universal Installer, and then click Yes in the confirmation window.
When the installation is complete, the Audit Vault Server database and listener are running. You can check them as follows:
To check the status of the database, run the following SELECT
statement in SQL*Plus:
SQL> SELECT OPEN_MODE FROM V$DATABASE;
It should return the following output:
READ WRITE
To check the status of the listener:
$ $ORACLE_HOME/bin/lsnrctl status listener_name
Ensure that the processes are running.
$ emctl status dbconsole
In the shell that you opened in Section 3.3.1, run the following command:
$ avctl show_av_status
If the processes are not running, then run the following commands:
$ avctl stop_av $ avctl start_av
The avctl start_av
command also starts the Database Console.
If the Patch Set Upgrade Is Not Successful
If the patch set apply is not successful, to abandon the upgrade, perform the following steps:
Copy (Restore) the Audit Vault Server Home files back to their original location.
If you backed up the database, then restore that backup. Complete the following steps:
Log in to the system as the owner of the Oracle home directory of the previous release.
Sign on to RMAN
:
$ rman target /
Issue the following RMAN
commands. In this example, the name of the tag is before_upgrade
:
STARTUP NOMOUNT
RESTORE CONTROLFILE FROM 'save_controlfile_location';
ALTER DATABASE MOUNT;
RESTORE DATABASE FROM TAG before_upgrade RECOVER DATABASE;
ALTER DATABASE OPEN RESETLOGS;
For Oracle RAC installations, reenable Oracle Database Vault on the Oracle RAC nodes. (Database Vault on the main Oracle RAC instance is automatically enabled.)
$ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk dv_on ioracle
After you complete these steps, for AIX platforms and for Oracle RAC environments, you must restart the Oracle Audit Vault Server. For other platforms, the Audit Vault Server should start. If it does not, then follow the instructions in this section.
To restart the Oracle Audit Vault Server on AIX 5L:
Access the shell that you opened for the Audit Vault Server in Section 3.3.1 and ensure that the ORACLE_SID
environment variable is properly set.
Stop the Oracle Audit Vault Server console.
$ avctl stop_av
Log in to SQL*Plus as user SYS
with the SYSOPER
privilege and shut down the database.
$ sqlplus sys as sysoper
Enter password: password
Connected.
SQL> SHUTDOWN IMMEDIATE
Relink the oracle
executable.
$ $ORACLE_HOME/bin/relink oracle
From SQL*Plus, restart the database.
SQL> STARTUP
Restart the Audit Vault Server console.
$ avctl start_av
You can check the status of the Audit Vault Server as follows:
$ avctl show_av_status
To restart the Oracle Audit Vault Server on non-AIX 5L platforms:
Access the shell that you opened for the Audit Vault Server in Section 3.3.1.
Check the status of the Audit Vault Server.
$ avctl show_av_status
If the Audit Vault Server is not running, then run the following command:
$ avctl start_av
To restart the Oracle Audit Vault Server in an Oracle RAC environment:
On each node, run the following command in SQL*Plus:
$ sqlplus / as sysdba SQL> ALTER DATABASE OPEN;
To verify that all database instances are in OPEN
mode, select from the GV$INSTANCE
view as follows:
SQL> SELECT INST_ID, STATUS FROM GV$INSTANCE;
Access the shell that you opened for the Audit Vault Server in Section 3.3.1.
Run the following commands to restart the Audit Vault Server:
$ avctl stop_av $ avctl start_av
You can check the Audit Vault Server status as follows:
$ avctl show_av_status
This section describes how to install Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0) for the Oracle Audit Vault Agent. It applies to both Release 10.2.3.0 and 10.2.3.1.0.
Before you begin these instructions, ensure that you have completed the Oracle Audit Vault Server patch set release installation. This procedure takes approximately five-to-fifteen minutes to complete, depending on the speed of your computer.
This section contains:
Step 1: Back Up the Oracle Audit Vault Collection Agent Home
Step 3: Unset the NLS_LANG and ORACLE_HOME Environment Variables
Step 4: Install Oracle Audit Vault Patch Set 2 in the Audit Vault Collection Agent Homes
Because the patch set updates files in the Oracle Audit Vault collection agent home directory, back up or copy these files to another directory until after you have tested the patch set.
This section contains:
To stop the collectors that are running within the context of the agent that you are patching:
Access the Audit Vault Server shell that you opened in Section 3.3.1, "Step 3A: Stop All Collectors."
If you had closed this shell, then you must set the appropriate environment variables for the Oracle Audit Vault Server. See "Checking and Setting Environment Variables" in Chapter 2 of Oracle Audit Vault Administrator's Guide.
Run the following command to stop the collectors:
$ avctl stop_collector -collname collector-name -srcname source_name
Leave this shell open.
To stop the collection agent:
Open a shell for the Audit Vault agent.
Set the appropriate environment variables for the Oracle Audit Vault agent.
See "Checking and Setting Environment Variables" in Chapter 2 of Oracle Audit Vault Administrator's Guide.
Run the following command:
$ avctl stop_oc4j
You can check the status of the agent as follows:
$ avctl show_oc4j_status
Leave this shell open.
Do not set the NLS_LANG
and ORACLE_HOME
environment variables.
To unset these environment variables for the C shell:
$ unsetenv NLS_LANG $ unsetenv ORACLE_HOME
For Bourne, Bash, or Korn:
$ unset NLS_LANG $ unset ORACLE_HOME
Perform the following steps to install the Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0) in the Oracle Audit Vault collection agent home.
If you have not done so already, log in to My Oracle Support and download Oracle Audit Vault Patch Set 2 (Release 10.2.3.2.0). You can access My Oracle Support from the following Web site:
Start Oracle Universal Installer (OUI) from the directory that contains the runInstaller
program.
$ cd directory-containing-Oracle-Audit-Vault-Patchset-Installation-Files
./runInstaller
Run the same Oracle Universal Installer that you used to install the Oracle Audit Vault Server patch set. Oracle Universal Installer starts. It verifies the operating system version and then presents a summary of the checks it performs.
