8 Configuring and Using Remote Monitoring

This section contains:

• About Remote Monitoring

• Installing and Enabling Remote Monitoring

• Disabling Remote Monitoring

About Remote Monitoring

Remote monitoring enables an enforcement point to directly monitor SQL traffic in a database. To use remote monitoring, you run a script from the operating system of the Linux server that you want to use for the remote monitor. (Unlike local monitoring, you do not install the remote monitoring software into the database that you want to protect.) The script captures the SQL traffic and sends it over the network to an Oracle Database Firewall. This SQL data is then available for reports generated by this Database Firewall. You can configure one Database Firewall to manage multiple remote monitoring configurations on your network.

Remote monitoring is designed for situations when you have many small databases in a distributed environment, and you want Oracle Database Firewall to manage all of these small databases centrally. If you want to use remote monitoring for larger databases, then contact Oracle Support.

The remote monitoring files that you use are as follows:

• remote-agent: The remote monitoring executable script. Typically, you download this script from the extras directory in the Oracle Database Firewall Utilities 5.0 disc into the /bin directory of the Linux server.

• remote-agent.conf: A configuration file that the remote monitor uses to determine which traffic to forward to the Database Firewall for processing. Typically, you download this configuration file by using the Management Server Administration Console, and then you place it into the /etc directory. Do not edit this configuration file.

In the simplest configuration, you download and run the remote monitoring software onto the same Linux server as the database. If you want to install the remote monitoring software onto a server that is different from the database server, then you must use a spanning port to connect this database server to the Linux server that you want to use for the remote monitor.

Installing and Enabling Remote Monitoring

This section contains:

• Step 1: Configure the Remote Monitor in the Administration Console

• Step 2: Access and Run the remote-agent Remote Monitor Script

• Step 3: Ensure That the Remote Monitor Is Active

Step 1: Configure the Remote Monitor in the Administration Console

In this step, you tell the Administration Console which Linux server to use for the remote monitor, and then you download the remote monitor configuration file.

To configure the remote monitor in the Administration Console:

1. Log in to the Management Server Administration Console.

   See "Logging in to the Administration Console" for more information.

2. Select the Monitoring tab.

   By default, the Enforcement Points page appears. If it does not, click List in the Enforcement Points menu on the left side of the page.

3. Find the enforcement point that you want to use for the remote monitor, and then click the Settings button for that enforcement point.

   The Monitor Settings page appears.

4. Scroll down to the Remote Monitor area and click the Activate Remote Monitor check box.

   The Activate Remote Monitor section expands to enable you to add an IP address.

   
   Description of the illustration remote_monitor1.gif
   
   

5. In the Monitor Address field, enter the IP address of the Linux server where you plan to install the remote monitor software, and then click the Add button.

   The IP address is added, and now the Remote Monitor area appears similar to the following:

   
   Description of the illustration remote_monitor2.gif
   
   

6. Scroll to the end of the Monitor Settings page, and then click the Save button.

7. Return to the Remote Monitor area, and then click the Configure button.

   The Download Monitor Configuration File page appears.

8. Under Configuration for Remote Monitor at ip_address, in the third bulleted item, click the enforcement point status page link, so that you can confirm that the connection that you created is valid.

   In the Status of Enforcement Point page, the Remote Monitors area should have a check box in the Enabled column for the IP address you entered. If it does not, then ensure that you have entered a valid IP address.

9. In the Web browser, click the Back button to return to the Download Monitor Configuration File page of the Administration Console.

10. Click the Download Configuration File button, and then save the remote-agent.conf file to the Linux server that you specified in the Administration Console.

    Ideally, save this file in the /etc directory of this Linux server. You can rename this file if you want, for cases where you have multiple remote monitors configured. Oracle recommends that you rename this file only if you have a good reason. Do not edit this file.

Step 2: Access and Run the remote-agent Remote Monitor Script

In this step, you copy the remote monitor script to the Linux server and then run the script.

To access and run the remote monitor script:

1. On the Linux server on which you plan to run the remote monitoring software, log in as the root user.

2. Insert the Oracle Database Firewall Utilities 5.0 disc, and go to the extras directory.

3. From the extras directory, copy the remote monitor script, entitled remote-agent, to the Linux server, preferably to the /bin directory.

4. Enable the remote-agent script to be run as an executable.

   chmod +x remote-agent
   

5. Run the remote-agent script.

   ./remote-agent
   

   For a distributed environment where you have multiple remote monitors, you can run a command similar to the following. For example, suppose the configuration file is named db_sales_remote-agent.conf. You would run the remote-agent script using the following command:

   ./remote-agent -- config=/etc/db_sales_remote-agent.conf
   

At this stage, the remote monitor should start collecting and sending SQL traffic to the Database Firewall that you are using to manage the remote monitor. The script runs until you disable the remote monitoring, or the Linux server has been restarted. You may want to add this script execution to the startup script for the Linux server.

Options for Running the remote-agent Script

To display the options for the remote-agent executable, run the following command:

./remote-agent -?

The options are as follows:

• verbose: Displays diagnostics. Disabled by default.

• interface: Specifies a network interface to listen to. Use this setting for a computer that has multiple interfaces, to ensure that the correct interface is used. The default interface is eth0.

• config: Specifies a directory path for the configuration file, if you have renamed it or if it is in a directory other than /etc. The default setting is /etc/remote-agent.conf.

Step 3: Ensure That the Remote Monitor Is Active

To ensure that the remote monitor is active:

1. Log in to the Management Server Administration Console.

   See "Logging in to the Administration Console" for more information.

2. Select the Monitoring tab.

3. In the Enforcement Points page, select Status for the enforcement point configured to use the remote monitors.

   If you have just added a remote monitor and you still have the Monitor Settings page displayed, then you can refresh the Web page to see the current status.

4. Under Details, go to the Remote Monitor area.

   The Remote Monitor area should have checkmarks under both the Enabled and Connected labels for the remote monitor address. If it does not, then ensure that the IP address is correct and that the remote-agent execution script is running on that Linux server.

Disabling Remote Monitoring

You can temporarily disable individual remote monitors or all remote monitors. Oracle Database Firewall saves the configuration information that you have created for the next time that you want to enable it. If you want to remove the remote monitor configuration and software, see Oracle Database Firewall Installation Guide.

To disable remote monitoring:

1. Log in to the Management Server Administration Console.

   See "Logging in to the Administration Console" for more information.

2. Select the Monitoring tab.

   By default, the Enforcement Points page appears.

3. Click the Settings button for the enforcement point that you want to use for the remote monitor.

   The Monitor Settings page appears.

4. Scroll down to the Remote Monitor area.

5. Disable the remote monitors as follows:

   • To disable individual remote monitors: Clear the check box under the Enabled label for each remote monitor that you want to disable.

   • To disable all remote monitors: Clear the Activate Remote Monitor check box.

6. Scroll to the end of the Monitor Settings page, and then click the Save button.