Oracle Audit Vault is a powerful enterprisewide audit solution that efficiently consolidates, detects, monitors, alerts, and reports on audit data for security auditing and compliance. Oracle Audit Vault provides the ability to consolidate audit data and critical events into a centralized and secure audit warehouse.
This chapter provides an overview of the Oracle Audit Vault collection agent installation process. This chapter includes the following sections:
Where you install the Oracle Audit Vault collection agents depends on the type of data that the collection agent collects. If the collection agent will collect audit data from the operating system, you must install the collection agent on the same computer as the source database. Otherwise, if the audit data comes from the database itself, you can install the collection agent on any computer that has access to the source database.
Table 1-1 summarizes the deployment scenarios you can use for the Oracle Audit Vault collection agents. For a listing of the types of audit data the collection agents collect, see Oracle Audit Vault Administrator's Guide.
Table 1-1 Collection Agent Deployment Scenarios
| Collector Type | Audit Source and Supported Versions | Where to Install |
|---|---|---|
|
OSAUD |
Oracle Database Releases 10.1.x, 10.2.x, and 11.x |
On the same host as the source database. For Oracle RAC installations, install the OSAUD collector on each database instance that contains audit files. |
|
DBAUD |
Oracle Database Releases 10.1.x, 10.2.x, and 11.x |
On any computer in which SQL*Net can communicate with the source database. |
|
REDO |
Oracle Database Enterprise Edition Releases 10.2.0.3 and higher, 11.1.0.6 and higher, 11.2 and higher |
On any computer in which SQL*Net can communicate with the source database. For Oracle RAC installations, install REDO on just one database instance because REDO logs are usually stored in shared storage. |
|
MSSQLDB |
Microsoft SQL Server SQL Server 2000 (32-Bit and 64-Bit) on 32-Bit and 64-Bit releases of Windows Server 2003 and Windows Server 2003 R2 SQL Server 2005 (32-Bit and 64-Bit) on 32-Bit and 64-Bit releases of Windows Server 2003, Windows Server 2003 R2, Windows XP Professional, Windows Vista, Windows Server 2008, and Windows 2008 R2 SQL Server 2008 (32-Bit and 64-Bit) on 32-Bit and 64-Bit releases of Windows XP Professional, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 SQL Server 2008 R2 (32-Bit and 64-Bit) on 32-Bit and 64-Bit releases of Windows XP Professional, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 See |
On the same computer as the Microsoft SQL Server source database. |
|
SYBDB |
Sybase Adaptive Server Enterprise (ASE) ASE 12.5 through ASE 15.7 on Linux and UNIX-based platforms, and on Microsoft Windows platforms |
On any computer in which SQL*Net can communicate with the source database. |
|
DB2DB |
IBM DB2 IBM DB2 Version 8.2 up to Version 9.7 on Linux and UNIX-based platforms, and on Microsoft Windows platforms |
On the same computer as the IBM DB2 source database |
You can choose different installation methods to install Oracle Audit Vault collection agents, as follows:
When you use the interactive method to install Oracle Audit Vault collection agent, Oracle Universal Installer displays a series of screens that enable you to specify all of the required information to install the Oracle Audit Vault collection agent software.
Oracle Audit Vault provides a response file template for Oracle Audit Vault collection agent (avagent.rsp). This response template file can be found in the AV installer location /response directory on the Oracle Audit Vault collection agent installation media.
When you start Oracle Universal Installer and specify a response file, you can automate all of the Oracle Audit Vault collection agent installation. These automated installation methods are useful if you need to perform multiple installations on similarly configured systems or if the system where you want to install the software does not have X Window system software installed.
Oracle Universal Installer runs in silent mode if you use a response file that specifies all required information. None of the Oracle Universal Installer screens are displayed and all interaction (standard output and error messages) and installation logs appear on the command line.
See Also:
Section 3.3 for information about performing an Oracle Audit Vault silent installation. Information about installing Oracle products in Oracle Universal Installer and OPatch User's Guide for more information about installing and using response filesAn Oracle Audit Vault collection agent provides run-time support for audit data collection by Oracle Audit Vault collectors. It also contains the audit data collectors for Oracle Database, SQL Server database, Sybase ASE database, and IBM DB2 database sources. The DBAUD, OSAUD, and REDO collectors are provided for Oracle Database sources, the MSSQLDB collector is provided for SQL Server Database sources, the SYBDB collector is provided for Sybase ASE Database sources, and the DB2DB collector is provided for IBM DB2 sources. See the information about the Oracle Audit Vault architecture in Oracle Audit Vault Administrator's Guide for more information.
