Oracle® Audit Vault Administrator's Guide Release 10.2.3.1 Part Number E13841-02 |
|
|
View PDF |
Use the Audit Vault Sybase Database (AVSYBDB
) command-line utility to manage the relationship between Oracle Audit Vault and a Sybase ASE source database and collector. When you run these commands, remember the following:
Enter the command in lowercase letters. The commands are case-sensitive.
When you open a new shell to run the command, first set the appropriate environment variables. See Section 2.2 for instructions.
Oracle Audit Vault creates a log file of AVSYBDB command activity. See Section A.1 and Section A.2 for more information.
Table 10-1 describes the AVSYBDB
commands and where each is used, whether on the Audit Vault Server, on the Audit Vault collection agent, or in both places.
Table 10-1 AVSYBDB Commands
Command | Where Used? | Description |
---|---|---|
Server |
Adds a collector to Oracle Audit Vault |
|
Server |
Registers an audit source with Oracle Audit Vault |
|
Server |
Alters the attributes of a collector |
|
Server |
Alters the attributes of a source |
|
Server |
Drops a collector from Oracle Audit Vault |
|
Server |
Drops a source from Oracle Audit Vault |
|
Both |
Displays help information for the |
|
Collection agent |
Adds the source user credentials to the wallet, creates a database alias in the wallet for the source user, and verifies the connection to the source using the wallet |
|
Both |
Verifies that the source is compatible with the collectors |
The AVSYBDB
command-line utility, which you use to configure a Sybase ASE database with Oracle Audit Vault.
Syntax
avsybdb command -help avsybdb command [options] arguments
Arguments
Argument | Description |
---|---|
command |
Enter one of the commands listed in Table 10-1. |
arguments |
Enter one or more of the AVSYBDB command arguments. |
-help |
Displays help information for the AVSYBDB commands. |
Usage Notes
Issuing an AVSYBDB
command generates the following log file: $ORACLE_HOME/av/log/sybdb-%g.log
. The %g
is a generation number that starts from 0 (zero) and increases once the file size reaches the 100 MB limit.
Adds a SYBDB collector for a Sybase ASE source database to Oracle Audit Vault. Oracle Audit Vault verifies the source database for the collector requirements. Run this command on the Audit Vault Server.
Syntax
avsybdb add_collector -srcname srcname -agentname agentname [-collname collname] [-desc desc]
Arguments
Argument | Description |
---|---|
-srcname srcname |
Enter the name of the source database for which the collector is to be added. Remember that the source database name is case-sensitive.
Typically, the host is the fully qualified domain name or IP address of the server on which the Sybase ASE source database is running, and the port number is 5000. |
-agentname agentname |
Create a name for the agent that will use the SYBDB collector. |
-collname collname |
Create a name for the SYBDB collector. Optional. If you do not create a name, Oracle Audit Vault names the collector SybaseCollector . |
-desc desc |
Enter a brief description of the collector. Optional. |
Usage Notes
Run any collector-specific preparation scripts before you execute the avsybdb
add_collector
command.
The avsybdb add_collector
command prompts for the source user name and password. This user account must exist on the source database.
Example
The following example shows how to add a SYBDB collector to Oracle Audit Vault on Linux and UNIX platforms.
$ avsybdb add_collector -srcname sybdb4 -agentname agent1 Enter a username : source_user_name Enter a password : password ***** Collector Added Successfully*****
Registers a Sybase ASE source database with Oracle Audit Vault for audit data consolidation. Run this command on the Audit Vault Server.
Syntax
avsybdb add_source -src host:port -srcname srcname [-desc desc]
Arguments
Argument | Description |
---|---|
-src host : port |
Enter the source database connection information: host name and port number, separated by a colon.
Typically, the host is the fully qualified domain name or IP address of the server on which the Sybase ASE source database is running, and the port number is 5000. |
-srcname srcname |
Create a name to associate with this source database. Remember that the source database name is case-sensitive. Oracle Audit Vault uses this name to connect to the Sybase ASE source database. |
-desc desc |
Enter a brief description of the source database. Optional. |
Usage Notes
The avsybdb add_source
command prompts for the source user name and password. This user account must exist on the source database.
