Oracle® Audit Vault Administrator's Guide Release 10.2.3.2 Part Number E14459-11 |
|
|
PDF · Mobi · ePub |
This section describes new features in Oracle Audit Vault that affect administrators, and provides pointers to additional information. These new features reflect changes since Release 10.2.3.1.
This section contains:
This section contains:
Time Zone Configuration for Oracle Audit Vault Reports and Alerts
Updated Oracle Database Release for the Oracle Audit Vault Server
In this release of Oracle Audit Vault, auditors can configure e-mail notifications in response to Audit Vault alerts. For example, if an alert is triggered, an e-mail can be sent automatically to the persons who must respond to it. Before an auditor can create e-mail notifications, you must configure an SMTP server for the outgoing e-mail.
For more information, see Section 3.6.
Oracle Audit Vault can now generate a Remedy trouble ticket in response to an Audit Vault alert. To accomplish this, you must configure the Audit Vault Server to communicate with the BMC Remedy Action Request (AR) System Server 7.x that is responsible for managing the trouble tickets. After you complete this configuration, an Audit Vault auditor can create the conditions necessary to automatically trigger the trouble ticket creation.
For more information, see Section 3.7.
Starting with this release, the Oracle Audit Vault data warehouse is automatically refreshed with incoming audit data as it collects audit data. Because the warehouse is refreshed in real-time, auditors can generate more accurate reports on audited activities.
Because of this enhancement, the avctl refresh_warehouse
and avca set_warehouse_schedule
commands are deprecated.
Note:
If you have just upgraded to the current release of Oracle Audit Vault, be aware that the upgrade process removes any warehouse job refresh settings that you had created before the upgrade.See Section 3.4 for more information about managing the data warehouse.
Audit Trail Cleanup DBMS_AUDIT_MGMT PL/SQL Package Installed
Audit Trail Cleanup Default Purge Job for the Audit Vault Server Database
Audit Trail Cleanup for Microsoft SQL Server Source Database Audit Data
By default, the DBMS_AUDIT_MGMT
PL/SQL package is installed in the Oracle Audit Vault Server. You no longer need to download this package from My Oracle Support (formerly OracleMetaLink) if you want to automatically purge the Audit Vault Server audit trail.
See Section 4.10 for more information about purging the Audit Vault Server audit trail.
Starting with this release, the audit trail cleanup process is initialized from the Audit Vault Server, so that you can manage the Audit Vault Server database audit trail. As part of this change, the SYS.AUD$
and SYS.FGA_LOG$
tables are moved from the SYSTEM
to the SYSAUX
tablespace.
See Section 4.10 for more information about purging the Audit Vault Server audit trail.
By default, the audit trail generated by the Audit Vault Server is now purged every 24 hours. You can modify or remove the cleanup operation if you want.
See Section 4.11 for more information purging the Audit Vault Server database audit trail.
You now can purge the C2 audit trace files and server-side trace files from a SQL Server source database automatically after all audit data has been collected by Audit Vault.
See Section 2.4.7 for more information.
Before Oracle Audit Vault can collect audit records from an IBM DB2 source database, you must run the DB282ExtractionUtil
or DB295ExtractionUtil
script. These scripts convert the IBM DB2 audit file from a binary to an ASCII file format. Starting with this release, these scripts support automatic cleanup of the binary audit trail data, in addition to purging ASCII-formatted data.
See Section 2.6.6 for more information.
Starting with this release, you can set the time zone format for Oracle Audit Vault reports and alerts. This enables auditors to generate reports that are timestamped using their local times. In addition, alert notifications and Remedy trouble tickets can contain local times. To accomplish this, you use the avca set_server_tz
command. To find the status of the current time zone setting, you can run the avca show_server_tz
command.
See the following sections for more information:
Section 6.23 for avca set_server_tz
Section 6.26 for avca show_server_tz
Depending on the audit trail type, you can now configure the Oracle Database, Microsoft SQL Server, and Sybase ASE source databases to move the collector from one agent to another. This feature is useful for failover recovery if the host computer running the original agent fails. To accomplish this, you configure the agent for the collector by setting its AGENTNAME
property by using the avorcldb
, avmssqldb
, avsybdb
alter_collector
commands.
See the following sections for more information:
Oracle Database source databases. This feature applies to the DBAUD collector only. See Section 8.4 for more information about the avorcldb alter_collector
command.
