Oracle® Audit Vault Administrator's Guide Release 10.2.3.2 Part Number E14459-11 |
|
|
PDF · Mobi · ePub |
Use the Audit Vault Control (AVCTL) command-line utility to manage various Oracle Audit Vault components (for example, checking the status of collector agents or managing the Audit Vault Data Warehouse). When you run these commands, remember the following:
Enter the command in lowercase letters. The commands are case-sensitive.
On UNIX systems, when you open a new shell to run a command, first set the appropriate environment variables. See Section 2.2.2 and Section 2.2.3 for more information.
On Microsoft Windows systems, do not set any environment variables. Instead, run the command from the Audit Vault Server or collection agent ORACLE_HOME
\bin
directory.
Oracle Audit Vault creates a log file of AVCTL command activity. See Section A.1 and Section A.2 for more information.
Table 7-1 describes the Audit Vault Control commands and where each is used, whether on the Audit Vault Server, on the Audit Vault collection agent, or in both places.
Section 7.15 describes the commands you must use if you must start, stop, or check the status of collection agents that were that have not been upgraded to this release.
Table 7-1 Audit Vault Control Commands for Release 10.2.3.2
Command | Where Used | Description |
---|---|---|
Both |
Displays help information for the AVCTL commands |
|
Server |
Loads older data from the raw audit data store into the data warehouse tables for analysis |
|
Server |
Purges audit data that was reloaded into the warehouse |
|
Collection agent |
Shows the status (metric) of a collection agent |
|
Server |
Shows the status (metric) of the Audit Vault Console |
|
Server |
Shows the status (metric) of a collector |
|
Server |
Shows the status of the Remedy ticket service |
|
Server |
Indicates whether the SMTP service that you configured is running or not running |
|
Collection agent |
Starts the collection agent |
|
Server |
Starts the Audit Vault Console |
|
Server |
Starts the collector |
|
Collection agent |
Stops the collection agent |
|
Server |
Stops the Audit Vault Console |
|
Server |
Stops the collector |
Note:
In an Oracle RAC environment, you must issue theAVCTL
commands from the node on which Oracle Enterprise Manager resides. This is the same node on which the av.ear
file is deployed.
If the node on which the av.ear
file is deployed is down, deploy the av.ear
file to another node using the avca
deploy_av
command, described in Section 6.6.
The avctl -help
command displays help information for the AVCTL
commands.
Where to Run This Command
Either Audit Vault Server and collection agent:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2 for Audit Vault Server or Section 2.2.3 for the collection agent.
Microsoft Windows: Go to the Audit Vault Server or collection agent ORACLE_HOME
\bin
directory.
Syntax
avctl -help
avctl command -help
Arguments
Argument | Description |
---|---|
command |
Enter the name of an AVCTL command for which you want help to appear |
Usage Notes
If you installed the collection agent on a Microsoft Windows computer and want to run the avctl help
command from there, run it from the ORACLE_HOME
\bin
directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
Example
The following example shows how to display general AVCTL
utility help in the Audit Vault Server home.
avctl -help -------------------------------------------- AVCTL Usage -------------------------------------------- Oracle Audit Vault Control commands - AV Server: avctl start_av [-loglevel error|warning|info|debug] avctl stop_av avctl show_av_status Oracle Audit Vault Control commands - Collector: avctl start_collector -collname <collector name> -srcname <source name> avctl stop_collector -collname <collector name> -srcname <source name> avctl show_collector_status -collname <collector name> -srcname <source name> Oracle Audit Vault Control commands - Warehouse: avctl load_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait] avctl purge_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait] Oracle Audit Vault Control commands - SMTP: avctl show_smtp_status Oracle Audit Vault Control commands - Remedy: avctl show_remedy_status avctl -help
From the Audit Vault collection agent home, the avctl -help
output is as follows:
avctl -help -------------------------------------------- AVCTL Usage -------------------------------------------- Oracle Audit Vault Control commands - Agent: avctl start_agent [-loglevel error|warning|info|debug] [-maxheapsize <maximum heap memory>] avctl stop_agent avctl show_agent_status avctl -help
The following example shows how to display specific AVCTL
Help for the load_warehouse
command in Oracle Audit Vault.
avctl load_warehouse -help avctl load_warehouse -startdate <start date> -numofdays <num of days> [-dateformat <date format>] [-wait] ------------------------------------------------ -startdate <start date> -numofdays <num of days> -dateformat <date format> -wait : Wait till load job finishes ------------------------------------------------
The avctl load_warehouse
command loads audit trail data from the raw audit data store after it has been removed from the warehouse repository due to the retention period that was set.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl load_warehouse -startdate start_date -numofdays num_of_days [-dateformat date_format] [-wait]
Arguments
Argument | Description |
---|---|
-startdate start_date |
Enter the start date for the audit trail data to be loaded into the data warehouse repository using the default format DD-MON-YY. To use a different format, specify the -dateformat argument.
