| Oracle® Audit Vault Release Notes Release 10.3 Part Number E23572-03 |
|
| PDF · Mobi · ePub |
| Oracle® Audit Vault Release Notes Release 10.3 Part Number E23572-03 |
|
| PDF · Mobi · ePub |
Release Notes
Release 10.3
E23572-03
January 2012
These Release Notes contain important information that was not included in the Oracle Audit Vault Release 10.3 documentation.
This document contains these topics:
You can download the most current version of this document from the following Web site:
http://www.oracle.com/technetwork/database/audit-vault/documentation/index.html
This section contains the following topics:
Before you begin the upgrade process, apply the latest bundle patch (BP6) on the Oracle Audit Vault Server installation or Agent installation of Release 10.2.3.2.x to upgrade it to Release 10.2.3.2.6. The upgrade checks for the specified Release 10.2.3.2.6 and will not proceed if the installation is not updated to this bundle patch. You can find BP6 from My Oracle Support by searching for Patch ID 12703193.
The Web site for My Oracle Support is:
After you have installed the bundle patch (BP6) on your Oracle Audit Vault Server installation as described in Section 2.1, you are ready to complete the procedures in this section.
Note:
You must complete each step in these processes successfully before proceeding to the next step. Inspect all output and log files for failures, and take necessary corrective action to determine the recovery procedure if a failure occurs, referring to the appropriate Oracle documentation for the tool that has failed. If in doubt, contact Oracle Support.Required Steps in Oracle Audit Vault Server 10.2.3.2.6 Oracle Home
Required Steps in Oracle Audit Vault Server 10.3 Oracle Home
Back up the Oracle Audit Vault database.
To use Oracle Recovery Manager (RMAN) to back up the database:
Start RMAN:
$ rman target /
Issue the following RMAN commands. In the following example, the tag is named before_upgrade.
BACKUP DATABASE FORMAT 'backup_directory%U' TAG before_upgrade; BACKUP CURRENT CONTROLFILE FORMAT 'save_controlfile_location';
See Oracle Database Backup and Recovery Basics for more information about backing up a database.
Back up the Audit Vault Server home directory.
Back up or copy these files to another directory until after you have tested the upgrade.
Set the environment variables for the Oracle Audit Vault Server Release 10.2.3.2.6 installation.
See Oracle Audit Vault Administrator's Guide, Chapter 2, "Registering Source Databases and Collectors."
Disable Oracle Database Vault in the Oracle Audit Vault Server 10.2.3.2.6 installation.
See Oracle Database Vault Administrator's Guide for Release 10.2.0.5, Appendix B, "Disabling and Enabling Oracle Database Vault."
From the Audit Vault Server, log into SQL*Plus as user SYS with the SYSDBA privilege, and then disable the Oracle Database Vault triggers.
sqlplus sys as sysdba
Enter password: password
SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE;
SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;
Ensure that SYS/passwd@SID AS SYSDBA is in a password file, by running the orapwd utility.
cd $ORACLE_HOME/dbs
orapwd file=orapw$ORACLE_SID
password=password nosysdba=n force=y
Drop the Oracle Enterprise Manager Database Control repository.
emca -deconfig dbcontrol db -repos drop
Stop the Audit Vault Server.
avctl stop_av
Shut down Oracle Database.
SQL> SHUTDOWN IMMEDIATE
Stop the listener.
lsnrctl stop
Unset the TZ environment variable.
In CSH:
unsetenv TZ
In KSH:
export TZ=
Install Oracle Audit Vault Server 10.3 in Software Only mode.
During the installation, select an empty directory for the $ORACLE_HOME directory. Do not reuse the existing Audit Vault $ORACLE_HOME directory.
Invoke the installer as follows:
./runInstaller oracle_install_db_SID=SID
SID is the SID of the Audit Vault 10.2.3.2.6 Server database that you are upgrading from.
Disable Oracle Database Vault.
