Oracle® Audit Vault Collection Agent Installation Guide Release 10.2.3.2 Part Number E14457-05 |
|
|
PDF · Mobi · ePub |
Oracle Audit Vault is a powerful enterprisewide audit solution that efficiently consolidates, detects, monitors, alerts, and reports on audit data for security auditing and compliance. Oracle Audit Vault provides the ability to consolidate audit data and critical events into a centralized and secure audit warehouse.
This chapter provides an overview of the Oracle Audit Vault collection agent installation process. This chapter includes the following sections:
Where you install the Oracle Audit Vault collection agents depends on the type of data that the collection agent collects. If the collection agent will collect audit data from the operating system, you must install the collection agent on the same computer as the source database. Otherwise, if the audit data comes from the database itself, you can install the collection agent on any computer that has access to the source database.
Table 1-1 summarizes the deployment scenarios you can use for the Oracle Audit Vault collection agents. For a listing of the types of audit data the collection agents collect, see Oracle Audit Vault Administrator's Guide.
Table 1-1 Collection Agent Deployment Scenarios
Collector Type | Audit Source and Supported Versions | Where to Install |
---|---|---|
OSAUD |
Oracle Database Releases 9.2.x, 10.1.x, 10.2.x, and 11.x |
On the same host as the source database. For Oracle RAC installations, install the OSAUD collector on each database instance that contains audit files. |
DBAUD |
Oracle Database Releases 9.2.x, 10.1.x, 10.2.x, and 11.x |
On any computer in which SQL*Net can communicate with the source database. |
REDO |
Oracle Database Enterprise Edition Releases 9.2.0.8, 10.2.0.3 and higher, 11.1.0.6 and higher, 11.2 and higher |
On any computer in which SQL*Net can communicate with the source database. For Oracle RAC installations, install REDO on just one database instance because REDO logs are usually stored in shared storage. |
MSSQLDB |
Microsoft SQL Server SQL Server 2000 and SQL Server 2005 on Microsoft Windows 2000 Server and Microsoft Windows 2003 Server (32 bit) platforms |
On the same computer as the Microsoft SQL Server source database. |
SYBDB |
Sybase Adaptive Server Enterprise (ASE) ASE 12.5 through ASE 15.0 on Linux and UNIX-based platforms, and on Microsoft Windows platforms |
On any computer in which SQL*Net can communicate with the source database. |
DB2DB |
IBM DB2 IBM DB2 Version 8.2 and Version 9.5 on Linux and UNIX-based platforms, and on Microsoft Windows platforms |
On the same computer as the IBM DB2 source database |
You can choose different installation methods to install Oracle Audit Vault collection agents, as follows:
When you use the interactive method to install Oracle Audit Vault collection agent, Oracle Universal Installer displays a series of screens that enable you to specify all of the required information to install the Oracle Audit Vault collection agent software.
Oracle Audit Vault provides a response file template for Oracle Audit Vault collection agent (avagent.rsp
) and one for an upgrade installation (upgrade_avagent.rsp
). These response template files can be found in the AV installer location
/response
directory on the Oracle Audit Vault collection agent installation media.
When you start Oracle Universal Installer and specify a response file, you can automate all of the Oracle Audit Vault collection agent installation. These automated installation methods are useful if you need to perform multiple installations on similarly configured systems or if the system where you want to install the software does not have X Window system software installed.
Oracle Universal Installer runs in silent mode if you use a response file that specifies all required information. None of the Oracle Universal Installer screens are displayed and all interaction (standard output and error messages) and installation logs appear on the command line.
See Also:
Section 3.3 for information about performing an Oracle Audit Vault silent installation and Section 4.4 for information about performing an Oracle Audit Vault silent upgrade installation. Information about installing Oracle products in Oracle Universal Installer and OPatch User's Guide for more information about installing and using response filesAn Oracle Audit Vault collection agent provides run-time support for audit data collection by Oracle Audit Vault collectors. It also contains the audit data collectors for Oracle Database, SQL Server database, Sybase ASE database, and IBM DB2 database sources. The DBAUD, OSAUD, and REDO collectors are provided for Oracle Database sources, the MSSQLDB collector is provided for SQL Server Database sources, the SYBDB collector is provided for Sybase ASE Database sources, and the DB2DB collector is provided for IBM DB2 sources. See the information about the Oracle Audit Vault architecture in Oracle Audit Vault Administrator's Guide for more information.
Oracle Audit Vault collection agent includes Oracle Container for J2EE (OC4J) and Oracle Database Client components, and is deployed within its own directory. The agent can be installed on the same system as the Oracle Audit Vault Server (Audit Vault Server), or on the same system that hosts the source of audit logs, or on a third, independent system. Where you deploy the agent will depend on the hardware resources available and on the requirements from the specific audit data collectors that must run within the agent. As a best practice, the Oracle Audit Vault collection agent should be installed on each host system to be audited. The DBAUD, REDO, SYBDB, and DB2DB collectors do not place any restrictions on the deployment of the collection agent; they can be deployed anywhere depending on your requirements. However, the OSAUD and MSSQLDB collectors need local access to the disk that stores the audit trail files written by the source database. Therefore, it must be deployed on a host system that mounts these disks locally, not across the network.
The collection agent communicates with the Audit Vault Server to receive some configuration information and to send audit data for storage. This communication channel is based on the Oracle Call Interface (OCI). Immediately following installation, password-based authentication is used to secure this channel. Administrators can further secure this channel after installation by using the TCPS protocol to encrypt data.
The collection agent also communicates with the Oracle Audit Vault Console to exchange management information, such as starting and stopping collectors, and collecting performance metrics. This communication channel is HTTP-based. If X.509 certificates are provided, this channel can be further secured to use HTTPS encryption and mutual authentication with the Oracle Audit Vault Console.
This section contains information that you should consider before deciding how to install this product. It includes the following topics:
The platform-specific hardware and software requirements that this installation guide includes were current at the time this guide was published. However, because new platforms and operating system versions might be certified after publishing this guide, review the certification matrix on the My Oracle Support (formerly OracleMetaLink) Web site for the most up-to-date list of certified hardware platforms and operating system versions. The My Oracle Support Web site is available at
https://support.oracle.com
If you do not have a current Oracle Support Services contract, then you can access the same information at
http://www.oracle.com/technology/support/metalink/content.html