In the Welcome window, click Installed Products to display the Inventory window.
This window indicates the name of the Oracle Audit Vault collection agent home installed on your computer. For example, it may be named OraAV10g_home2
when installed on the same computer as the Oracle Audit Vault Server or OraAV10g_home1
when installed on a different computer from Oracle Audit Vault Server.
Click Close to close the Inventory window and return to the Welcome window. Then the click Next.
In the Specify Home Details window, in the Name field, click the down arrow at the end of the field and select the name of the Oracle Audit Vault collection agent home you determined from the previous step (Step 3).
Once you select the Oracle Audit Vault collection agent home, the Path field should display the correct path to the Oracle Audit Vault collection agent home. Review the path name. Then click Next.
When the Product-Specific Prerequisite Checks window appears, Oracle Universal Installer then performs product-specific prerequisite checks.
In the Summary Page window, check the space requirements.
On Linux, 330 MB of space is required to install Patch Set 2, which includes 25 MB of temporary space.
On Microsoft Windows 32-bit, 223 MB of space is required to install Patch Set 2, which includes 23 MB of temporary space.
Review each of the items that are about to be installed.
Click Install.
The Install window appears. When the installation completes, the Configuration Assistants window appears and then completes the configuration. Then the end of Installation window appears.
Click Exit to exit the Oracle Universal Installer, and then click Yes in the confirmation window.
If the Patch Upgrade Is Not Successful
If the patch set upgrade is not successful, to abandon the upgrade, copy (restore) the Audit Vault collection agent home files back to their original location.
This section contains:
By default, the collection agent should be running. If it is not, follow these steps:
Access the shell that you opened for the Audit Vault Agent in Section 4.2.2, "Step 2B: Stop the Collection Agent.".
Run the following command:
$ avctl start_agent
You can check the status of the agent as follows:
$ avctl show_agent_status
Close this shell.
To start the collectors:
In the Audit Vault Server shell that you opened in Section 3.3.1, "Step 3A: Stop All Collectors," run the following command:
$ avctl start_collector -collname collecctor_name -srcname source_name
Leave this shell open.
To verify that all Oracle Audit Vault components are running and the system is operational:
In the shell that you opened in Section 3.3.1, "Step 3A: Stop All Collectors," run the following command:
$ avctl show_collector_status -collname collector_name -srcname source_name
Close this shell.
After you install Oracle Audit Vault, check if there is a patch set or critical patch update (CPU) available. Before applying any Oracle Audit Vault patch sets, back up your Oracle Audit Vault database, the Oracle Audit Vault Server home, and the Oracle Audit Vault collection agent home. See Section 5.1 for more information.
This section describes the following postinstallation tasks if you need to update this patch:
Back up the files before you begin a critical patch upgrade and keep these files until you have tested the upgrade. See Section 3.2, "Step 2: Back Up Oracle Audit Vault," for more information.
A CPU is a collection of patches for security vulnerabilities. It also includes non-security fixes required (because of interdependencies) by those security patches. CPUs are cumulative, and they are provided quarterly on the Oracle Technology Network. Oracle Audit Vault 10.2.3.2.0 does not include the October 2009 RDBMS CPU for the underlying 10.2.0.4 database, therefore, you need to install this RDBMS CPU. If a later RDBMS CPU is available, then install that. For general information about CPUs, see
http://www.oracle.com/security/critical-patch-update.html
For specific information about critical patch updates and security alerts, see
http://www.oracle.com/technology/deploy/security/alerts.htm
Table 1 lists bugs that have been fixed for Oracle Audit Vault Patch Set Release 10.2.3.2.
Table 1 Bugs Fixed in Oracle Audit Vault Patch Set Release 10.2.3.2
Bug Number | Description |
---|---|
7375174 |
NEED A MECHANISM TO CLEAN OUT THE ARCHIVED AUDIT SETTINGS FOR A SOURCE IN AV |
7449916 |
CAN "MARK ALL [OPTIONS] AS NEEDED", BUT CANNOT "UNMARK ALL" / "MARK AS UNNEEDED" |
7589154 |
TRANSACTION ID FORMAT IN DATAWAREHOUSE |
7599953 |
XML COLLECTOR CRASHES WITH CSDK ERROR |
7607999 |
LINK OF "TOP FIVE AUDIT SOURCES BY NUMBER OF ALERTS" IS WRONG |
7610793 |
WHEN EXECUTING PROVISION AGAINST 9IR2 DB, ENCOUNTERING ERROR |
7636785 |
VERY SLOW AV DATAWAREHOUSE REFRESH |
7658670 |
STREAMS COLLECTOR IS FAILING WITH ORA-7445 [STRSTR()] |
7693379 |
MSSQL COLLECTOR CRASHES WITH ORA-1461 |
7706920 |
MSSQL COLLECTOR IS CRASHING CONSISTENTLY |
8197634 |
AV CONSOLE IS SLOW BECAUSE IT POLLS THE STATUS OF ALL THE COLLECTORS |
8197950 |
ERROR ADDING AGENT: CONFIGURATION NAME ALREADY EXISTS OAV-46503 |
8206426 |
CONTEXT_DIM HAS 3 TIMES MORE ROWS THAN AV$RADS_FLAT |
8209426 |
WRONG URL PRINTED BY AVCTL |
8235653 |
OSAUD COLLECTOR DIES ON WINDOWS IF IT ENCOUNTERS ERROR WHILE PROCESSING EVTLOG |
8323660 |
INCORRECT OS CHECKS IN SYBASE, DB2 AND SQL SERVER COLLECTORS |
8370693 |
NEED TO BE ABLE TO SEE ALL THE DATE/TIME IN A PARTICULAR TIMEZONE |
8414793 |
THE OS COLLECTOR GETS STUCK INTERMITTENTLY |
8468129 |
CANNOT DELETE ALERTS FROM AV GUI |
8508268 |
DB COLLECTOR FAILS WITH ORA-06502 ORA-06512 NPSRCUSR.AV_TRUNCATE_CLOB |
8634768 |
AUDIT VAULT POLICIES RETRIEVAL PERFORMANCE SLOW |
8726158 |
CANNOT START COLLECTOR AFTER UPGRADING TO 10.2.3.1 |
8753685 |
OS COLLECTOR GETS DISCONNECTED FROM SOURCE DB FOR 9.2 DATABASES |
8782576 |
ALLOW DB_DOMAIN = NULL TO ADD REDO COLLECTOR WHEN GLOBAL_NAMES=FALSE |
8868978 |
AUDIT POLICY RETRIEVAL FAILS - LOG SHOWS 'INVALID COLUMN NAME' |
9066182 |
AVORCLDB ADD_COLLECTOR FOR REDO FAILS ON 9.2.0.8 SOURCE DATABASE |
This section contains:
This section describes known issues and workarounds for single instance and Oracle RAC installations on all platforms.