Use any supported Oracle Database date format. See Oracle Database Globalization Support Guide for more information about date formats. |
-numofdays num_of_days |
Enter the number of days' worth of audit trail data to be loaded. |
-dateformat date_format |
Enter the date format for the -startdate argument. Optional. Ensure that the date argument used for startdate matches the date format you choose.
For Oracle Database supported date formats, see Oracle Database Globalization Support Guide. |
-wait |
Enter the command wait for the load job to complete. If you do not specify this argument, a DBMS job is started, and the command returns immediately. Optional. |
Usage Notes
The audit records received from the value of the -startdate
argument for the given number of days specified by the -numofdays
argument will be loaded into the data warehouse.
See Section 3.4 for more information about managing the Oracle Audit Vault data warehouse.
Example
The following example shows how to load the data warehouse with 10 days' worth of audit data beginning with January 1, 2004:
avctl load_warehouse -startdate 01-JAN-04 -numofdays 10 Loading older audit records into warehouse... done.
The following example shows how to load the data warehouse with 10 days' worth of audit data beginning with January 1, 2004 using the DD/MM/YYYY date format, and to specify that the operation wait until the previous load job completes.
avctl load_warehouse -startdate 01/01/2004 -numofdays 10 -dateformat DD/MM/YYYY -wait Loading older audit records into warehouse... Waiting for load to complete... done.
The avctl purge_warehouse
command purges audit trail data from the warehouse repository that was previously loaded into the warehouse using the avctl load_warehouse
command.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl purge_warehouse -startdate start_date -numofdays num_of_days [-dateformat date_format] [-wait]
Arguments
Argument | Description |
---|---|
-startdate start_date |
Enter the start date for the events to be removed from the data warehouse tables using the default format DD-MON-YY. To use a different format, specify the -dateformat argument.
Use any supported Oracle Database date format. See Oracle Database Globalization Support Guide for more information about date formats. |
-numofdays num_of_days |
Enter the number of days' worth of data to be removed. |
-dateformat date_format |
Specify the date format for the -startdate argument. Optional. |
-wait |
Optionally, enter this keyword to have the command wait for the purge job to complete. If you omit this argument, then Oracle Audit Vault starts the job and then returns to the command prompt immediately. Optional. |
Usage Notes
The audit records received from the -startdate
argument for the given number of days specified by the -numofdays
argument will be removed from the data warehouse tables.
Only data loaded using the avctl load_warehouse
command can be purged using the avctl purge_warehouse
command. The data that was loaded before the retention period set by the avca set_warehouse_retention
command is automatically discarded.
See Section 3.4 for more information about managing the Oracle Audit Vault data warehouse.
Example
The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004:
avctl purge_warehouse -startdate 01-JAN-04 -numofdays 10 Purging older audit records from warehouse... done.
The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004 and to specify that the operation wait until the previous purge job completes:
avctl purge_warehouse -startdate 01-JAN-04 -numofdays 10 -wait Purging older audit records from warehouse... Waiting for purge to complete... done.
The following example shows how to purge 10 days' worth of data from the data warehouse beginning with January 1, 2004 using the date format of DD/MM/YYYY.
avctl purge_warehouse -startdate 01/01/2004 -numofdays 10 -dateformat DD/MM/YYYY Purging older audit records from warehouse... done.
The avctl show_agent_status
command shows the status (metric) of an Oracle Release 10.2.3.2 collection agent.
Where to Run This Command
Audit Vault collection agent:
UNIX: Set the appropriate environment variables, as described in Section 2.2.3.
Microsoft Windows: Go to the Audit Vault collection agent ORACLE_HOME
\bin
directory.
Syntax
avctl show_agent_status
Arguments
None
Usage Notes
This command applies only to collection agents that were created in Oracle Audit Vault Release 10.2.3.2. For collection agents that were created in earlier releases but not yet upgraded, use the avctl show_oc4j_status
command, described in Section 7.15.1.
