Oracle® Audit Vault Administrator's Guide Release 10.2.3.2 Part Number E14459-02 |
|
|
View PDF |
Audit Vault Configuration Assistant (AVCA
) is a command-line utility you use to manage various Audit Vault components (for example, adding or dropping collection agents). When you run these commands, remember the following:
Enter the command in lowercase letters. The commands are case-sensitive.
When you open a new shell to run the command, first set the appropriate environment variables. See Section 2.2 for more information.
Oracle Audit Vault creates a log file of AVCA command activity. See Section A.1 and Section A.2 for more information.
Table 6-1 describes the Audit Vault Configuration Assistant commands and where each is used, whether on the Audit Vault Server, on the Audit Vault collection agent, or in both places.
Table 6-1 Audit Vault Configuration Assistant Commands
Command | Used Where? | Description |
---|---|---|
Server |
Adds a collection agent to Oracle Audit Vault |
|
Server |
Reconfigures the Remedy ticket service to use the settings in the deployment descriptor properties file |
|
Server |
Reconfigures the ticket notification service to use different SMTP server settings |
|
Both |
Creates or updates a credential to be stored in the wallet |
|
Collection agent |
Creates a wallet to hold credentials |
|
Server |
Deploys the |
|
Server |
Disables the Remedy ticket service |
|
Server |
Disables the SMTP configuration |
|
Server |
Drops a collection agent from Oracle Audit Vault |
|
Server |
Enables the Remedy ticket service |
|
Server |
Enables an existing SMTP configuration for the e-mail notification service |
|
Server |
Generates a certificate request |
|
Both |
Displays help information for the |
|
Server |
Imports the specified certificate into the wallet |
|
Both |
Redeploys the |
|
Server |
Registers the Remedy ticket service with Oracle Audit Vault |
|
Server |
Registers or removes the Oracle Audit Vault e-mail notification service to use an SMTP server |
|
Server |
Removes the specified certificate from the wallet |
|
Collection agent |
Secures the Audit Vault collection agent by enabling mutual authentication with Oracle Audit Vault |
|
Server |
Secures Audit Vault Server by enabling mutual authentication with the Audit Vault collection agent |
|
Server |
Enables the Remedy ticket service to use a secure configuration |
|
Server |
Enables the e-mail notification service to work with a secure SMTP server by specifying the type of connection protocol used to communicate to the SMTP server |
|
Server |
Sets the time zone based on the UTC (GMC) time zone for use in generated reports |
|
Server |
Controls the amount of data kept online in the data warehouse fact table |
|
Server |
Shows the configuration details of the Remedy ticket service |
|
Server |
Shows the configuration details for the |
|
Server |
Displays the current SMTP configuration details used by the e-mail notification service |
|
Server |
Tests the connection of the Remedy ticket service |
|
Server |
Tests the connection of the ticket notification services with the SMTP server |
Note:
In an Oracle RAC environment, you must runAVCA
commands from the node on which Oracle Enterprise Manager resides. This is the same node on which the av.ear
file is deployed.
If the node on which the av.ear
file is deployed is down, deploy the av.ear
file to another node using the avca deploy_av
command.
The avca add_agent
command adds or registers a collection agent to Oracle Audit Vault.
Where to Run This Command
Audit Vault Server
Syntax
avca add_agent -agentname agent_name [-agentdesc desc] -agenthost host
Arguments
Argument | Description |
---|---|
-agentname agent_name |
Enter a unique name for the collection agent that you want to create. |
-agentdesc desc |
Enter a description of the collection agent. Optional. |
-agenthost host |
Enter the name of an agent host name where this collection agent is to be installed. |
Usage Notes
You will be prompted to create an agent user name and password. Oracle Audit Vault grants this user the AV_AGENT
role and uses this account to start and stop the collectors. It is for internal use only. See the example that follows.
You may want to create one agent user for each agent, in the event that an agent user account is removed in the future. Alternatively, you can create one agent user for all the agents.
After you create an agent, it is not running. You can start the agent by using the following commands: avctl start_agent
command, described in Section 7.9.
Example
$ avca add_agent -agentname agent3 -agenthost turbokuksa.us.example.com Adding agent... Enter agent user name: agent_user_name Enter agent user password: agent_user_pwd Re-enter agent user password: agent_user_pwd Agent added successfully.
The avca alter_remedy
command reconfigures the Remedy trouble ticket service connection to Oracle Audit Vault. The settings are based on the settings in the deployment descriptor properties file, described in Section 3.7.2. In other words, if you want to modify the Remedy trouble ticket service connection to Audit Vault, modify the deployment descriptor properties file and then run this command in the Audit Vault Server. Run this command after each time you modify or move the deployment descriptor properties file. For the full procedure, see Section 3.7.