This section contains:
Cannot Access the Audit Vault Console Shortly After Installation
Automated Backup Job Not Properly Created with Audit Vault Server Installation
The Oracle Universal Installer -record Option Is Not Supported
Oracle Universal Installer Does Not Validate the Uniqueness of the Audit Vault Server Name
Cannot Access the Audit Vault Console Shortly After Installation
The Oracle Universal Installer -record Option Is Not Supported
Errors That Appear in avca.log After You Install the Server Patch
After you install Oracle Audit Vault Server Patch Set 2 Release 10.2.3.2.0, the Oracle Enterprise Manager URL is not secure.
Workaround: Perform the following steps in the Audit Vault Server shell to secure the Oracle Enterprise Manager URL.
Ensure that the ORACLE_SID
environment variable is set correctly.
Set the time zone environment variable TZ
to UTC.
$ setenv TZ UTC
Stop the Oracle Enterprise Manager console.
$ ORACLE_HOME/bin/emctl stop dbconsole
Configure the Oracle Enterprise Manager key.
$ ORACLE_HOME/bin/emctl config emkey -repos -sysman_pwd password
Secure Oracle Enterprise Manager.
$ ORACLE_HOME/bin/emctl secure dbconsole -sysman_pwd password
Start the Oracle Enterprise Manager console.
$ ORACLE_HOME/bin/emctl start dbconsole
This issue is tracked with Oracle bug 8924450.
Shortly after installing Oracle Audit Vault, you may not be able to access the Audit Vault Console. If you run the emctl status dbconsole
and avctl show_av_status
commands, then the output indicates that Oracle Audit Vault is running. However, when you try to access the Audit Vault Console, the Web browser page displays a This page cannot be displayed
error.
Workaround: Restart the Audit Vault Console. See Step 9 of Section 3.6.
This issue is tracked with Oracle bug 6867972.
After you install Oracle Audit Vault, the automated back-up jobs do not work and fail with a No such file or directory
error.
Workaround: Use customized back-ups to schedule any back-up jobs.
This issue is tracked with Oracle bug 6844843.
Oracle Universal Installer does not support the -record
option for either the Audit Vault Server or the Audit Vault agent installation. As a result, the following parameters are not recorded in the Audit Vault Server destination file:
Audit Vault administrator name and password
Audit Vault auditor name and password
Database Vault owner name and password
Database Vault account manager name and password
These parameters are not recorded in the Audit Vault agent destination file:
Audit Vault agent name and password
Audit Vault agent host name
Audit Vault agent listener port
Audit Vault agent name
Audit Vault agent service name
Workaround:
None.
This issue is tracked with Oracle bug 5841694.
During the Oracle Audit Vault Server on Windows installation, in the Basic Installation Details and Advanced Installation screens, you are prompted for a unique name for the Oracle Audit Vault database. The name you enter is used for the database SID, and will be the first portion (db_name
) of the database service name. Even though this name must be unique, if you enter an existing name, the installation continues instead preventing your from continuing and then warning you to enter a unique name.
Workaround:
Ensure that you enter a unique name for the Audit Vault database. You can find the names of the available Oracle databases by checking the Windows Services tool in the Control Panel.
This issue is tracked with Oracle bug 6137243.
Shortly after installing Oracle Audit Vault, you may not be able to access the Audit Vault Console. If you run the emctl status dbconsole
and avctl show_av_status
commands, then the output indicates that Oracle Audit Vault is running. However, when you try to access the Audit Vault Console, the Web browser page displays a This page cannot be displayed
error.
Workaround: Restart the Audit Vault Console.
Open a command prompt on the Audit Vault Server and go to the ORACLE_HOME
\bin
directory.
Restart the Audit Vault Console as follows:
avctl stop_av avctl start_av
You can check the Audit Vault Server status as follows:
avctl show_av_status
This issue is tracked with Oracle bug 6867972.
Oracle Universal Installer does not support the -record
option for either the Audit Vault Server or the Audit Vault agent installation. As a result, the following parameters are not recorded in the Audit Vault Server destination file:
Audit Vault administrator name and password
Audit Vault auditor name and password
Database Vault owner name and password
Database Vault account manager name and password
These parameters are not recorded in the Audit Vault agent destination file:
Audit Vault agent name and password
Audit Vault agent host name
Audit Vault agent listener port
Audit Vault agent name
Audit Vault agent service name
Workaround:
None.
This issue is tracked with Oracle bug 5841694.
When you install the Audit Vault Server patchset, error messages appear in the ORACLE_HOME
\av\log\avca.log
file. This problem does not affect the Audit Vault agent installation.
These error messages are as follows:
ORA-00001: unique constraint (DVSYS.*) violated ORA-00955: name is already used by an existing object ORA-02260: table can have only one primary key ORA-02261: such unique or primary key already exists in the table ORA-02275: such a referential constraint already exists in the table ORA-02303: cannot drop or replace a type with type or table dependents ORA-04042: procedure, function, package, or package body does not exist ORA-01920: user name '*' conflicts with another user or role name ORA-01921: role name '*' conflicts with another user or role name ORA-01951: ROLE 'AV_*' not granted to 'SYS' ORA-01952: system privileges not granted to 'DBA' ORA-24145: evaluation context DVSYS.* already exists
Workaround:
You can ignore these error messages.