Example
The following example shows the collection agent status for the sales_agt
agent:
avctl show_agent_status -------------------------------- Agent is running --------------------------------
The avctl show_av_status
command shows the Audit Vault Console status or the metric of the Audit Vault Server.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl show_av_status
Arguments
None
Usage Notes
When the Audit Vault Console becomes inaccessible, issue this command to determine its status.
Example
The following example shows the Audit Vault Console status:
avctl show_av_status Oracle Audit Vault 10g Database Control Release 10.2.3.2.0 Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved. http://hrdb.us.example.com:5700/av Oracle Audit Vault 10g is running. ------------------------------------ Logs are generated in directory /oracle/product/10.2.3/av_1/av/log
The avctl show_collector_status
command shows the status (metric) of a collector.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl show_collector_status -collname collector_name -srcname source_name
Arguments
Argument | Description |
---|---|
-collname collector_name |
Enter the target collector (by collector name). |
-srcname source_name |
Enter the name of the source database to which this collector belongs. |
Usage Notes
None
Example
The following example shows the collector status for the DBAUD_Collector collector:
avctl show_collector_status -collname DBAUD_Collector -srcname hr_db Getting collector metrics... -------------------------------- Collector is running Records per second = 0.00 Bytes per second = 0.00 --------------------------------
The avctl show_remedy_status
command shows the status of the Remedy trouble ticket service, that is, whether it is active or inactive.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl show_remedy_status
Arguments
None
Usage Notes
To enable or disable the Remedy trouble ticket service connection with Oracle Audit Vault, run the avca enable_remedy
(Section 6.10) or avca disable_remedy
(Section 6.7) command.
Example
avctl show_remedy_status Remedy Server is up and reachable
The avca show_smtp_status
command indicates whether the SMTP service that you configured is running or not running.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl show_smtp_status
Arguments
None.
Usage Notes
To enable or disable the SMTP connection with Oracle Audit Vault, run the avca enable_smtp
(Section 6.11) or avca disable_smtp
(Section 6.8) command.
Examples
In this example, the SMTP server is available:
avctl show_smtp_status SMTP Server is up and reachable
In the following example, the SMTP server is unavailable:
avctl show_smtp_status SMTP Server is down
The avctl start_agent
command starts the specified Oracle Audit Vault Release 10.2.3.2 collection agent.
Where to Run This Command
Audit Vault collection agent:
UNIX: Set the appropriate environment variables, as described in Section 2.2.3.
Microsoft Windows: Go to the Audit Vault collection agent ORACLE_HOME
\bin
directory.
Syntax
avctl start_agent [-loglevel level] [-maxheapsize maximum_heap_memory]
Arguments
Argument | Description |
---|---|
-loglevel level |
Optionally, enter the desired level of logging from the following options:
|
-maxheapsize maximum_heap_memory |
Optionally, enter the maximum amount of heap memory allocated for the Java OC4J process that is used to start the agent. The default value is 1000 MB.
This setting enables you to fine-tune the agent performance based on the size of your Oracle Audit Vault installation. Check the size of the physical memory of the computer on which the Audit Vault collection agents are installed before setting this value. |
Usage Notes
On successful completion of this command, the collection agent is moved to a RUNNING
state. If an error is encountered, the collection agent is moved to an ERROR
state.
Oracle Audit Vault accepts audit records only from collection agents in the RUNNING
state.
If you set the NLS_LANG
environment value before running the avctl start_agent
command in the Audit Vault collection agent shell or command prompt, then the avctl start_collector
command can accept a multibyte source name or collector name.
This command applies only to collection agents that were created in Oracle Audit Vault Release 10.2.3.2. For collection agents that were created in earlier releases, use the avctl start_oc4j
command, described in Section 7.15.2.
Example
The following example shows how to start the collection agent in Oracle Audit Vault:
avctl start_agent -maxheapsize 500M Starting Agent... Agent started successfully.
The avctl start_av
command starts the Audit Vault Console.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl start_av [-loglevel level]
Arguments
Argument | Description |
---|---|
-loglevel level |
Optionally, enter the desired level of logging from the following options.
|
Usage Notes
This command executes the emctl start dbconsole
command.