Where to Run This Command
Audit Vault Server
Syntax
avca alter_remedy -conf deploymentDescriptor.properties
Arguments
Argument | Description |
---|---|
-conf deploymentDescriptor.properties |
Enter the path to the deployment descriptor properties file. By default, this file is located in the $ORACLE_HOME/av/conf directory. |
Usage Notes
Right after you complete the Remedy trouble ticket service configuration, it is enabled and ready to use.
If the Remedy trouble ticket service is on a secure server, then run the avca secure_remedy
command (Section 6.21) after you run avca register_remedy
.
To test the configuration, run the avca test_remedy
command (Section 6.28).
Example
$ avca alter_remedy -conf $ORACLE_HOME/av/conf/remedy.properties Remedy configuration altered successfully.
The avca alter_smtp
command reconfigures the Oracle Audit Vault e-mail notification service.
Where to Run This Command
Audit Vault Server
Syntax
avca alter_smtp -server IP:port|host:port -sender_id string -sender_email e-mail -auth|-noauth
Arguments
Argument | Description |
---|---|
-server IP:port | host:port |
Enter the server connection information, either using the IP address or the server name, and the outgoing server port number. |
-sender_id string |
Enter the user ID of the person responsible for sending the e-mail (that is, the e-mail address that appears after From ). |
-sender_email e-mail |
Enter the e-mail address of the person whose ID you entered for the -sender_email argument, in Request For Comments (RFC) 822 format. |
-auth |-noauth |
Enter one of the following settings:
|
Usage Notes
After you complete the SMTP server connection, it is enabled and ready to use.
If the SMTP server is a secure server, then run the avca secure_smtp
command (Section 6.22) after you run avca register_smtp
.
The AVCA_SMTPUSR
variable is an alternative way that you can use to set the username and password without having the command interactively prompt for the username and password. You can use this variable for scripts that run AVCA
and do not want manual intervention. Ensure that you set this variable on the Audit Vault Server. For example:
$ setenv AVCA_SMTPUSR user/password
To test the configuration, run the avca test_smtp
command (Section 6.29).
Example
$ avca register_smtp kuksanest:3924 -sender rmcmurphy -sender_email rmcmurphy@example.com -auth Enter SMTP server username: dharding Enter SMTP server password: password Re-enter SMTP server: password Credential stored successfully. SMTP configuration altered successfully.
The avca create_credential
command creates or updates a credential to be stored in an Oracle wallet. Run this command on both the Audit Vault Server and Audit Vault collection agent during collector development.
Where to Run This Command
Either Audit Vault Server or collection agent home
Syntax
avca create_credential -wrl wallet_location -dbalias db_alias
Arguments
Argument | Description |
---|---|
-wrl wallet_location |
Enter the location of the Oracle Audit Vault wallet. Locations are as follows:
|
-dbalias db_alias |
Enter the database alias. In the Audit Vault Server home, the database alias is the SID or Oracle instance identifier. You can find this SID by running the lsnrctl status command on the computer where you installed the source database. |
Usage Notes
Use this command to create a new certificate if another user changes the source user password on the source database, thus eventually breaking the connection between the collector and the source.
If you installed the collection agent on a Microsoft Windows computer and want to run the avca create_credential
command from there, run it from the ORACLE_HOME
\bin
directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
Example
$ avca create_credential -wrl $ORACLE_HOME/network/admin/avwallet -dbalias av AVCA started Storing user credentials in wallet... Enter source user username: srcuser1 Enter source user password: password Re-enter source user password: password Credential stored successfully.
The avca create_wallet
command creates a wallet to hold credentials.
Where to Run This Command
Audit Vault collection agent home
Syntax
avca create_wallet -wrl wallet_location
Arguments
Argument | Description |
---|---|
-wrl wallet_location |
Enter the directory location for the wallet. Ensure that this directory already exists. Locations are as follows:
|
Usage Notes
If you installed the collection agent on a Microsoft Windows computer, run the avca create_wallet
command from the ORACLE_HOME
\bin
directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
After you execute this command, .sso
and .p12
files are generated in the wallet location.
Example
The following example shows how to create a wallet in the location specified as $T_WORK/tt_1
:
$ avca create_wallet -wrl $T_WORK/tt_1
Enter wallet password: password
Wallet created successfully.
The avca deploy_av
command deploys the av.ear
file to another node in an Oracle Real Application Clusters (Oracle RAC) environment. This command also modifies the server.xml
file and other related files to enable Oracle Audit Vault management through the Oracle Enterprise Manager Database Control console.
Where to Run This Command
Audit Vault Server
Syntax
avca deploy_av -sid sid -dbalias db_alias -avconsoleport av_console_port
Arguments
Argument | Description |
---|---|
-sid sid |
Enter the Oracle Database system identifier (SID) for the instance. You can verify the SID by running the lsnrctl status command on the computer where you installed the source database.