Example
The following example shows how to register a source with Oracle Audit Vault.
$ avsybdb add_source -src lnxserver:5000 -srcname sybdb4 -desc 'HR Database' Enter a username : source_user_name Enter a password : password ***** Source Verified ***** ***** Source Added Successfully *****
Modifies the attributes of a SYBDB collector. Run this command on the Audit Vault Server.
Syntax
avsybdb alter_collector -srcname srcname -collname collname [attrname=attrvalue...attrname=attrvalue]
Arguments
Argument | Description |
---|---|
-srcname srcname |
Enter the name of the source database to which this collector belongs. Remember that the source database name is case-sensitive. |
-collname collname |
Enter the name of the collector to be modified. |
attrname = attrvalue |
Enter the attribute pair (attribute name, new attribute value) for mutable collector property and attributes for this collector type. This argument is optional. Separate multiple pairs by a space on the command line. |
Usage Notes
You can modify one or more collector attributes at a time. Table 10-2 lists the collector attributes (parameters), whether the parameter is mutable, its default value, and a brief description.
Table 10-2 SYBDB Collector Attributes
Parameter | Mutable | Default Value | Description |
---|---|---|---|
|
Yes |
|
The description for this collector |
|
No |
|
Number of connections to the database |
|
Yes |
|
The delay time (in milliseconds) of the collector |
|
Yes |
|
The maximum number of records to be fetched by the collector |
Example
The following example shows how to alter the NO_OF_RECORDS
attribute and the collector description for the SybaseCollector
collector in Oracle Audit Vault:
$ avsybdb alter_collector -srcname sybdb4 -collname SybaseCollector NO_OF_RECORDS=1500 DESCRIPTION="Sybase collector 45" ***** Collector Altered Successfully *****
Modifies the attributes of the Sybase ASE source database. Run this command on the Audit Vault Server.
Syntax
avsybdb alter_source -srcname srcname [attrname=attrvalue...attrname=attrvalue]
Arguments
Argument | Description |
---|---|
-srcname srcname |
Enter the name of the source database to be modified. Remember that the source database name is case-sensitive. |
attrname = attrvalue |
Enter the attribute pair (attribute name, new attribute value) for mutable source properties and attributes for this source type. This argument is optional. Separate multiple pairs by a space on the command line. See Table 10-3 for more information. |
Usage Notes
Table 10-3 lists the source database attributes, a brief description of the attribute, whether the attribute is mutable, and the default value. You can modify one or more source attributes at a time.
Table 10-3 Source Attributes
Attribute | Description | Mutable | Default Value |
---|---|---|---|
|
The source type name for this source database. The default name is SYBDB. |
No |
|
|
The name for this source database |
No |
|
|
The source database host name |
No |
|
|
The source database host IP address |
No |
|
|
The source database version |
Yes |
|
|
A new description for this source database |
Yes |
|
|
A new port number for this system where the source database audit data reside |
Yes |
None |
Example
The following example shows how to alter the DESCRIPTION
attribute for the source database named sybdb4
in Oracle Audit Vault:
$ avsybdb alter_source -srcname sybdb4 DESCRIPTION="HR Database" ***** Source Altered Successfully *****
Disables (but does not remove) a SYBDB collector from Oracle Audit Vault. Run this command from the Audit Vault Server. The drop_collector
command does not delete the collector from Oracle Audit Vault; instead, it disables the collector. Therefore, you can neither add a collector by the same name as the one that was dropped nor enable a collector that has been dropped.
Syntax
avsybdb drop_collector -srcname srcname -collname collname
Arguments
Argument | Description |
---|---|
-srcname srcname |
Enter the name of the source database to which the collector (specified in the -collname argument) belongs. Remember that the source database name is case-sensitive. |
-collname collname |
Enter the name of the collector to be dropped from Oracle Audit Vault. |
Usage Notes
The drop_collector
command does not delete the collector from Oracle Audit Vault. It only disables the collector. The collector metadata is still in the database after you run the drop_collector
command. If you want to recreate the collector, create it with a different name.