Example
The following example shows how to start the Audit Vault Console:
avctl start_av Starting OC4J... OC4J started successfully. Oracle Audit Vault 10g Database Control Release 10.2.3.2.0 Copyright (c) 1996,2009 Oracle Corporation. All rights reserved. http://kuksaland.us.example.com:5700/av Oracle Audit Vault 10g is running. ------------------------------------ Logs are generated in directory /oracle/product/10.2.3/av_1/av/log
The avctl start_collector
command starts the collector.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl start_collector -collname collector_name -srcname source_name
Arguments
Argument | Description |
---|---|
-collname collector_name |
Enter the name of the collector to be started. |
-srcname source_name |
Enter the name of the source database to which the collector (specified in the -collname argument) belongs. |
Usage Notes
On successful completion of this command, Oracle Audit Vault sets the collector to a RUNNING
state. If an error is encountered, the collector is set to an ERROR
state.
If you receive a message saying that the collector is not in a RUNNING
state, ensure that the agent has been started. Run the avctl start_agent
command to start the agent, as described in Section 7.9.
Oracle Audit Vault accepts audit records only from collectors in the RUNNING
state.
If you set the NLS_LANG
environment value before running the avctl start_agent
command in the Audit Vault Agent shell or command prompt, or avctl start_collector
command in the Audit Vault Server shell or command prompt, then the avctl start_collector
command can accept a multibyte source name or collector name.
Example
The following example shows how to start the collector in Oracle Audit Vault:
avctl start_collector -collname DBAUD_Collector -srcname hr_db Starting Collector... Collector started successfully.
The avctl stop_agent
command stops the Oracle Audit Vault Release 10.2.3.2 collection agent and OC4J.
Where to Run This Command
Audit Vault collection agent:
UNIX: Set the appropriate environment variables, as described in Section 2.2.3.
Microsoft Windows: Go to the Audit Vault collection agent ORACLE_HOME
\bin
directory.
Syntax
avctl stop_agent
Arguments
None.
Usage Notes
Before you stop a collection agent, you must stop the collectors that are associated with the collection agent. See Section 7.14 for information about the avctl stop_collector
command. To find the status of a collector, run the avctl show_collector_status
(Section 7.6).
On successful completion of this command, the collection agent and its collectors are moved to a STOPPED
state.
If an error is encountered, Oracle Audit Vault sets the collection agent to an ERROR
state. Oracle Audit Vault accepts audit records only from collection agents in the RUNNING
state.
This command applies only to collection agents that were created in Oracle Audit Vault Release 10.2.3.2. For collection agents that were created in earlier releases but have not yet been upgraded, use the avctl stop_oc4j
command, described in Section 7.15.3.
Example
The following example shows how to stop the collection agent in Oracle Audit Vault:
avctl stop_agent Stopping agent... Agent stopped successfully.
The avctl stop_av
command stops the Audit Vault Console.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl stop_av
Arguments
None
Usage Notes
Oracle Audit Vault includes Enterprise Management Database Control as part of the user interfaces. When you issue the stop_av
commend, it not only shuts down the Audit Vault Console, but it also stops Enterprise Management Database Control by executing the emctl stop dbconsole
command. You do not need to issue the emctl
command separately.
Example
The following example shows how to stop the Audit Vault Console:
avctl stop_av Stopping OC4J... OC4J stopped successfully.
The avctl stop_collector
command stops the collector.
Where to Run This Command
Audit Vault Server:
UNIX: Set the appropriate environment variables, as described in Section 2.2.2.
Microsoft Windows: Go to the Audit Vault Server ORACLE_HOME
\bin
directory.
Syntax
avctl stop_collector -collname collector_name -srcname source_name
Arguments
Argument | Description |
---|---|
-collname collector_name |
Enter the name of the collector to be stopped. |
-srcname source_name |
Enter the name of the source database to which the collector (specified in the -collname argument) belongs. |
Usage Notes
On successful completion of this command, Oracle Audit Vault moves the collector a STOPPED
state.
If an error is encountered, Oracle Audit Vault sets collector to an ERROR
state.
Oracle Audit Vault accepts audit records only from collectors in the RUNNING
state.
Example
The following example shows how to stop the collector in Oracle Audit Vault:
avctl stop_collector -collname DBAUD_Collector -srcname hr_db Stopping Collector... Collector stopped successfully.
If you have upgraded from an earlier release of Oracle Audit Vault and have upgraded the collection agents from that release as well, then you can use the avctl show_agent_status
, avctl start_agent
, and avctl stop_agent
commands on these collection agents.
Table 7-2 lists commands that you must use if you have upgraded from a previous release of Oracle Audit Vault but have not yet upgraded the collection agents from that release.