This issue is tracked with Oracle bug 8489866.
This section describes known issues and workarounds for Oracle RAC installations on all platforms.
This section contains:
SPFILE Errors from DVCA When Installing Oracle Audit Vault on a Single Node
Cannot Retrieve Database Listener During Database Creation Phase of the Audit Vault Installation
Oracle Enterprise Manager URL Not Working After Audit Vault Patch Set Installation
Incorrect Registry Entry Created on Oracle RAC Remote Node After Installation
When you install Oracle Audit Vault on a single node in an Oracle RAC cluster, errors similar to the following appear in the Database Vault Configuration Assistant (DVCA) log:
Executing task INIT_AUDIT_SYS_OPERATIONS 03/17/10 12:32:56 Error executing task INIT_AUDIT_SYS_OPERATIONS:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup 03/17/10 12:32:56 Executing task INIT_REMOTE_OS_AUTHENT 03/17/10 12:32:56 Error executing task INIT_REMOTE_OS_AUTHENT:java.sql.SQLException: ORA-32001: write to SPFILE requested but no SPFILE specified at startup
Workaround:
Try either of the following solutions:
Edit your PFILE manually. Follow these steps:
Edit your pfile, which by default is located in the $ORACLE_HOME/dbs
directory, to include the following information:
audit_sys_operations=TRUE os_roles=FALSE system set recyclebin='OFF' remote_login_passwordfile='EXCLUSIVE' sql92_security=TRUE
Restart the database.
sqlplus sys as sysoper
Enter password: password
SQL> SHUTDOWN IMMEDIATE
SQL> STARTUP
Create an SPFILE. Follow these steps:
Stop the database.
$ ORACLE_HOME/bin/srvctl stop database -d db_name
Start the database with the NOMOUNT
option.
$ sqlplus /NOLOG
SQL> CONNECT SYS AS SYSDBA
Enter password: password
SQL> STARTUP NOMOUNT
Create the SPFILE from the PFILE by entering the following command where the pfile_location is usually $ORACLE_HOME/admin/db_name/pfile
for the Optimal Flexible Architecture compliant database:
SQL> CREATE SPFILE='SHARED_LOCATION/SPFILE.ORA' FROM PFILE='pfile_location/init.ora'
Shut down the database:
SQL> SHUTDOWN IMMEDIATE SQL> EXIT
Clear the contents of the PFILE located at $ORACLE_HOME/dbs/init
sid
.ora
and enter following entry in that file:
SPFILE=SHARED_LOCATION/SPFILE.ORA
Restart the database
SQL> STARTUP
This issue is tracked with Oracle bug 6131570.
While you install Oracle Audit Vault Patch Set 2 release 10.2.3.2.0 over single node Oracle RAC 10.2.3.2 Audit Vault Server, DBUA fails with the following error:
ORA-32001: write to SPFILE requested but no SPFILE specified at startup
Workaround: Perform the following steps before installing the patch set:
Stop the database.
$ ORACLE_HOME/bin/srvctl stop database -d db_name
Start the database with the NOMOUNT
option.
$ sqlplus /NOLOG
SQL> CONNECT SYS/SYS_password AS SYSDBA
SQL> STARTUP NOMOUNT
Create the SPFILE from the PFILE by entering the following command where the pfile_location
is usually $ORACLE_HOME/admin/db_name/pfile
for the Optimal Flexible Architecture compliant database:
SQL> CREATE SPFILE='SHARED_LOCATION/SPFILE.ORA' FROM PFILE='pfile_location/init.ora'
Shut down the database:
SQL> SHUTDOWN IMMEDIATE SQL> EXIT
Clear the contents of the PFILE located at $ORACLE_HOME/dbs/init
sid
.ora
and enter following entry in that file:
SPFILE=SHARED_LOCATION/SPFILE.ORA
Restart the database.
SQL> STARTUP
This issue is tracked with Oracle bug 8493676.
When you install Oracle Audit Vault in an Oracle RAC environment, the following error appears when Oracle Database Configuration Assistant (DBCA) tries to create the Audit Vault database:
Failed to retrieve network listener Resources
Workaround:
Click the Yes button in the error window. The installation will resume without any problems.
This issue is tracked with Oracle bug 6134561.
After you patch Audit Vault from Release 10.2.3.0 to 10.2.3.2.0 on Oracle RAC, the Oracle Enterprise Manager URL does not work. If you run the emctl status dbconsole command, it indicates that Enterprise Manager is running, but when you try the URL, the following error appears:
The database status is currently unavailable. It is possible that the database is in mount or nomount state. Click 'Startup' to obtain the current status and open the database. If the database cannot be opened, click 'Perform Recovery' to perform an appropriate recovery operation.
Workaround: See Section 3.8.3.
This issue is tracked with Oracle bug 8924812.
When you install Oracle Audit Vault in an Oracle RAC environment, the following error appears when Oracle Database Configuration Assistant (DBCA) tries to create the Audit Vault database:
Failed to retrieve network listener Resources
Workaround:
Click the Yes button in the error window. The installation will resume without any problems.
This issue is tracked with Oracle bug 6134561.
After you install Oracle Audit Vault Server on Microsoft Windows in an Oracle RAC environment, the following registry key is wrongly added to the remote node:
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_home_name\ORA_instance name_PWFILE
On both local and remote node, the registry entries claim that the instance name is the same on both nodes. The instance names should be unique for each node. As a result, you cannot run the dvca -action optionrac
command on the remote node.
Workaround:
From the Registry Editor, edit the following registry key to point to the complete path to the password file on the remote node.
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_home_name\ORA_instance name_PWFILE
For example, assuming the password file is orapwORCL2
, you would enter a setting similar to the following:
C:\ORACLE\PRODUCT\10.2.0\DB_1\dbs\orapwORCL2
This issue is tracked with Oracle bug 6144753.
This section contains:
During the installation of Oracle Audit Vault Server on AIX 5L, Audit Vault Configuration Assistant (AVCA) fails to relink the oracle
executable with the dv_on
option.
