This section describes new features in Oracle Audit Vault that affect administrators, and provides pointers to additional information. These new features reflect changes since Release 10.2.3.1.
This section contains:
This section contains:
Availability Through Oracle Enterprise Manager Cloud Control
Updated Oracle Database Release for the Oracle Audit Vault Server
Updated Microsoft SQL Server JDBC Driver for SQL Server Source Databases
Secure Sockets Layer (SSL) and HTTPS Automatically Configured
Starting with this release, the name of the listener for the Audit Vault Server is based on the name of this server. For example, if you named the server av, then the listener name is listener_av.
See Section 1.3.2.2 for more information about the components of the Audit Vault Server.
You now can perform the following types of Oracle Audit Vault administrative activities through Oracle Enterprise Manager Cloud Control 12c Release 1 (12.1):
Monitoring system behavior and alert activities
Monitoring agents, collectors, and source databases
Getting a quick view of the entire Oracle Audit Vault configuration
Starting and stopping one or more agents and collectors at the same time
Starting and shutting down the Audit Vault Console
Adding the Audit Vault Server to an Enterprise Manager group
Generating Information Publisher reports on the Oracle Audit Vault configuration
Controlling user access to the Oracle Audit Vault pages in Enterprise Manager
See Chapter 6, "Using Oracle Audit Vault in Enterprise Manager Cloud Control," for more information. See also Oracle Enterprise Manager Cloud Control Administrator's Guide for detailed information about working in a Cloud Control environment.
For this release, the Oracle Audit Vault Server uses Oracle Database Release 11.2.0.3
See Section 1.3.2 for more information about the Audit Vault Server components.
For this release, you must use Microsoft SQL Server JDBC Driver version 3.0 when you configure Microsoft SQL Server source databases.
See Section 2.4.1 for more information.
This release adds support for Sybase Adaptive Server Enterprise (ASE) 15.5 and IBM DB2 9.7 for Linux, UNIX, and Microsoft Windows.
In previous releases, the default port number in the Audit Vault Console was 5700. In this release, the default port number is the same port number that is used by Oracle Enterprise Manager. By default, this port number is 1158.
For example:
https://host:1158/av
If the port number 1158 is not available, then the Audit Vault Console uses the next available port number that is used by Enterprise Manager, such as 5500, 5501, and so on.
See Section 1.3.2.3 for more information.
By default, Secure Sockets Layer (SSL) and HTTPS are already configured when you install Oracle Audit Vault Release 10.3. In addition to these protocols, Audit Vault supports TCPS for SQL*Net communications between the Audit Vault Agents and the Audit Vault Server.
See Section 5.6 for more information about managing the HTTPS configuration.
This section contains:
Time Zone Configuration for Oracle Audit Vault Reports and Alerts
Updated Oracle Database Release for the Oracle Audit Vault Server
In this release of Oracle Audit Vault, auditors can configure email notifications in response to Audit Vault alerts. For example, if an alert is triggered, an email can be sent automatically to the persons who must respond to it. Before an auditor can create email notifications, you must configure an SMTP server for the outgoing email.
See Section 3.6 for more information.
Oracle Audit Vault can now generate a Remedy trouble ticket in response to an Audit Vault alert. To accomplish this, you must configure the Audit Vault Server to communicate with the BMC Remedy Action Request (AR) System Server 7.x that is responsible for managing the trouble tickets. After you complete this configuration, an Audit Vault auditor can create the conditions necessary to automatically trigger the trouble ticket creation.
See Section 3.7 for more information.
Starting with this release, the Oracle Audit Vault data warehouse is automatically refreshed with incoming audit data as it collects audit data. Because the warehouse is refreshed in real-time, auditors can generate more accurate reports on audited activities.
Because of this enhancement, the avctl refresh_warehouse and avca set_warehouse_schedule commands are deprecated.
Note:
If you have just upgraded to the current release of Oracle Audit Vault, be aware that the upgrade process removes any warehouse job refresh settings that you had created before the upgrade.See Section 3.4 for more information about managing the data warehouse.
Audit Trail Cleanup DBMS_AUDIT_MGMT PL/SQL Package Installed
Audit Trail Cleanup Default Purge Job for the Audit Vault Server Database
Audit Trail Cleanup for Microsoft SQL Server Source Database Audit Data
By default, the DBMS_AUDIT_MGMT PL/SQL package is installed in the Oracle Audit Vault Server. You no longer need to download this package from My Oracle Support (formerly OracleMetaLink) if you want to automatically purge the Audit Vault Server audit trail.
See Section 4.10 for more information about purging the Audit Vault Server audit trail.
Starting with this release, the audit trail cleanup process is initialized from the Audit Vault Server, so that you can manage the Audit Vault Server database audit trail. As part of this change, the SYS.AUD$ and SYS.FGA_LOG$ tables are moved from the SYSTEM to the SYSAUX tablespace.
See Section 4.10 for more information about purging the Audit Vault Server audit trail.
By default, the audit trail generated by the Audit Vault Server is now purged every 24 hours. You can modify or remove the cleanup operation if you want.
See Section 4.11 for more information purging the Audit Vault Server database audit trail.
You now can purge the C2 audit trace files and server-side trace files from a SQL Server source database automatically after all audit data has been collected by Audit Vault.
See Section 2.4.7 for more information.