Enter the Oracle Database system identifier (SID) for the Audit Vault Server instance. You can verify the SID by running the |
-dbalias db_alias |
Enter the database alias for Oracle Audit Vault. The database alias is the value that you provided in the Audit Vault Name field during installation. |
-avconsoleport av_console_port |
Enter the port number for the Audit Vault Console. You can find this number by entering the following command in the Audit Vault Server shell:
avctl show_av_status |
Usage Notes
In an Oracle RAC environment, you must run the AVCA
commands from the node on which Oracle Enterprise Manager resides. This is the same node on which the av.ear
file is deployed.
If the host on which Oracle Enterprise Manager resides becomes unavailable, you can migrate the Audit Vault Web application file, av.ear
, to a different node by using the avca deploy_av
command. After you migrate the Web application, you must recreate the wallet entries for all the source databases managed by Oracle Audit Vault on this new node by using the avca create_credential
command.
To use the Audit Vault Console from this other node, enter its host name or IP address (host
) and port number (port
) as you did previously in the Address field of the browser window (http:
//host
:port
/av
), but replace the original host name or IP address with that for the other node.
Example
$ avca deploy_av -sid av -dbalias av -avconsoleport 5700
The avca disable_remedy
command disables the Remedy trouble ticket service configuration.
Where to Run This Command
Audit Vault Server
Syntax
avca disable_remedy
Arguments
None.
Usage Notes
After you disable the configuration, Oracle Audit Vault preserves the most recent configuration. So, when you re-enable the configuration, this configuration is made active again.
To find details about the current Remedy service configuration, issue the avca show_remedy_config
command, described in Section 6.25.
Example
$ avca disable_remedy Remedy integration is disabled.
The avca disable_smtp
command disables the SMTP configuration for the e-mail notification service.
Where to Run This Command
Audit Vault Server
Syntax
avca disable_smtp
Arguments
None.
Usage Notes
After you disable the configuration, Oracle Audit Vault preserves the most recent configuration. So, when you re-enable the configuration, this configuration is made active again.
To find details about the current SMTP configuration, issue the avca show_smtp_config
command, described in Section 6.27.
Example
$ avca disable_smtp SMTP integration is disabled.
The avca drop_agent
disables (but does not remove) a collection agent from Oracle Audit Vault.
Where to Run This Command
Audit Vault Server
Syntax
avca drop_agent -agentname agent_name
Arguments
Argument | Description |
---|---|
-agentname agent_name |
Enter the name of the collection agent to be dropped from Oracle Audit Vault. |
Usage Notes
The drop_agent
command does not delete the collection agent from Oracle Audit Vault. It only disables the collection agent. The collection agent metadata is still in the database after you run the drop_agent
command. If you want to re-create the collection agent, create it with a different name.
Oracle Audit Vault displays an error if active collectors are still running in the collection agent.
Example
The following example shows how to drop a collection agent named sales_agt
from Oracle Audit Vault:
$ avca drop_agent -agentname uberkuksa Agent dropped successfully.
The avca enable_remedy
enables the Remedy trouble ticket service configuration that was registered with the avca register_remedy
or avca alter_remedy
command.
Where to Run This Command
Audit Vault Server
Syntax
avca enable_remedy
Arguments
None.
Usage Notes
When you enable the Remedy registration, Oracle Audit Vault uses the configuration that was in place when you last disabled the Remedy trouble ticket service.
To find details about the most recent Remedy service configuration, issue the avca show_remedy_config
command, described in Section 6.25.
Example
$ avca enable_remedy Remedy integration is enabled.
The avca enable_smtp
command enables the SMTP configuration for the e-mail notification service that was created with the avca register_smtp
command.
Where to Run This Command
Audit Vault Server
Syntax
avca enable_smtp
Arguments
None.
Usage Notes
When you enable the configuration, Oracle Audit Vault uses the configuration that was in place when you last disabled the SMTP configuration.
To find details about the most recent service configuration, issue the avca show_smtp_config
command, described in Section 6.27.
Example
$ avca enable_smtp SMTP integration is enabled.
The avca generate_csr
command generates a certificate request in the format of a text file.
Where to Run This Command
Audit Vault Server
Syntax
avca generate_csr -certdn Audit_Vault_Server_host_DN [-keysize size] -out certificate_request_output_file
Arguments
Argument | Description |
---|---|
-certdn Audit_Vault_Server_host_DN |
Enter the distinguished name (DN) of the Audit Vault Server host |
keysize size |
Enter the certificate key size (in bits). Optional. Possible values are:
|
-out certificate_request_output_file |
Enter the path and name of the certificate request output file. Ensure that you have write permissions for this directory. |
Usage Notes
You must use this command to generate a certificate request. After generating the certificate request, send it to your certificate authority (CA) and get it signed and then returned as a signed certificate.