Example
The following example shows how to drop the collector named SybaseCollector
from Oracle Audit Vault:
$ avsybdb drop_collector -srcname sybdb4 -collname SybaseCollector ***** Collector Dropped Successfully *****
Disables (but does not remove) a Sybase ASE source database from Oracle Audit Vault. Run this command on the Audit Vault Server.
Syntax
avsybdb drop_source -srcname srcname
Arguments
Argument | Description |
---|---|
-srcname srcname |
Enter the name of the source database to be dropped from Oracle Audit Vault. Remember that the source database name is case-sensitive. |
Usage Notes
The drop_source
command does not delete the source database from Oracle Audit Vault. It only disables the source database definition in Oracle Audit Vault. The source database metadata is still in the database after you run the drop_source
command. If you want to re-create the source database definition, create it with a different name.
You cannot drop a source database if there are any active collectors for this source. You must drop all collectors associated with the source database before you can run the drop_source
command on it.
Example
The following example shows how to drop the source named sybdb4
from Oracle Audit Vault:
$ avsybdb drop_source -srcname sybdb4 ***** Drop Source Successfully *****
Displays help information for the AVSYBDB
commands. Run this command on either the Audit Vault Server or the Audit Vault collection agent.
Syntax
avsybdb -help
avsybdb command -help
Arguments
Argument | Description |
---|---|
command |
Enter the name of an AVSYBDB command for which you want help to appear. |
Usage Notes
None
Example
The following example shows how to display general AVSYBDB
utility help in Oracle Audit Vault:
avsybdb -help
The following example shows how to display specific AVSYBDB
Help for the add_source
command in the Audit Vault Server home shell.
$ avsybdb add_source -help avsybdb add_source command add_source -src <host:port> -srcname <srcname> [-desc <desc>] Purpose: The source is added to Audit Vault. Arguments: -src : Source DB connection information -srcname : Name of a source -desc : Optional description of the source Examples: avsybdb add_source -src lnxserver:5000 -desc 'HR Database'
Adds the Sybase ASE source user credentials to the wallet, creates a database alias in the wallet for the source user, and verifies the connection to the source using the wallet. You also can use this command to change the source user credentials in the wallet after these credentials have been changed in the source database. Run this command on the Audit Vault collection agent.
Syntax
avsybdb setup -srcname srcname
Arguments
Argument | Description |
---|---|
-srcname srcname |
Enter the name of the source database. Remember that the source database name is case-sensitive. |
Usage Notes
If you installed the collection agent on a Microsoft Windows computer, run the avsybdb setup
command from the ORACLE_HOME
\
agent_directory
\bin
directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
The avsybdb setup
command prompts for the source user name and password. This user account must exist on the source database.
Example
$ avsybdb setup -srcname sybdb4 Enter a username : source_user_name Enter a password : password ***** Credentials Successfully added *****
Verifies that the Sybase ASE source database is compatible for setting up the specified collectors. Run this command on either the Audit Vault Server or the Audit Vault collection agent.
Syntax
avsybdb verify -src host:port
Arguments
Argument | Description |
---|---|
-src host : port |
Enter the source database connection information: host name and port number, separated by a colon.
Typically, the host is the fully qualified domain name or IP address of the server on which the Sybase ASE source database is running, and the port number is 5000. |
Usage Notes
The avsybdb verify
command checks the following:
Whether the version of the database is supported: Sybase ASE 15.0.2 or Sybase ASE 12.5.4
Whether the source user has the required privileges in the source database that is to be registered with Oracle Audit Vault
Whether auditing is enabled in the source database
Whether the operating system on which the source database is running is supported
If you installed the collection agent on a Microsoft Windows computer and want to run the avsybdb verify
command from there, run it from the ORACLE_HOME
\
agent_directory
\bin
directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
The avsybdb verify
command prompts for the source user name and password. This user account must exist on the source database.
Example
The following example verifies that the source is compatible with the SYBDB collector on a Linux or UNIX system.
$ avsybdb verify -src 192.0.2.7:5000 Enter a username : source_user_name Enter a password : password ***** Source Verified *****