Table 7-2 Audit Vault Control Commands for Release 10.2.3.1
Command | Where Used | Description |
---|---|---|
Collection agent |
Shows the status of the agent OC4J |
|
Collection agent |
Starts OC4J and collection agents |
|
Collection agent |
Stops OC4J and collection agents |
The avctl show_oc4j_status
command shows the status of agent OC4J for collection agents that were created in Release 10.2.3.1 or earlier. For collection agents created in Release 10.2.3.2, it shows the status of the collection agent.
Where to Run This Command
Audit Vault collection agent:
UNIX: Set the appropriate environment variables, as described in Section 2.2.3.
Microsoft Windows: Go to the Audit Vault collection agent ORACLE_HOME
\bin
directory.
Syntax
avctl show_oc4j_status
Arguments
None
Usage Notes
If you installed the collection agent on a Microsoft Windows computer, run the avctl show_oc4j_status
command from the ORACLE_HOME
\bin
directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
The avctl show_oc4j_status
command is deprecated, but you can use it to find the status of collection agents that were created in Release 10.2.3.1 or earlier. If the agent was created in Release 10.2.3.2, then use the avctl show_agent_status
command instead.
Example
The following example shows the OC4J and agent status for when it is running and when it is not running:
avctl show_oc4j_status ------------------------------------ OC4J is running ------------------------------------
This example shows the OC4J and agent status for when it is not running:
avctl show_oc4j_status ------------------------------------ OC4J is not running ------------------------------------
The avctl start_oc4j
command starts the collection agents that were created in Release 10.2.3.1 or earlier.
Where to Run This Command
Audit Vault collection agent:
UNIX: Set the appropriate environment variables, as described in Section 2.2.3.
Microsoft Windows: Go to the Audit Vault collection agent ORACLE_HOME
\bin
directory.
Syntax
avctl start_oc4j [-loglevel level] [-maxheapsize maximum_heap_memory]
Arguments
Argument | Description |
---|---|
-loglevel level |
Optionally, enter the desired level of logging from the following options:
|
-maxheapsize maximum_heap_memory |
Enter the maximum amount of heap memory allocated for the Java OC4J process. The default value is 1000 MB. Optional.
This setting enables you to fine-tune the OC4J performance based on the size of your Oracle Audit Vault installation. Check the size of the physical memory of the computer on which the Audit Vault collection agents are installed before setting this value. |
Usage Notes
If you installed the collection agent on a Microsoft Windows computer, run the avctl start_oc4j
command from the ORACLE_HOME
\bin
directory. For UNIX or Linux installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
If you set the NLS_LANG
environment value before running the avctl start_oc4j
command in the Audit Vault Agent shell or command prompt, or avctl start_collector
command in the Audit Vault Server shell or command prompt, it will ensure that the avctl start_collector
command can accept with a multibyte source name or collector name.
For collection agents that were created for Oracle Audit Vault Release 10.2.3.2, OC4J is automatically started when you run the avctl start_agent
command.
The avctl start_oc4j
command is deprecated, but you can use it to start collection agents that were created in Release 10.2.3.1 or earlier. If the agent is was created in Release 10.2.3.2, then use the avctl start_agent
command instead.
Example
The following example shows how to start OC4J. For the -maxheapsize
setting, include M
(for megabytes) as shown below. You can set it for other sizes, such as G
for gigabyte, but in most cases, you should set it in megabytes.
avctl start_oc4j -maxheapsize 500M Starting OC4J... OC4J started successfully.
The avctl stop_oc4j
command stops the agent OC4J and the collection agent.
Where to Run This Command
Audit Vault collection agent:
UNIX: Set the appropriate environment variables, as described in Section 2.2.3.
Microsoft Windows: Go to the Audit Vault collection agent ORACLE_HOME
\bin
directory.
Syntax
avctl stop_oc4j
Arguments
None
Usage Notes
If you installed the collection agent on a Microsoft Windows computer, run the avctl stop_oc4j
command from the ORACLE_HOME
\bin
directory. For UNIX installations, set the appropriate environment variables before running this command. See Section 2.2 for more information.
The avctl stop_oc4j
command is deprecated, but you can use it to stop collection agents that were created in Release 10.2.3.1 or earlier. If the agent is was created in Release 10.2.3.2, then use the avctl stop_agent
command instead.
Example
The following example shows how to stop OC4J and the Audit Vault agent:
avctl stop_oc4j Stopping OC4J... OC4J stopped successfully.