An error message similar to the following appears in the $ORACLE_HOME/av/log/avca.log
file:
0/12/09 04:44:48 ld: 0706-021 The wait() system call failed. 10/12/09 04:44:48 ld:wait(): There are no child processes. 10/12/09 04:44:48 make: 1254-004 The error code from the last command is 255. 10/12/09 04:44:48 10/12/09 04:44:48 10/12/09 04:44:48 Stop.
Because of this error, Oracle Database Vault is not enabled at the end of the Audit Vault Release 10.2.3.2 installation on AIX 5L.
Workaround: After you complete the Audit Vault Server installation, follow the procedure in Section 3.8.1, "Restarting the Audit Vault Server on AIX 5L." Afterwards, you can install the Audit Vault agent, as described in Section 4, "Installing the Oracle Audit Vault Patch Set on the Audit Vault Agent."
This issue is tracked with Oracle bug 9029325.
This section contains:
Oracle Audit Vault Server Fails During NetCA Phase if ORACLE_HOME Is Set
Invalid Oracle Enterprise Manager URL Opens After Installation
Error in avca.log File After Installation of Oracle Audit Vault
File Not Found Error During Deployment of Oracle Database Vault During Installation
Two Invalid Objects Seen After Single Instance Audit Vault Server Installation
Audit Vault Configuration Assistant Hangs During Audit Vault Agent Installation
During the Network Configuration Assistant (NetCA) installation phase, the Oracle Audit Vault installation can fail with the following error message if the ORACLE_HOME
environment variable has been set:
Environmental error detected: The current Oracle Home and the Oracle Home passed from the installer are not the same. Oracle Net Configuration Assistant cannot continue
This error occurs on both Windows 32-bit and X64 systems.
Workaround: Before you run the setup.exe
utility to begin the installation, ensure that the ORACLE_HOME
environment variable is not set, either as a system variable, a user environment variable, or from a command prompt.
This issue is tracked with Oracle bug 10433926.
After you complete the Oracle Audit Vault Server installation on Microsoft Windows 32-bit and close Oracle Universal Installer (OUI), the Oracle Enterprise Manager login page cannot open. The URL it tries to use, http
, should be https
. This is because starting with Release 10.2.0.4, Oracle Enterprise Manager is secure by default. However, the Audit Vault Console URL should work without any problems.
Workaround:
Enter the Enterprise Manager URL using the https
prefix, not the http
prefix. For example:
https://shobeen.example.com:1158/em
This issue is tracked with Oracle bug 9409291.
After you install Oracle Audit Vault, an error similar to the following appears in the avca.log
file:
03/05/10 03:37:28 <xdbconfig @ xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd" xmlns:xsi="http://w 03/05/10 03:37:28 03/05/10 03:37:29 ERROR: 03/05/10 03:37:29 ORA-01031: insufficient privileges 03/05/10 03:37:29 03/05/10 03:37:29 03/05/10 03:37:29 Warning: You are no longer connected to ORACLE. 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0641: "EXECUTE" requires connection to server 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0641: "EXECUTE" requires connection to server 03/05/10 03:37:29 SP2-0640: Not connected 03/05/10 03:37:29 SP2-0641: "EXECUTE" requires connection to server 03/05/10 03:37:29 03/05/10 03:37:29 PL/SQL procedure successfully completed. 03/05/10 03:37:29
This error is expected and has no affect on functionality.
The reason that this error occurs is because during the installation process, Oracle Universal Installer (OUI) tries to log in to the database as user SYS
with the SYSDBA
privilege. On Windows, this action works only if both local and domain users who must access the database have been added to the ORA_DBA
group, and if OS authentication has been enabled.
Workaround:
Do the following:
Ensure that both local and domain users who must have access to the database have been added to the ORA_DBA
group.
Ensure that OS authentication is enabled.
This issue is tracked with Oracle bug 9449669.
After you install Oracle Audit Vault Server on Microsoft Windows 32-bit, errors similar to the following appear in the installAction.log
file:
executing task DEPLOY_DVA DEPLOY_DVA,validate DEPLOY_DVA get EM home DEPLOY_DVA get EM home instance null, resolved=iwin3040_av DEPLOY_DVA stop isqlplus DEPLOY_DVA stop OC4J DEPLOY_DVA,modify C:\psmith\av\10.2.3.2\100206\ AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\config\server.xml getDocument() error C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con fig\server.xml:java.io.FileNotFoundException: C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con fig\server.xml (The system cannot find the path specified) modfiy server.xml error:java.io.FileNotFoundException: C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con fig\server.xml (The system cannot find the path specified) DVCA_ERROR:java.io.FileNotFoundException: C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con fig\server.xml (The system cannot find the path specified) Error executing task DEPLOY_DVA:java.io.FileNotFoundException: C:\psmith\av\10.2.3.2\100206\AV01\av_1\oc4j\j2ee\OC4J_DBConsole_iwin3040_av\con fig\server.xml (The system cannot find the path specified) Executing task SQLPLUS_UTLRP Executing task INIT_AUDIT_SYS_OPERATIONS
The result is that the Database Vault Administrator is not properly deployed, which can result from not having Oracle Database Control deployed on the computer where you performed the installation.
Workaround:
If you do not plan to use Database Vault Administrator, then you can disregard these errors.
However, if you want to use Database Vault Administrator, then you must deploy it manually. You can manually deploy Database Vault Administrator to the Oracle Application Server Containers for J2EE (OC4J) home, which by default is in the $ORACLE_HOME/oc4j/j2ee/home
directory.