The DN of the Audit Vault Server is typically of the following form:
CN=fully_qualified_hostname,OU=Org_Unit,O=Organization,ST=State,C=Country
For detailed information about generating certificate requests when setting up the HTTPS protocol for Oracle Audit Vault, see Section 5.6.
If you need to update the XDB certificate that you obtained from running the avca generate_csr
command, see Section 5.7.
Example
The following example shows how to generate a certificate request:
$ avca generate_csr -certdn CN=sales_srv.us.example.com,OU=SalesReps,O=RisingDoughCo,ST=CA,C=US -out user_certificate.cer Generating Certificate request... Certificate request generated successfully
The avca -help
command displays help information for the AVCA
commands.
Where to Run This Command
Either Audit Vault Server or collection agent home
Syntax
avca -help
avca command -help
Arguments
Argument | Description |
---|---|
command |
Enter the name of an AVCA command for which you want help messages to appear |
Usage Notes
If you installed the collection agent on a Microsoft Windows computer and want to run the avca help
command from there, run it from the ORACLE_HOME
\bin
directory. For UNIX or Linux installations, ensure that you have set the appropriate environment variables before running this command. See Section 2.2 for more information.
Example
The following example shows how to display general AVCA
utility help in the Audit Vault Server home.
$ avca -help -------------------------------------------- AVCA Usage -------------------------------------------- Oracle Audit Vault Configuration commands - AV Server: avca deploy_av -sid <sid> -dbalias <db alias> -avconsoleport <av console port> avca generate_csr -certdn <Audit Vault Server host DN> [-keysize 512|1024|2048] -out <certificate request output file> avca import_cert -cert <User/Trusted certificate> [-trusted] avca remove_cert -certdn <Audit Vault Server host DN> avca secure_av -avkeystore <keystore location> -avtruststore <truststore location> avca secure_av -remove avca set_server_tz -offset <[+/-]hh:mm> avca show_server_tz Oracle Audit Vault Configuration commands - Agent: avca add_agent -agentname <agent name> [-agentdesc <desc>] -agenthost <host> avca drop_agent -agentname <agent name> Oracle Audit Vault Configuration commands - Warehouse: avca set_warehouse_retention -intrv <year-month interval> Oracle Audit Vault Configuration commands - SMTP: avca register_smtp -server <host:port> -sender_id <sender id> -sender_email <sender email> -auth|-noauth avca register_smtp -remove avca alter_smtp [-server <host:port>] [-sender_id <sender id>] [-sender_email <sender email>] [-auth|-noauth] avca secure_smtp -protocol ssl|tls [-truststore <truststore location>] avca secure_smtp -remove avca show_smtp_config avca enable_smtp avca disable_smtp avca test_smtp -to <recipient email> Oracle Audit Vault Configuration commands - Remedy: avca register_remedy -config <remedy config file> avca register_remedy -remove avca alter_remedy -config <remedy config file> [-auth] avca secure_remedy [-truststore <truststore location>] avca secure_remedy -remove avca show_remedy_config avca enable_remedy avca disable_remedy avca test_remedy -ticket_id <remedy ticket id> Oracle Audit Vault Configuration commands - Authentication: avca create_wallet -wrl <wallet_location> avca create_credential -wrl <wallet_location> -wpwd <wallet_pwd> -dbalias <db alias> -usr <usr>/<pwd> avca -help
From the Audit Vault collection agent home, the avca -help
output is as follows:
$ avca -help -------------------------------------------- AVCA Usage -------------------------------------------- Oracle Audit Vault Agent Installation commands avca secure_agent -agentkeystore <keystore location> -avdn <DN of Audit Vault> -agentdn <DN of agent> avca secure_agent -remove Oracle Audit Vault Configuration commands - Authentication: avca create_wallet -wrl <wallet_location> avca create_credential -wrl <wallet_location> -wpwd <wallet_pwd> -dbalias <db alias> -usr <usr>/<pwd> avca -help
The following example shows how to display specific AVCA
help for the add_agent
command in Audit Vault.
$ avca add_agent -help avca add_agent -agentname <agent name> [-agentdesc <desc>] -agenthost <host> ------------------------------------------------ -agentname <agent name> [-agentdesc <agent description>] -agenthost <agent host> ------------------------------------------------
The avca import_cert
command imports the specified user or trusted certificate into the wallet.
Where to Run This Command
Audit Vault Server
Syntax
avca import_cert -cert User/Trusted_certificate [-trusted]
Arguments
Argument | Description |
---|---|
-cert User/Trusted_certificate |
Enter the path and file name of the certificate to be imported into the wallet. See the usage notes. |
-trusted |
Include this argument if you want to indicate that the certificate is trusted. If it is a user certificate, then omit the trusted argument. Optional. |
Usage Notes
To obtain the certificate, contact the certificate authority. Place the certificate in a directory that you can easily access, for the -cert
argument. Ensure that the certificate matches a pending certificate request in the wallet. You must import the trusted certificate for this certificate first.
