9 Audit Vault Microsoft SQL Server (AVMSSQLDB) Utility Commands

Use the Audit Vault SQL Server Database (AVMSSQLDB) command-line utility to manage the relationship between Oracle Audit Vault and a Microsoft SQL Server source database and collector. When you run these commands, remember the following:

Enter the command in lowercase letters. The commands are case-sensitive.
When you open a new shell to run the command, first set the appropriate environment variables. See Section 2.2 for instructions.
Oracle Audit Vault creates a log file of AVMSSQLDB command activity. See Section A.1 and Section A.2 for more information.

Table 9-1 describes the AVMSSQLDB commands and where each is used, whether on the Audit Vault Server, on the Audit Vault collection agent, or in both places.

Table 9-1 AVMSSQLDB Commands

Command	Where Used?	Description
add_collector	Server	Adds a collector to Oracle Audit Vault
add_source	Server	Registers an audit source with Oracle Audit Vault
alter_collector	Server	Alters the attributes of a collector
alter_source	Server	Alters the attributes of a source
drop_collector	Server	Drops a collector from Oracle Audit Vault
drop_source	Server	Drops a source from Oracle Audit Vault
-help	Both	Displays help information for the `AVMSSQLDB` commands
setup	Collection agent	Adds the source user credentials to the wallet, creates a database alias in the wallet for the source user, and verifies the connection to the source using the wallet
verify	Both	Verifies that the source is compatible with the collectors

9.1 avmssqldb

The AVMSSQLDB command-line utility, which you use to configure a Microsoft SQL Server database with Oracle Audit Vault.

Syntax

avmssqldb command -help

avmssqldb command [options] arguments

Arguments

Argument	Description
`command`	Enter one of the commands listed in Table 9-1.
`arguments`	Enter one or more of the `AVMSSQLDB` command arguments.
`-help`	Displays help information for the `AVMSSQLDB` commands.

Usage Notes

Issuing an AVMSSQLDB command generates the following log file: $ORACLE_HOME/av/log/mssqldb-%g.log. The %g is a generation number that starts from 0 (zero) and increases once the file size reaches the 100 MB limit.

9.2 add_collector

Adds a collector for the given SQL Server source database to Oracle Audit Vault. Oracle Audit Vault verifies the source database for the collector requirements. Run this command on the Audit Vault Server.

Syntax

avmssqldb add_collector -srcname srcname -agentname agentname
         [-collname collname] [-desc desc]

Arguments

Argument	Description
`-srcname` `srcname`	Enter the name of the source database for which the collector is to be added. Remember that the source database name is case-sensitive.
`-agentname` `agentname`	Create a name for the agent that will use the MSSQLDB collector.
`-collname` `collname`	Create a name for the MSSQLDB collector. Optional. If you do not create a name, Oracle Audit Vault names the collector `MSSQLCollector`.
`-desc` `desc`	Enter a brief description of the collector. Optional.

Usage Notes

Run any collector-specific preparation scripts before you execute the avmssqldb add_collector command.
The avmssqldb add_collector command prompts for the source user name and password. This user account must exist on the source database.

Example

The following example shows how to add the MSSQLDB collector to Oracle Audit Vault.

$ avmssqldb add_collector -srcname mssqldb4 -agentname agent1 
Enter a username :source_user_name
Enter a password : password

***** Collector Added Successfully*****

9.3 add_source

Registers a SQL Server source database with Oracle Audit Vault for audit data consolidation. Run this command on the Audit Vault Server.

Syntax

avmssqldb add_source -src host:port -srcname srcname  
[-desc desc]

Arguments

Argument	Description
`-src` `host:port`	Enter the source database connection information: host name and port number, separated by a colon. Typically, the host is the fully qualified domain name or IP address of the server on which the SQL Server source database is running, and the port number is 1433.
`-srcname` `srcname`	Create a name for the source database connection. Remember that the source database name is case-sensitive. Oracle Audit Vault uses this name to connect to the Microsoft SQL Server source database.
-`desc` `desc`	Enter a brief description for the source database. Optional.

Usage Notes

The avmssqldb add_source command prompts for the source user name and password. This user account must exist on the source database. See the example.

Example

The following example shows how to register a source with Oracle Audit Vault.

$ avmssqldb add_source -src mssqlserver:1433 -srcname mssqldb4 -desc 'HR Database'
Enter a username :source_user_name
Enter a password : password

***** Source Verified *****
***** Source Added Successfully *****

9.4 alter_collector

Modifies the attributes of an MSSQLDB collector. Run this command on the Audit Vault Server.