Edit the file $ORACLE_HOME/oc4j/j2ee/home/config/server.xml
. Enter the following line just before the last line that reads, </application-server>
:
<application name="dva" path="$ORACLE_HOME/dv/jlib/dva_webapp.ear" auto-start="true" />
For example:
<application name="dva" path="/u00/app/oracle/oracle/product/dv12/dv/jlib/dva_webapp.ear" auto-start="true" />
Edit the file $ORACLE_HOME/oc4j/j2ee/home/config/http-web-site.xml
. Enter the following line just above the last line that reads, </web-site>
:
<web-app application="dva" name="dva_webapp" root="/dva" />
Edit the file $ORACLE_HOME/oc4j/j2ee/home/config/global-web-application.xml
. Search for <servlet-class>oracle.jsp.runtimev2.JspServlet</servlet-class>
. Uncomment the following lines after this:
<init-param> <param-name>main_mode</param-name> <param-value>justrun</param-value> </init-param>
Create the following directory:
mkdir -p $ORACLE_HOME/dv/jlib/sysman/config
Create the database connection configuration file, emoms.properties, in the configuration directory that you just created. Add the following lines to the file:
oracle.sysman.emSDK.svlt.ConsoleMode=standalone oracle.sysman.eml.mntr.emdRepRAC=FALSE oracle.sysman.eml.mntr.emdRepDBName=oracle_sid oracle.system.eml.mntr.emdRepConnectDescriptor=TNS_connection_string
Follow these instructions:
For an Oracle RAC environment, set oracle.sysman.eml.mntr.emdRepRAC
to TRUE
.
For oracle.sysman.eml.mntr.emdRepConnectDescriptor
, you can use an alias from $ORACLE_HOME/network/admin/tnsnames.ora
. Alternatively, you can use the following syntax:
oracle.sysman.eml.mntr.emdRepConnectDescriptor= (DESCRIPTION\= (ADDRESS_LIST\=(ADDRESS\=(PROTOCOL\=TCP) (HOST\=HOSTNAME)(PORT\=PORT))) (CONNECT_DATA\= (SERVICE_NAME\=ORACLE_SID))
Ensure that the correct environment variables are set.
For example:
ORACLE_SID=orcl export ORACLE_SID ORACLE_HOME=/u00/app/oracle/product/11.1/dv export ORACLE_HOME LD_LIBRARY_PATH=$ORACLE_HOME/bin:$ORACLE_HOME/lib:$ORACLE_HOME/jdbc/lib export LD_LIBRARY_PATH PATH=$ORACLE_HOME/bin:$ORACLE_HOME/jdk/bin:$PATH export PATH
Set the LD_LIBRARY_PATH
variable to use the OCI-based JDBC libraries.
Start OC4J using the following syntax:
$ORACLE_HOME/jdk/bin/java -Djava.awt.headless=true -DEMDROOT=$ORACLE_HOME/dv/jlib -jar $ORACLE_HOME/oc4j/j2ee/home/oc4j.jar -userThreads -config $ORACLE_HOME/oc4j/j2ee/home/config/server.xml
After you complete these steps, you can start Database Vault Administrator. The HTTP port defaults to 8888 for this environment. Use the following syntax for the URL:
http://hostname:8888/dva
This issue is tracked with Oracle bug 9366945.
After you install Oracle Audit Vault Server on Microsoft Windows 32-bit, two invalid objects are seen, as follows:
SQL> SELECT OBJECT_NAME, OBJECT_ID, OWNER FROM ALL_OBJECTS WHERE STATUS='INVALID'; OBJECT_NAME OBJECT_ID OWNER ------------------- ----------- ----------------- AV$RADS_ERROR 51938 AVSYS DV$3 54894 DVSYS
Workaround:
None.
This issue is tracked with Oracle bug 9444926.
After you install Audit Vault Server on Microsoft Windows 64-bit, invalid objects are seen, as follows:
SQL> SELECT OBJECT_NAME, OBJECT_ID, OWNER FROM ALL_OBJECTS WHERE STATUS='INVALID '; OBJECT_NAME OBJECT_ID OWNER ------------------------------ ----------- ----------------- DBA_LBAC_POLICIES 42248 PUBLIC DBA_LBAC_SCHEMA_POLICIES 42249 PUBLIC DBA_LBAC_TABLE_POLICIES 42250 PUBLIC DBA_LBAC_USERS 42251 PUBLIC DBA_LBAC_PROGRAMS 42252 PUBLIC DBA_LBAC_USER_LABELS 42253 PUBLIC DBA_LBAC_USER_PRIVS 42254 PUBLIC DBA_LBAC_PROG_LABELS 42255 PUBLIC DBA_LBAC_PROG_PRIVS 42256 PUBLIC DBA_LBAC_LABELS 42257 PUBLIC DBA_LBAC_DATA_LABELS 42258 PUBLIC DBA_LBAC_LABEL_TAGS 42261 PUBLIC DBA_SA_POLICIES 42330 PUBLIC DBA_SA_LABELS 42331 PUBLIC DBA_SA_DATA_LABELS 42332 PUBLIC DBA_SA_LEVELS 42333 PUBLIC DBA_SA_COMPARTMENTS 42334 PUBLIC DBA_SA_GROUPS 42335 PUBLIC DBA_SA_GROUP_HIERARCHY 42336 PUBLIC DBA_SA_USERS 42337 PUBLIC DBA_SA_USER_LEVELS 42338 PUBLIC DBA_SA_USER_COMPARTMENTS 42339 PUBLIC DBA_SA_USER_GROUPS 42340 PUBLIC DBA_SA_USER_LABELS 42341 PUBLIC DBA_SA_USER_PRIVS 42342 PUBLIC DBA_SA_PROG_PRIVS 42343 PUBLIC USER_SA_SESSION 42344 PUBLIC DBA_SA_TABLE_POLICIES 42345 PUBLIC DBA_SA_SCHEMA_POLICIES 42346 PUBLIC ALL_SA_POLICIES 42368 PUBLIC ALL_SA_DATA_LABELS 42369 PUBLIC ALL_SA_LEVELS 42370 PUBLIC ALL_SA_COMPARTMENTS 42371 PUBLIC ALL_SA_GROUPS 42372 PUBLIC ALL_SA_GROUP_HIERARCHY 42373 PUBLIC ALL_SA_USERS 42374 PUBLIC ALL_SA_USER_LEVELS 42375 PUBLIC ALL_SA_USER_COMPARTMENTS 42376 PUBLIC ALL_SA_USER_GROUPS 42377 PUBLIC ALL_SA_USER_LABELS 42378 PUBLIC ALL_SA_USER_PRIVS 42379 PUBLIC ALL_SA_PROG_PRIVS 42380 PUBLIC ALL_SA_LABELS 42381 PUBLIC ALL_SA_TABLE_POLICIES 42382 PUBLIC ALL_SA_SCHEMA_POLICIES 42383 PUBLIC AV$RADS_ERROR 44366 AVSYS DV$3 46991 DVSYS
Workaround:
Disable Oracle Database Vault.