For detailed information about configuring wallets when setting up the HTTPS protocol for Oracle Audit Vault, see Section 5.6.
Example
The following example shows how to import a certificate into the wallet.
$ avca import_cert -cert user_certificate.cer Importing Certificate... Certificate imported successfully.
This example shows how to import a trusted certificate into the wallet.
$ avca import_cert -cert ca_certificate.cer -trusted Importing Certificate... Certificate imported successfully.
The avca redeploy
command redeploys the av.ear
file on the Audit Vault Server system or the AVAgent.ear
file on the Audit Vault collection agent system.
Where to Run This Command
Either Audit Vault Server or collection agent home
Syntax
avca redeploy
Arguments
None.
Usage Notes
If you installed the collection agent on a Microsoft Windows computer and want to run the avca redeploy
command from there, run it from the ORACLE_HOME
\bin
directory. For UNIX or Linux installations, ensure that you have set the appropriate environment variables before running this command. See Section 2.2 for more information.
Example
The following example shows how to redeploy either the av.ear
file on the Audit Vault Server system or the AVAgent.ear
file on the Audit Vault collection agent system.
$ avca redeploy Deploying AV web application... Getting EM home = stapp03.us.oracle.com_sx4 Stopping OC4J... OC4J stopped successfully. Expanding av.ear Looking for directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av Deleting directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av Creating directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av Looking for directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av/av Creating directory /oracle/work/sx4/oc4j/j2ee/oc4j_applications/applications/av/av Deploying pre-compiled jsps Starting OC4J... OC4J started successfully.
The avca register_remedy
command registers or removes the Remedy trouble ticket service from Oracle Audit Vault. The registration is based on the settings in the deployment descriptor properties file, described in Section 3.7.2. For the full procedure, see Section 3.7.
Where to Run This Command
Audit Vault Server
Syntax
avca register_remedy -config deploymentDescriptor.properties
avca register_remedy -remove
Arguments
Argument | Description |
---|---|
-config deploymentDescriptor.properties |
Enter the path to the deployment descriptor properties file. By default, a template for this file is located in the $ORACLE_HOME/av/conf directory. |
-remove |
Include this keyword to remove the Remedy trouble ticket service from Oracle Audit Vault. |
Usage Notes
Right after you register the Remedy trouble ticket service configuration, it is enabled and ready to use.
If the Remedy trouble ticket service is on a secure server, then run the avca secure_remedy
command (Section 6.21) after you run avca register_remedy
.
To test the configuration, run the avca test_remedy
command (Section 6.28).
Examples
The following example demonstrates how to register the Remedy trouble ticket service:
$ avca register_remedy -config $ORACLE_HOME/av/conf/remedy.properties Enter Remedy server username: Remedy_server_username Enter Remedy server password: password Re-enter Remedy server password: password Credential stored successfully. Remedy server registered successfully.
The command does not create any users; it just stores the user input in the Oracle wallet.
This example shows how to unregister the Remedy trouble ticket service:
$ avca register_remedy -remove Remedy server unregistered successfully.
The avca register_smtp
command registers or unregisters the Oracle Audit Vault e-mail notification service to use an SMTP server. For the full procedure required to complete this type of registration, see Section 3.6.
Where to Run This Command
Audit Vault Server
Syntax
avca register_smtp -server IP:port|host:port -sender_id string -sender_email e-mail -auth|-noauth avca register_smtp -remove
Arguments
Argument | Description |
---|---|
-server IP:port | host:port |
Enter the server connection information, either using the IP address or server name, and the outgoing server port number. |
-sender string |
Enter the user ID of the person responsible for sending the e-mail (that is, the e-mail address that appears after From ). |
-sender_email e-mail |
Enter the e-mail address of the person whose ID you entered for the -sender argument, in Request For Comments (RFC) 822 format. |
-auth |-noauth |
Enter one of the following settings:
|
-remove |
Include this keyword to remove the SMTP service from Oracle Audit Vault. |
Usage Notes
Right after you create the SMTP server connection, it is enabled and ready to use.
If the SMTP server is a secure server, then run the avca secure_smtp
command (Section 6.22) after you run avca register_smtp
.
To test the configuration, run the avca test_smtp
command (Section 6.29).
Example
$ avca register_smtp -server kuksanest:3924 -sender imanoyd -sender_email inoydt@example.com -auth Enter SMTP server username: idaneau Enter SMTP server password: password Re-enter SMTP server: password Credential stored successfully. SMTP configuration registered successfully.
The following example removes the SMTP registration:
$ avca register_smtp -remove SMTP server unregistered successfully.
The avca remove_cert
command removes the specified certificate from the wallet.