Microsoft SQL Server source databases. This feature applies to server-side trace files only. See Section 9.4 for more information about the avmssqldb alter_collector
command.
Sybase ASE source databases. See Section 10.4 for more information about the avsybdb alter_collector
command.
This section contains:
The following utilities have been enhanced for this release:
Audit Vault Configuration Assistant (AVCA). AVCA
now has several new commands.
Commands used to configure e-mail notifications:
register_smtp
secure_smtp
test_smtp
show_smtp_config
alter_smtp
enable_smtp
disable_smtp
Commands used to configure the Remedy trouble ticket service:
register_remedy
secure_remedy
test_remedy
show_remedy_config
alter_remedy
enable_remedy
disable_remedy
Commands used to configure time zones for reports:
set_server_tz
show_server_tz
See Chapter 6, "Audit Vault Configuration Assistant (AVCA) Reference" for more information.
Audit Vault Control (AVCTL). AVCTL
now has the following new commands:
show_smtp_status
show_remedy_status
See Chapter 7, "Audit Vault Control (AVCTL) Reference" for more information.
Audit Vault Oracle Database (AVORCLDB). AVORCLDB
has a new attribute for the alter_collector
command: AGENTNAME
. See Section 8.4 for more information about the avorcldb alter_collector
command.
Audit Vault Microsoft SQL Server (AVMSSQLDB). AVMSSQLDB
has the following changes for these commands:
add_source
and verify
: In previous releases, you specified the source database through the host name and port number. Now, you can specify the source database connection information by using one of the following formats:
myhost:myport 'myhost\myinstance'
The ability to specify the port or the instance name is useful for configurations in which the instance is not on the default port or does not have a default name. For configurations with multiple instances on one server, you must specify the host and instance name.
See Section 9.3 for information about avmssqldb add_source
and Section 9.10 for information about avmssqldb verify
.
alter_collector
: There is now a new attribute for the alter_collector
command: AGENTNAME
. See Section 9.4 for more information about the avmssqldb alter_collector
command.
Audit Vault Sybase ASE (AVSYBDB). AVSYBDB
has a new attribute for the alter_collector
command: AGENTNAME
. See Section 10.4 for more information about the avsybdb alter_collector
command.
The following commands have been deprecated on the Audit Vault Server:
avca set_warehouse_schedule
avctl refresh_warehouse
avctl show_agent_status
avctl start_agent
avctl stop_agent
See "Real-Time Oracle Audit Vault Data Warehouse Refreshes" for more information about enhancements to the data warehouse refresh feature.
The following Oracle Audit Vault collection agent commands names have changed:
Previous Name | New name |
---|---|
avctl show_oc4j_status |
avctl show_agent_status Foot 1 |
avctl start_oc4j |
avctl start_agent |
avctl stop_oc4j |
avctl stop_agent |
Footnote 1 In addition, starting with this release, the avctl show_agent_status
command no longer has any arguments.
See Chapter 7, "Audit Vault Control (AVCTL) Reference" for more information about the AVCTL commands.
For this release, the Oracle Audit Vault Server uses Oracle Database Release 10.2.0.4.
See Section 1.3.2 for more information about the Audit Vault Server components.
This guide now explains how you can check which ports are being used by an Oracle Audit Vault installation, and to modify them.
See the following sections for more information:
Section 1.3.2.2 for default Audit Vault Server port information
Section 1.3.4.3 for default Audit Vault collection agent and collector port information
Section 4.9 for information about changing port numbers
This section contains:
This release provides collectors for the Sybase Adaptive Server Enterprise (ASE) and IBM DB2 database products. The supported releases for these two database products are as follows:
Sybase ASE: ASE 12.5.4 and ASE 15.0.2 on platforms based on Linux and UNIX, and on Microsoft Windows platforms
IBM DB2: IBM DB2 Version 8.2 and Version 9.5 on platforms based on Linux and UNIX, and on Microsoft Windows platforms. If you are using Version 8.2, ensure that you have installed Fixpack 16.
See the following sections for more information:
Section 2.5 for information about registering a Sybase ASE source database with Oracle Audit Vault
Section 2.6 for information about registering an IBM DB2 source database with Oracle Audit Vault
Chapter 10, "Audit Vault Sybase ASE (AVSYBDB) Utility Commands"
Chapter 11, "Audit Vault IBM DB2 (AVDB2DB) Utility Commands"