Syntax

avmssqldb alter_collector -srcname srcname -collname collname 
      [attrname=attrvalue...attrname=attrvalue]

Arguments

Argument	Description
`-srcname` `srcname`	Enter the name of the source database to which this collector belongs. Remember that the source database name is case-sensitive.
`-collname` `collname`	Enter the name of the collector to be modified.
`attrname=attrvalue`	Enter the attribute pair (attribute name, new attribute value) for mutable collector property and attributes for this collector type. This argument is optional. Separate multiple pairs by a space on the command line.

Usage Notes

You can modify the collector DESCRIPTION property and one or more attributes at a time. Table 9-2 lists the collector attributes (parameters), whether the parameter is mutable, the default value, and a brief description of the attribute.

Table 9-2 MSSQLDB Collector Attributes

Parameter	Mutable	Default Value	Description
`DESCRIPTION`	Yes	`NULL`	The description for this collector
`dbconnection`	No	`1`	Number of connections to the database
`AUDIT_C2_FLAG`	Yes	`1`	Whether C2 logs can be collected by the MSSQLDB collector. Values can be 0 or 1.
`AUDIT_SERVERSIDE_TRACES_FLAG`	Yes	`1`	Whether server side trace logs can be collected by the MSSQLDB collector. Values can be 0 or 1. See the usage notes.
`AUDIT_EVENT_LOG_FLAG`	Yes	`1`	Whether events logs can be collected by the MSSQLDB collector. Values can be 0 or 1.
`C2_TRACE_FILEPATH`	Yes	`NULL`	The C2 trace file path. See the usage notes.
`SERVERSIDE_TRACE_FILEPATH`	Yes	`NULL`	The value for server-side trace file path. See the usage notes.
`DELAY_TIME`	Yes	`20000`	The delay time (in milliseconds) of the collector
`NO_OF_RECORDS`	Yes	`1000`	The maximum number of records to be fetched by the collector. This attribute is mutable.

For SQL Server 2000 source databases only, the trace file (.trc) audit trail is not released to the collector until either the file reaches its maximum file size and another trace file is created, or the source database is shut down and restarted.
If the server side TRACEPATH parameter or the C2_TRACE_FILEPATH parameter is set to null, and the AUDIT_SERVERSIDE traces flag is set to true, then the collector queries the SQL Server database for active trace files and collects audit data from them.
For the C2_TRACE_FILEPATH and the SERVERSIDE_TRACE_FILEPATH parameters, the value for the path can be of the form Drive:\Directory....\File Prefix*.

Example

The following example shows how to alter the NO_OF_RECORDS attribute and the collector description for the MSSQLCollector collector in ORacle Audit Vault:

$ avmssqldb alter_collector -srcname mssqldb4 -collname MSSQLCollector NO_OF_RECORDS=1500 DESCRIPTION="MSSQLDB collector 45" SERVERSIDE_TRACE_FILEPATH="c:\SQLAuditFile*

***** Collector Altered Successfully *****

9.5 alter_source

Modifies the attributes of a SQL Server source database. Run this command on the Audit Vault Server.

Syntax

avmssqldb alter_source -srcname sourcename 
          [attrname=attrvalue...attrname=attrvalue]

Arguments

Argument	Description
`-srcname` `sourcename`	Enter the name of the source database to be modified. Remember that the source database name is case-sensitive.
`attrname=attrvalue`	Enter the attribute pair (attribute name, new attribute value) for mutable source properties and attributes for this source type. This argument is optional. Separate multiple pairs by a space on the command line.

Usage Notes

Table 9-3 lists the source attributes, a brief description of the attribute, whether the attribute is mutable, and the default value. You can modify one or more source attributes at a time.

Table 9-3 Source Attributes

Attribute	Description	Mutable	Default Value
`SOURCETYPE`	The source type name for this source database. The default name is MSSQLDB.	No	`NULL`
`NAME`	The name for this source database	No	`NULL`
`HOST`	The source database host name	No	`NULL`
`HOSTIP`	The source database host IP address	No	`NULL`
`VERSION`	The source database version	Yes	`NULL`
`DESCRIPTION`	The description for this source database	Yes	`NULL`
`PORT`	A new port number for this system where the source database audit data resides	Yes	None

Example

The following example shows how to alter the DESCRIPTION attribute for the source database named mssqldb4 in Oracle Audit Vault:

$ avmssqldb alter_source -srcname mssqldb4 DESCRIPTION="HR Database" 

***** Source Altered Successfully *****

9.6 drop_collector

Disables (but does not remove) an MSSQLDB collector from Oracle Audit Vault. Run this command from the Audit Vault Server.