Where to Run This Command
Audit Vault Server
Syntax
avca remove_cert -certdn Audit_Vault_Server_host_DN
Arguments
Argument | Description |
---|---|
-certdn Audit_Vault_Server_host_DN |
Enter the distinguished name (DN) of the Audit Vault Server host that was used for the avca generate_csr command. |
Usage Notes
Oracle Audit Vault removes the certificate or key pair for the DN matching the given DN from the wallet. For example, you can use this command to remove a certificate that expires or is revoked by the CA, and replace it with a renewed certificate.
You, the Oracle Audit Vault administrator, provide the DN of the Audit Vault Server is typically of the form:
CN=hostname_fully_qualified,OU=Org_Unit,O=Organization,ST=State,C=Country
Example
The following example shows how to remove a certificate from the wallet.
$ avca remove_cert -certdn -hrdb.example.com CN=AV_Server_host_DN,OU=DBSEC,O=Oracle,ST=CA,C=US Removing Certificate... Certificate removed successfully.
The avca secure_agent
command secures the Audit Vault collection agent by enabling mutual authentication with the Audit Vault Server. If you specify the remove
argument, this command removes mutual authentication with the Audit Vault Server.
Where to Run This Command
Audit Vault collection agent home
Syntax
avca secure_agent -agentkeystore keystore_location -avdn Audit_Vault_Server_host_DN -agentdn agent_DN [-agentkeystore_pwd keystore_pwd] avca secure_agent -remove
Arguments
Argument | Description |
---|---|
-agentkeystore keystore_location |
Enter the keystore file location for this collection agent.
See Section 5.6.3 for more information about the keystore file. |
-avdn Audit_Vault_Server_host_DN |
Enter the distinguished name (DN) of the Audit Vault Server. |
-agentdn agent_DN |
Enter the DN of this Audit Vault collection agent. |
-remove |
Include this keyword to remove mutual authentication with the Audit Vault Server. |
Usage Notes
If you installed the collection agent on a Microsoft Windows computer, run the avca secure_agent
command from the ORACLE_HOME
\bin
directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
The avca secure_agent
command prompts for the agent key password. You can bypass this prompt if the corresponding environment variable, AVCA_AGENTKEYSTOREPWD
is set. If you enter the password, then it overrides the environment variable. This argument is provided for backward compatibility
The keystore and certificate must be in place at the collection agent site before you execute this command.
Use the following command to generate a keystore:
$ORACLE_HOME/jdk/bin/keytool
When you issue the secure_agent
command for the specified collection agent with both the collection agent and its collectors in a running state, the collection agent and all its collectors will shut down when the agent OC4J shuts down and then restarts. You must manually restart the collection agent and its collectors.
For detailed information about configuring mutual authentication when setting up the HTTPS protocol for Oracle Audit Vault, see Section 5.6.
Example
The following example shows how to secure the Audit Vault collection agent by enabling mutual authentication with the Audit Vault Server.
$ avca secure_agent -agentkeystore /tmp/agentkeystore
-agentdn "CN=agent1, OU=development, O=oracle, L=redwoodshores, ST=ca, C=us"
-avdn "CN=av1, OU=development, O=oracle, L=redwoodshores, ST=ca, C=us"
Enter Audit Vault Agent keystore password: password
Stopping agent...
Agent stopped successfully.
Starting agent...
Agent started successfully.
The following example shows how to unsecure the Oracle Audit Vault collection agent by disabling mutual authentication with the Audit Vault Server.
$ avca secure_agent -remove Stopping agent... Agent stopped successfully. Starting agent... Agent started successfully.
The avca secure_av
command secures the Audit Vault Server by enabling mutual authentication with the Audit Vault collection agent. If you specify the remove
argument, this command removes mutual authentication with Audit Vault collection agent.
Where to Run This Command
Audit Vault Server
Syntax
avca secure_av -avkeystore keystore_location -avtruststore truststore_location [-avkeystorepwd keystore_pwd>] avca secure_av -remove
Arguments
Argument | Description |
---|---|
-avkeystore keystore_location |
Enter the keystore file location for the Audit Vault Server. By default, this file is located in the Audit Vault Server home directory. It has the file extension of .keystore .
See Section 5.6.3 for more information about the keystore file. |
-avtruststore truststore_location |
Enter the trust store location for the Audit Vault Server. This file can be the same file as the avkesytore file. Ensure that this file has the CA certificates imported into it. |
-remove |
Include this keyword to remove mutual authentication with the Audit Vault collection agent |
Usage Notes
The keystore and certificate files must be in place at the Audit Vault Server before you run this command.
Use the following command to generate a keystore:
$ORACLE_HOME/jdk/bin/keytool
When you issue the avca secure_av
command, the Audit Vault Console agent OC4J restarts, which requires you to log in to Audit Vault Console again.