See Oracle Database Vault Administrator's Guide for information about disabling and enabling Oracle Database Vault.
Log in to SQL*Plus and run the utlrp.sql
script.
Enable Oracle Database Vault.
This issue is tracked with Oracle bug 9839443.
On Microsoft Windows 64-bit, Audit Vault Configuration Assistant (AVCA) hangs during the Audit Vault agent installation.
Workaround:
If the installation hangs during the Audit Vault Configuration Assistant phase, then cancel the Oracle Universal Installer and sub-processes by using the Windows Task Manager.
Next, run Audit Vault Configuration Assistant manually to complete the installation.
Open a command prompt window.
Set the ORACLE_HOME
variable to point to Agent ORACLE_HOME
variable.
For example:
SET ORACLE_HOME=C:\oracle\product\10.2.3\av_agent_1
Set the PATH
variable to include the ORACLE_HOME
variable.
For example:
SET PATH=%ORACLE_HOME%\bin;%PATH%
Manually invoke the internal command avca initialize_agent
.
For example:
C:\oracle\product\10.2.3\av_agent_1\avca.bat initialize_agent -agentname agent_name -agentusr agentusername/agentuserpassword -agentport agent_port_number -av host:port:service -rmiport rmiport -jmsport jmsport
In this specification:
agentport
: Enter the agent port number, typically 7000.
av: Enter the Audit Vault Server host name in host
:
port
:
service
format. For example:
sales.us.example.com:1521:av.us.example.com
rmiport
: Enter the RMI port number, typically 3101. To find this value, search for the port attribute in the rmi-server
tag in the ORACLE_HOME
/oc4j/j2ee/OC4J_DBConsole_
host_sid
/config/rmi.xml
file.
jmsport
: Enter the JMS port number, typically 3201. To find this value, search for the port attribute in the jms-server
tag in the ORACLE_HOME
/oc4j/j2ee/OC4J_DBConsole
_host_sid
/config/jms.xml
file.
This issue is tracked with Oracle bug 10161243.
This section contains:
avca generate_csr Fails on Audit Vault Server on Microsoft Windows
Audit Vault Restart Fails when oradata and Backup and Recovery Files Are Placed on ASM
The Data Changes Report in Audit Vault Console fails with the following errors when the before and after values that the report attempts to capture are too large:
ORA-01489: result of string concatenation is too long
ORA-06502: PL/SQL: numeric or value error: character string buffer too small
Workaround: None
This issue is tracked with Oracle bug 9055316.
The avca generate_csr
command fails when you run it on Audit Vault Server on Microsoft Windows. This command completes without error, but the certificate file is not generated. Without this file, you cannot complete the steps for running the avca secure_av
command. This problem can also occur with the avca remove_cert
and avca secure_agent
commands.
Check the avca.log
file, by default located in the $ORACLE_HOME/av/log
directory, for error details. An error similar to the following appears:
03/05/10 03:08:45 Executing command generate_csr, -certdn, CN=kuksagruvin,OU=SalesReps,O=RisingDoughCo,ST=CA,C=US, -out, c:\oracle\product\10.2.3\avserver\certs\certificate.txt 03/05/10 03:08:45 Generating Certificate request... 03/05/10 03:08:46 orapki wallet add -wallet C:\oracle\product\10.2.3\avserver\network\admin\avwallet -keysize 1024 -dn CN=kuksagruvin,OU=SalesReps,O=RisingDoughCo,ST=CA,C=US > C:\oracle\product\10.2.3\avserver\bin\avGenerateCSR.log Invalid command: kuksagruvin wallet: @ create [-wallet [wallet]] [-auto_login] [-pwd <pwd>] @ display [-wallet [wallet]] <-summary> [-pwd <pwd>] add [-wallet [wallet]] <[-keysize [512|1024|2048]] [-dn [dn]] <-self_signed [-validity [days]> <[-cert [filename]] @ [-trusted_cert|-user_cert]> [-pwd <pwd>] @ export [-wallet [wallet]] <-cert [filename]> <-request [filename]> [-pwd @ <pwd>] ...
Workaround:
Enclose the distinguished name (DN) in double quotation marks with a backslash (\) character. For example:
avca generate_csr -certdn \"CN=kuksagruvin,OU=SalesReps,O=RisingDoughCo,ST=CA,C=US\" -out user_c:\oracle\product\10.2.3\avserver\certs\certificate.txt
Remember that this problem occurs with the avca remove_cert
and avca secure_agent
commands, so ensure that you use this format when specifying the DN with these commands as well.
This issue is tracked with Oracle bug 9449328.
An ORA-1031: Permission denied
error appears when you try to run the avca secure_av
command on Microsoft Windows 32-bit. This error can appear if OS authentication is not enabled.
Workaround:
Use either of the following solutions:
Configure the dispatcher service for the Audit Vault Server database. Follow these steps:
On the Audit Vault Server database, log in to SQL*Plus as user SYS
with the SYSDBA
privilege.
sqlplus sys as sysdba
Enter password: password
Run the following SQL statements. Replace sid
with the instance identifier (SID) for your Audit Vault Server database.
SQL> ALTER SYSTEM SET DISPATCHERS '(protocol=tcps)(service=sidXDB)';
SQL> ALTER SYSTEM REGISTER;
SQL> EXIT
From the ORACLE_HOME
\bin
directory, start the Audit Vault console:
avctl start_av
Enable OS authentication for Windows. Follow these steps:
Enable OS authentication for Windows.