Before Oracle Audit Vault can collect audit records from an IBM DB2 source database, you must run the DB282ExtractionUtil or DB295ExtractionUtil script. These scripts convert the IBM DB2 audit file from a binary to an ASCII file format. Starting with this release, these scripts support automatic cleanup of the binary audit trail data, in addition to purging ASCII-formatted data.
See Section 2.6.6 for more information.
Starting with this release, you can set the time zone format for Oracle Audit Vault reports and alerts. This enables auditors to generate reports that are timestamped using their local times. In addition, alert notifications and Remedy trouble tickets can contain local times. To accomplish this, you use the avca set_server_tz command. To find the status of the current time zone setting, you can run the avca show_server_tz command.
See the following sections for more information:
Section 7.21 for avca set_server_tz
Section 7.24 for avca show_server_tz
Depending on the audit trail type, you can now configure the Oracle Database, Microsoft SQL Server, and Sybase ASE source databases to move the collector from one agent to another. This feature is useful for failover recovery if the host computer running the original agent fails. To accomplish this, you configure the agent for the collector by setting its AGENTNAME property by using the avorcldb, avmssqldb, avsybdb alter_collector commands.
See the following sections for more information:
Oracle Database source databases. This feature applies to the DBAUD collector only. See Section 9.4 for more information about the avorcldb alter_collector command.
Microsoft SQL Server source databases. This feature applies to server-side trace files only. See Section 10.4 for more information about the avmssqldb alter_collector command.
Sybase ASE source databases. See Section 11.4 for more information about the avsybdb alter_collector command.
This section contains:
The following utilities have been enhanced for this release:
Audit Vault Configuration Assistant (AVCA). AVCA now has several new commands.
Commands used to configure email notifications:
register_smtp
secure_smtp
test_smtp
show_smtp_config
alter_smtp
enable_smtp
disable_smtp
Commands used to configure the Remedy trouble ticket service:
register_remedy
secure_remedy
test_remedy
show_remedy_config
alter_remedy
enable_remedy
disable_remedy
Commands used to configure time zones for reports:
set_server_tz
show_server_tz
See Chapter 7, "Audit Vault Configuration Assistant (AVCA) Reference" for more information.
Audit Vault Control (AVCTL). AVCTL now has the following new commands:
show_smtp_status
show_remedy_status
See Chapter 8, "Audit Vault Control (AVCTL) Reference" for more information.
Audit Vault Oracle Database (AVORCLDB). AVORCLDB has a new attribute for the alter_collector command: AGENTNAME. See Section 9.4 for more information about the avorcldb alter_collector command.
Audit Vault Microsoft SQL Server (AVMSSQLDB). AVMSSQLDB has the following changes for these commands:
add_source and verify: In previous releases, you specified the source database through the host name and port number. Now, you can specify the source database connection information by using one of the following formats:
myhost:myport 'myhost\myinstance'
The ability to specify the port or the instance name is useful for configurations in which the instance is not on the default port or does not have a default name. For configurations with multiple instances on one server, you must specify the host and instance name.
See Section 10.3 for information about avmssqldb add_source and Section 10.10 for information about avmssqldb verify.
alter_collector: There is now a new attribute for the alter_collector command: AGENTNAME. See Section 10.4 for more information about the avmssqldb alter_collector command.
Audit Vault Sybase ASE (AVSYBDB). AVSYBDB has a new attribute for the alter_collector command: AGENTNAME. See Section 11.4 for more information about the avsybdb alter_collector command.
The following commands have been deprecated on the Audit Vault Server:
avca set_warehouse_schedule
avctl refresh_warehouse
avctl show_agent_status
avctl start_agent
avctl stop_agent
See "Real-Time Oracle Audit Vault Data Warehouse Refreshes" for more information about enhancements to the data warehouse refresh feature.
The following Oracle Audit Vault collection agent commands names have changed:
| Previous Name | New name |
|---|---|
avctl show_oc4j_status |
avctl show_agent_statusFoot 1 |
avctl start_oc4j |
avctl start_agent |
avctl stop_oc4j |
avctl stop_agent |
Footnote 1 In addition, starting with this release, the avctl show_agent_status command no longer has any arguments.
See Chapter 8, "Audit Vault Control (AVCTL) Reference" for more information about the AVCTL commands.
For this release, the Oracle Audit Vault Server uses Oracle Database Release 10.2.0.4
This guide now explains how you can check which ports are being used by an Oracle Audit Vault installation, and to modify them.
See the following sections for more information:
Section 1.3.2.3 for default Audit Vault Server port information
Section 1.3.4.3 for default Audit Vault collection agent and collector port information
Section 4.9 for information about changing port numbers
This section contains:
This release provides collectors for the Sybase Adaptive Server Enterprise (ASE) and IBM DB2 database products. The supported releases for these two database products are as follows:
Sybase ASE: ASE 12.5.4 and ASE 15.0.2 on platforms based on Linux and UNIX, and on Microsoft Windows platforms
IBM DB2: IBM DB2 Version 8.2 and Version 9.5 on platforms based on Linux and UNIX, and on Microsoft Windows platforms. If you are using Version 8.2, ensure that you have installed Fixpack 16.
See the following sections for more information:
Section 2.5 for information about registering a Sybase ASE source database with Oracle Audit Vault
Section 2.6 for information about registering an IBM DB2 source database with Oracle Audit Vault
Chapter 11, "Audit Vault Sybase ASE (AVSYBDB) Utility Commands"
Chapter 12, "Audit Vault IBM DB2 (AVDB2DB) Utility Commands"