The avca secure_av
command prompts for the keystore password for the Audit Vault Server. If the corresponding environment variable, AVCA_AVKEYSTOREPWD
, is set, then you can bypass this prompt. If you enter the password anyway, it overrides the environment variable. This argument is provided for backward compatibility.
For detailed information about configuring mutual authentication when setting up the HTTPS protocol for Oracle Audit Vault, see Section 5.6.
Example
The following example shows how to secure the Audit Vault Server by enabling mutual authentication with the Oracle Audit Vault collection agent.
$ avca secure_av -avkeystore /tmp/avkeystore -avtruststore /tmp/avkeystore
Enter keystore password: password
The following example shows how to unsecure Audit Vault Server by disabling mutual authentication with the Audit Vault collection agent.
$ avca secure_av -remove Stopping OC4J... OC4J stopped successfully. Starting OC4J... OC4J started successfully. Oracle Audit Vault 10g Database Control Release 10.2.3.2.0 Copyright (c) 1996,2008 Oracle Corporation. All rights reserved. http://av_srv.us.example.com:5700/av Oracle Audit Vault 10g is running. ------------------------------------ Logs are generated in directory $ORACLE_HOME/10.2.3/av_1/av/log
The avca secure_remedy
command enables or disables a secure configuration for the Remedy ticket service. Run this command if the BMC Remedy Action Request System Server is on a secure server.
Where to Run This Command
Audit Vault Server
Syntax
avca secure_remedy -truststore truststore
avca secure_remedy -remove
Arguments
Argument | Description |
---|---|
-truststore truststore |
Enter the path to the truststore file used to validate the server certificates. Optional. |
-remove |
Include this keyword to disable the Remedy ticket service from being a secure configuration. |
Usage Notes
Run this command after you run either the avca register_remedy
(Section 6.16) or avca alter_remedy
(Section 6.2) command.
Example
$ avca secure_remedy -truststore ca_cert.ce Setting Truststore to ca_cert.cer Updated Remedy server configuration to not use secure protocol.
The avca secure_smtp
command enables the e-mail notification service to work with a secure SMTP server by specifying the type of connection protocol used to communicate to the SMTP server. Only run this command if the SMTP server that you are configuring is a secure server.
Where to Run This Command
Audit Vault Server
Syntax
avca secure_smtp -protocol ssl_type -truststore truststore avca secure_smtp -remove
Arguments
Argument | Description |
---|---|
-protocol ssl_type |
Specify one of the following types of protocol: |
-truststore truststore |
Enter the path to the truststore file used to validate the server certificates. Optional. |
-remove |
Include this keyword to disable the e-mail notification service from being a secure configuration. |
Usage Notes
Run this command after you run either the avca register_smtp
(Section 6.17) or avca alter_smtp
(Section 6.3) command.
Examples
The following example shows how to configure the truststore to use the TLS protocol:
$ avca secure_smtp -protocol tls -truststore $ORACLE_HOME/wallets/smtp_keystore Updated SMTP server configuration to use secure protocol.
These examples demonstrate how to disable the e-mail configuration service:
$ avca secure_smtp -remove Updated SMTP server configuration to not use secure protocol. $ avca secure_smtp -protocol ssl Updated SMTP server configuration to use secure protocol.
The avca set_server_tz
command sets the time zone format for Oracle Audit Vault reports and alerts, using an offset of the UTC time zone. It takes effect the next time you generate a report or an alert. Use this command if the time stamps in the generated Audit Vault reports and alerts must be in a time zone other than UTC. (The Audit Vault Server itself always uses the UTC time zone.)
Where to Run This Command
Audit Vault Server
Syntax
avca set_server_tz -offset offset_value
Arguments
Argument | Description |
---|---|
-offset offset_value |
Enter the offset value in the following format:
+/-HH:MM |
Usage Notes
To find the current UTC time zone setting, run the avca show_server_tz
command, described in Section 6.26.
Example
The following example shows how to set the offset value for U.S. Pacific Daylight Time (PDT):
$ avca set_server_tz -offset +07:00 Updated timezone offset successfully.
The avca set_warehouse_retention
command controls the amount of data kept online in the data warehouse fact table.
Where to Run This Command
Audit Vault Server
Syntax
avca set_warehouse_retention -intrv year_month_interval
Arguments
Argument | Description |
---|---|
-intrv year_month_interval |
Enter the year-month interval in the following format:
+YY-MM |
Usage Notes
The interval setting must be a positive value.
As the retention period shifts forward in time, Oracle Audit Vault removes the data that was loaded before the retention period. For example, if you set the retention period for 1 year, any data before that year is discarded.
See Section 3.4 for detailed information about creating a retention period.
Example
The following example shows how to control the amount of data kept online in the data warehouse table. In this case, a time interval of 1 year and 6 months is specified.