If you only have one Oracle Database home directory, then open a command prompt and go to the Audit Vault Server ORACLE_HOME
\bin
directory.
If you have multiple Oracle Database home directories, then open a command prompt and set the following variables:
set ORACLE_HOME=AV_Server_Oracle_Home_path
set PATH=AV_Server_Oracle_Home_path\bin:%PATH%
Reset the Audit Vault Server to default configuration.
avca secure_av remove
Re-run the avca secure_av
command to secure the Audit Vault Server.
For example:
avca secure_av -avkeystore /tmp/avkeystore -avtruststore /tmp/avkeystore
Enter keystore password: password
This issue is tracked with Oracle bug 9456972.
When you attempt to restart the Audit Vault database in an Oracle Database Automatic Storage Management (ASM) environment on Microsoft Windows 32-bit and 64-bit, the following errors appear:
ORA-01078: failure in processing system parameters ORA-01565: error in identifying file '+DATA/av06/spfileav06.ora' ORA-17503: ksfdopn:2 Failed to open file +DATA/av06/spfileav06.ora ORA-15055: unable to connect to ASM instance ORA-01031: insufficient privileges
These errors appear even if ASM is running and the ASM disk groups are accessible.
Workaround:
In the sqlnet.ora
file for the Audit Vault database, change the SQLNET.AUTHENTICATION_SERVICES
setting to NTS
, as follows:
SQLNET.AUTHENTICATION_SERVICES=(NTS, BEQ, TCPS)
Restart the Audit Vault database.
sqlplus sys as sysoper
Enter password: password
SQL> SHUTDOWN IMMEDIATE
SQL> STARTUP
This issue is tracked with Oracle bug 9461571.
There are no known source database configuration issues for Oracle Audit Vault.:
This section contains:
Intermittently, the OSAUD collector fails with an error similar to the following:
INFO @ '03/06/2009 01:50:01 02:00': File /oracle/admin/mau/adump/mau_ora_17373_1.xml not found in hash table, Adding.. ERROR @ '03/06/2009 01:50:43 02:00': On line 2101; ORA-00600: Interner Fehlercode, Argumente: [], [], [], [], [], [], [], []
Workaround: Restart the collector.
Open a shell and then set the environment variables for the Audit Vault Server.
See "Setting the Audit Vault Server Linux and UNIX Environment Variables" in Oracle Audit Vault Administrator's Guide.
Run the avctl start_collector
command.
For example:
$ avctl start_collector -collname OSAUD_Collector -srcname my_db
This issue is tracked with Oracle bug 8645192.
If you have Audit Vault Server installed on Microsoft Windows 32-bit, and configured an OS collector on a Linux or UNIX Audit Vault agent, the collector fails to start and then hangs. The reason for this problem is that the collector appends \rdbms\audit
to the Oracle home directory when setting audit files directory of the source during the collector configuration process. On Linux or unix, the collector is unable to read this path because of the backslashes (\) used in the path.
Workaround:
Change the backslashes to forward slashes, as follows:
If you only have one Oracle Database home directory, then open a command prompt and go to the Audit Vault Server ORACLE_HOME
\bin
directory.
If you have multiple Oracle Database home directories, then open a command prompt and set the following variables:
set ORACLE_HOME=AV_Server_Oracle_Home_path
set PATH=AV_Server_Oracle_Home_path\bin:%PATH%
Use the avorcldb alter_collector
command to recreate the default file destination to use forward slashes instead of backslashes.
For example:
avorcldb alter_collector -srcname my_source_db -collname my_os_collector OSAUDIT_DEFAULT_FILE_DEST='$ORACLE_HOME/rdbms/audit'
This problem also occurs with the OSAUDIT_FILE_DEST
parameter as well, so you must recreate the location for the Oracle Database operating system audit files, as well:
avorcldb alter_collector -srcname my_source_db -collname my_os_collector OSAUDIT_FILE_DEST='$ORACLE_HOME/admin/DB_UNIQUE_NAME/adump'
Restart the collector.
For example:
avctl start_collector -collname my_os_collector -srcname my_source_db
You can check the status of the collector as follows:
avctl show_collector_status -collname my_os_collector -srcname my_source_db
This issue is tracked with Oracle bug 9357349.
On Microsoft Windows 64-bit systems, the avctl start_collector
command can fail if the source database name and collector name contain multibyte characters, such as Chinese. Errors similar to the following appear:
Failed to start collector GBK?2:DBAUD_Collector_GBK?2 at oracle.av.collector.audcoll.AudCollectorManager.startCollector(AudCollectorMan ager.java:399) at @ oracle.av.collector.OracleCollectorManager.start(OracleCollectorManager.java:2 07) at oracle.av.agent.AgentHandler$StartCollector.handleMessage(AgentHandler.java:45 8) at oracle.av.agent.ManagementServlet.doProcess(ManagementServlet.java:94) at oracle.av.agent.ManagementServlet.doPost(ManagementServlet.java:115)
Workaround:
On the Windows server, from the Control Panel, open Regional and Language Options.
Select the Advanced tab.
Under Default user account settings, select the Apply all settings to current user account and to the default user profile check box.
Click OK.
Set both the User locale and the System locale to the language that uses multibyte characters, such as Chinese.
To set the user locale, from Regional and Language Options, select the Languages tab. Under Supplemental language support, select the Install files for East Asian languages check box. Click the Details button, and in the Default input language area, select the language that you want. If necessary, click the Add button to add the correct language. Click OK.
To set the system locale, from Regional and Language Options, select the Advanced tab. In the Language for non-Unicode programs area, select the language that you specified for the user locale.
(This dialog box may vary depending on your version of Windows. This step is based on Windows XP Professional.)
Click the OK button to save your settings and exit Regional and Language Options.
Restart the Windows 64-bit server.
This issue is tracked with Oracle bug 9846944.
Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/
.
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/support/contact.html
or visit http://www.oracle.com/accessibility/support.html
if you are hearing impaired.
Oracle Audit Vault Release Notes, Release 10.2.3.2
E11061-05
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.