Syntax

avmssqldb drop_collector -srcname srcname -collname collname

Arguments

Argument	Description
`-srcname` `srcname`	Enter the name of the source database to which the collector (specified in the `-collname` argument) belongs. Remember that the source database name is case-sensitive.
`-collname` `collname`	Enter the name of the collector to be dropped from Oracle Audit Vault.

Usage Notes

The drop_collector command does not delete the collector from Oracle Audit Vault. It only disables the collector. The collector metadata is still in the database after you run the drop_collector command. If you want to recreate the collector, create it with a different name.

Example

The following example shows how to drop a collector named MSSQLCollector from Oracle Audit Vault:

$ avmssqldb drop_collector -srcname mssqldb4 -collname MSSQLCollector

***** Collector Dropped Successfully *****

9.7 drop_source

Disables (but does not remove) a SQL Server source database from Oracle Audit Vault. Run this command on the Audit Vault Server.

Syntax

avmssqldb drop_source -srcname srcname

Arguments

Argument	Description
`-srcname` `srcname`	Enter the source (by source name) to be dropped from Oracle Audit Vault. Remember that the source database name is case-sensitive.

Usage Notes

The drop_source command does not delete the source database from Oracle Audit Vault. It only disables the source database definition in Oracle Audit Vault. The source database metadata is still in the database after you run the drop_source command. If you want to re-create the source database definition, create it with a different name.
You cannot drop a source database if it has any active collectors for this source database. You must drop all collectors associated with the source database before you can run the drop_source command on it.

Example

The following example shows how to drop the source named mssqldb4 from Oracle Audit Vault:

$ avmssqldb drop_source -srcname mssqldb4

***** Drop Source Successfully *****

9.8 -help

Displays help information for the AVMSSQLDB commands. Run this command on either the Audit Vault Server and the Audit Vault collection agent.

Syntax

avmssqldb -help

avmssqldb command -help

Arguments

Argument	Description
`command`	Enter the name of an `AVMSSQLDB` command for which you want help to appear.

Usage Notes

None

Example

The following example shows how to display general AVMSSQLDB utility help in Oracle Audit Vault:

avmssqldb -help

The following example shows how to display specific AVMSSQLDB help for the add_source command in the Audit Vault Server home shell.

$ avmssqldb add_source -help
  avmssqldb add_source command
 
    add_source
          -src <host:port>
          -srcname <srcname> [-desc <desc>] 
 
  Purpose: The source is added to Audit Vault.
 
  Arguments:
       -src        : Source DB connection information to coolect audit data.
       -srcname    : Name of a source
       -desc       : Optional description of the source
 
  Examples:
     avmssqldb add_source -src 10.105.118.91:1433 
        -desc 'source for admin databases' -srcname mssource

9.9 setup

Adds the SQL Server source user credentials to the wallet, creates a database alias in the wallet for the source user, and verifies the connection to the source using the wallet. You also can use this command to change the source user credentials in the wallet after these credentials have been changed in the source database. Run this command on the Audit Vault collection agent.

Syntax

avmssqldb setup -srcname srcname

Arguments

Argument	Description
`-srcname` `srcname`	Enter the name of the source database. Remember that the source database name is case-sensitive.

Usage Notes

If you installed the collection agent on a Microsoft Windows computer, run the avmssqldb setup command from the ORACLE_HOME\agent_directory\bin directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
The avmssqldb setup command prompts for the source user name and password. This user account must exist on the source database.

Example

$ avmssqldb setup -srcname mssqldb4
Enter a username : source_user_name
Enter a password : password

***** Credentials Successfully added *****

9.10 verify

Verifies that a SQL Server source database is compatible for setting up the specified collector. Run this command on either the Audit Vault Server or the Audit Vault collection agent.

Syntax

avmssqldb verify -src host:port

Arguments

Argument	Description
`-src` `host:port`	Enter the source database connection information: host name and port number, separated by a colon. Typically, the host is the fully qualified domain name or IP address of the server on which the SQL Server source database is running, and the port number is 1433.

Usage Notes

The avmssqldb verify command checks the following:
- Whether the version of the SQL Server database is supported: SQL Server 2000 or SQL Server 2005
- Whether the source user has the required privileges in the source database that is to be registered with Oracle Audit Vault
- Whether auditing (C2 auditing and server-side trace auditing) is enabled in the source database
If you installed the collection agent on a Microsoft Windows computer and want to run the avmssqldb verify command from there, run it from the ORACLE_HOME\agent_directory\bin directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
The avmssqldb verify command prompts for the source user name and password. This user account must exist on the source database.

Example

The following example verifies that the source is compatible with the MSSQLDB collector on Windows.

$ avmssqldb verify -src 192.0.2.1:4523
Enter a username : source_user_name
Enter a password : password

***** Source Verified *****