Oracle Audit Vault collection agent includes Oracle Container for J2EE (OC4J) and Oracle Database Client components, and is deployed within its own directory. The agent can be installed on the same system as the Oracle Audit Vault Server (Audit Vault Server), or on the same system that hosts the source of audit logs, or on a third, independent system. Where you deploy the agent will depend on the hardware resources available and on the requirements from the specific audit data collectors that must run within the agent. As a best practice, the Oracle Audit Vault collection agent should be installed on each host system to be audited. The DBAUD, REDO, SYBDB, and DB2DB collectors do not place any restrictions on the deployment of the collection agent; they can be deployed anywhere depending on your requirements. However, the OSAUD and MSSQLDB collectors need local access to the disk that stores the audit trail files written by the source database. Therefore, it must be deployed on a host system that mounts these disks locally, not across the network.
The collection agent communicates with the Audit Vault Server to receive some configuration information and to send audit data for storage. This communication channel is based on the Oracle Call Interface (OCI). Immediately following installation, password-based authentication is used to secure this channel. Administrators can further secure this channel after installation by using the TCPS protocol to encrypt data.
The collection agent also communicates with the Oracle Audit Vault Console to exchange management information, such as starting and stopping collectors, and collecting performance metrics. This communication channel is HTTP-based. If X.509 certificates are provided, this channel can be further secured to use HTTPS encryption and mutual authentication with the Oracle Audit Vault Console.
This section contains information that you should consider before deciding how to install this product. It includes the following topics:
For Oracle Audit Vault collection agent to be compatible with Oracle Audit Vault Server, the version of Oracle Audit Vault collection agent must be less than or equal to the Oracle Audit Vault Server version. For example, Oracle Audit Vault collection agent version 10.3.0.0.0 is compatible with Oracle Audit Vault Server version 10.3.0.0.0. However, Oracle Audit Vault collection agent version 10.3.0.0.1 is not compatible with Oracle Audit Vault Server 10.3.0.0.0.
Assuming version compatibility of Oracle Audit Vault collection agent and Oracle Audit Vault Server, Oracle Audit Vault collection agents from any of the supported platforms can be used with Oracle Audit Vault Server from a different platform. For example, collection agents for platforms Linux x86-64, HP-UX Itanium, and AIX on Power Systems (64-bit) can be used with the Oracle Audit Vault Server for Solaris Operating System (SPARC 64-bit) platform.
The platform-specific hardware and software requirements that this installation guide includes were current at the time this guide was published. However, because new platforms and operating system versions might be certified after publishing this guide, review the certification matrix on the My Oracle Support (formerly OracleMetaLink) Web site for the most up-to-date list of certified hardware platforms and operating system versions. The My Oracle Support Web site is available at
https://support.oracle.com
This product supports multiple Oracle homes. This means you can install this release of the software more than once on the same system, in different Oracle home directories.
The Oracle Unbreakable Enterprise Kernel for Linux is available for x86-64 platforms. It is based on a stable 2.6.32 Linux kernel, and also includes optimizations developed in collaboration with Oracle Database, Oracle middleware, and Oracle hardware engineering teams to ensure stability and optimal performance for the most demanding enterprise workloads.
Oracle highly recommends deploying the Oracle Unbreakable Enterprise Kernel in your Linux environment, especially if you are running Oracle software. However, using Oracle Unbreakable Enterprise Kernel is optional. If you require strict Red Hat Enterprise Linux kernel (RHEL) compatibility, then Oracle Linux also includes a kernel compatible with the RHEL Linux kernel, compiled directly from the Red Hat Enterprise Linux source code.
You can obtain more information about the Oracle Unbreakable Enterprise Kernel for Linux at the following URL:
http://www.oracle.com/us/technologies/linux
The Oracle Unbreakable Enterprise Linux kernel installs directly on top of Oracle Linux 5 or Red Hat Enterprise Linux 5, starting with Update 5, so you are not required to upgrade to a new major release of the operating system to obtain the benefits and features of this new kernel. You can obtain additional information and download the Oracle Unbreakable Enterprise Kernel for Linux at the following URL:
The Oracle Unbreakable Enterprise Kernel for Linux is the standard kernel used with Oracle products. The build and QA systems for Oracle Database and other Oracle products use the Oracle Unbreakable Enterprise Kernel for Linux exclusively. The Oracle Unbreakable Enterprise Kernel for Linux is also the kernel used in Oracle Exadata and Oracle Exalogic systems. Oracle Unbreakable Enterprise Kernel for Linux is used in all benchmark tests on Linux in which Oracle participates, and also in the Oracle Validated Configuration program for x86-64.
Refer to Section 2.1.3.2 for Unbreakable Enterprise Kernel requirements.