$ avca set_warehouse_retention -intrv +01-06 AVCA started Setting warehouse retention period... done.
The avca show_remedy_status
command displays the configuration for the Remedy trouble ticket service connection with Oracle Audit Vault.
Where to Run This Command
Audit Vault Server
Syntax
avca show_remedy_config
Arguments
None.
Usage Notes
To reconfigure the Remedy trouble ticket service connection, run the avca alter_remedy
(Section 6.2) command.
Examples
In the following example, the Remedy trouble ticket service has not been registered:
$ avca show_remedy_config Error executing command show_remedy_config OAV-46856: no remedy server registered
In this example, the Remedy trouble ticket service has been successfully registered:
$ avca show_remedy_config
Remedy server configuration details:
--------------------------------
Action Request host: kuksavoid.com
Mid-tier host: kuksavoid.com
Mid-tier port: 3128
Version: 7.5
Helpdesk Form name: HPD:IncidentInterface
Create Ticket URL: http://kuksavoid.com:3128/arsys/services/ARService?server=kuksavoid&webService=HPD_IncidentInterface_Create_WS
Get Ticket URL: http://kuksavoid.example.com:3128/arsys/services/ARService?kuksavoid=shobeen&webService=HPD_IncidentInterface_WS
Auth String: None
Locale: en_US
Locale: UTC
Security protocol: None
User name: Remedy_server_username
Password: *****
State: Enabled
--------------------------------
The avca show_server_tz
shows the configuration details for the avca set_server_tz
command.
Where to Run This Command
Audit Vault Server
Syntax
avca show_server_tz
Arguments
None.
Usage Notes
To set the UTC time zone for reports and alerts, run the avca set_server_tz
command, described in Section 6.23.
Example
$ avca show_server_tz Server Timezone UTC07:00
The avca show_smtp_config
command displays the current SMTP configuration details used by Oracle Audit Vault.
Where to Run This Command
Audit Vault Server
Syntax
avca show_smtp_config
Arguments
None.
Usage Notes
To reconfigure the SMTP service connection, run the avca alter_smtp
(Section 6.3) command.
Example
$ avca show_smtp_config SMTP server configuration details: -------------------------------- Host: kuksanest.example.com Port: 465 Sender name: ida.neau@example.com "<ida.neau@example.com>" Security protocol: SSL Truststore: Default Authentication required: No State: Enabled --------------------------------
The avca test_remedy
command tests the Remedy ticket service connection for the provided ticket ID. You can enter any Remedy ticket number, not just Oracle Audit Vault-related Remedy ticket numbers.
Where to Run This Command
Audit Vault Server
Syntax
avca test_remedy -ticket_id
Arguments
Argument | Description |
---|---|
-ticket_id id |
Enter the ID of any Remedy ticket in your system. |
Usage Notes
If the test fails, then check the configuration by running the avca show_remedy_config
(Section 6.25) and avctl show_remedy_status
(Section 7.7) commands.
You can recreate the configuration by running the avca alter_remedy
command (Section 6.2).
Example
$ avca test_remedy -ticket_id INC000000000005 Querying Remedy Server for ticket ID "INC000000000005"... Assigned Group: Backoffice Support Assigned Support Company: Calbro Services Assigned Support Organization: IT Support Assignee: Allen Allbrook Summary: Test Ticket manually Priority: Low Service Type: Infrastructure Event Status: Assigned Urgency: 4-Low
The avca test_smtp
command tests the Oracle Audit Vault e-mail notification service.
Where to Run This Command
Audit Vault Server
Syntax
avca test_smtp -to e-mail
Arguments
Argument | Description |
---|---|
-to e-mail |
Recipient to whom to send the test e-mail notification. |
Usage Notes
If the test fails, then check the configuration by running the avca show_smtp_config
(Section 6.27) and avctl show_smtp_status
(Section 7.8) commands.
You can recreate the configuration by running the avca alter_smtp
command (Section 6.3).
Example
$ avca test_smtp -to ida.kuksa@example.com Sending Test e-mail to "ida.kuksa@example.com"... Test e-mail sent successfully. Please check the recipients mailbox to see if the e-mail has been delivered.
In this example, user Ida Kuksa should receive an e-mail similar to the following:
Subject header: Oracle Audit Vault: Test Message
Body text: This is a test message from Oracle Audit Vault
If the test fails, then an error message similar to the following appears:
Sending Test e-mail to "ida.kuksa@example.com"... Error: SEND_EMAIL_ERROR. Message is: Sending failed; nested exception is: javax.mail.MessagingException: Unknown SMTP host: shobeen.example.com; nested exception is: java.net.UnknownHostException: shobeen.example.com.
Check the configuration by running the avca show_smtp_config
(Section 6.27) and avctl show_smtp_status
(Section 7.8) commands. You can recreate the configuring by using the avca alter_smtp
command (Section 6.3).