See Oracle Database Vault Administrator's Guide for Release 11.2.0.3, Appendix B, "Disabling and Enabling Oracle Database Vault."
Set the environment variables for the Oracle Audit Vault Server Release 10.3 installation.
See Chapter 2, Checking and Setting Environment Variables, in the Oracle Audit Vault Administrator's Guide for more information.
Set the ORACLE_UNQNAME environment variable to match the ORACLE_SID value.
For example, if your shell is CSH:
setenv ORACLE_UNQNAME oracle_sid
Run Net Configuration Assistant (NetCA) interactively.
When the NetCA graphical interface appears, follow the instructions, and use the same listener name and listener port as in the release 10.2.3.2.6 installation. You can find these values in the Release 10.2.3.2.6 $ORACLE_HOME/network/admin/listener.ora file.
Start the listener.
lsnrctl start
Run Database Upgrade Assistant (DBUA) manually by using the same SID as your 10.3.2.6 installation.
dbua -silent -sid 10.2.3.2.6_SID -oracleHome 10.2.3.2.6_Oracle_home_directory -disableArchiveLogMode -recompile_invalid_objects true -degree_of_parallelism 2 -upgradeTimezone -emConfiguration LOCAL -dbsnmpPassword password -sysmanPassword password
In SQL*Plus, log in as SYS with the SYSDBA privilege and then set the COMPATIBLE initialization parameter to reflect the Release 11.2.0.3 upgrade.
sqlplus sys as sysdba
Enter password: password
SQL> ALTER SYSTEM SET COMPATIBLE='11.2.0.3.0' SCOPE=SPFILE;
Restart Oracle Database.
SQL> SHUTDOWN IMMEDIATE SQL> STARTUP
Run the AVCA upgrade script to upgrade Audit Vault, as follows:
avca upgrade -old_oh 10.2.3.2.6_Oracle_home
When this script completes, the Audit Vault Server 10.3 upgrade is successful and Oracle Database Vault is automatically enabled.
After the upgrade script completes successfully, run the following AVCTL command and check that the result shows 10.3.0.0.0:
avctl show_av_status
After you have installed the bundle patch (BP6) on your Oracle Audit Vault Server installation as described in Section 2.1, you are ready to complete the procedures in this section.
Note:
You must complete each step in these processes successfully before proceeding to the next step. Inspect all output and log files for failures, and take necessary corrective action to determine the recovery procedure if a failure occurs, referring to the appropriate Oracle documentation for the tool that has failed. If in doubt, contact Oracle Support.Required Steps in Oracle Audit Vault Server 10.2.3.2.6 Oracle Home for Oracle RAC
Upgrade Steps In Oracle Audit Vault Server 10.3 Oracle Home for Oracle RAC
Check the Oracle RAC Cluster Ready Services (CRS) Version.
Ensure that the CRS version is Release 11.2.0.3 or later. If the CRS version is not Release 11.2.0.3 or later, then you must first patch CRS to Release 11.2.0.3 before continuing with this upgrade.
Set the environment variables for the Oracle Audit Vault Server Release 10.2.3.2.6 installation.
See Oracle Audit Vault Administrator's Guide, Chapter 2, "Registering Source Databases and Collectors."
Do the following on all nodes:
Disable Oracle Database Vault in the Oracle Audit Vault Server 10.2.3.2.6 installation, as described in Oracle Database Vault Administrator's Guide, Appendix B, "Disabling and Enabling Oracle Database Vault."
From the Audit Vault Server, log into SQL*Plus as user SYS with the SYSDBA privilege and then disable the Oracle Database Vault triggers.
sqlplus sys as sysdba
Enter password: password
SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE;
SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;
Ensure that SYS/passwd@SID AS SYSDBA is in a password file, by running the orapwd utility.
cd $ORACLE_HOME/dbs
orapwd file=orapw$ORACLE_SID
password=password nosysdba=n force=y
Drop the Oracle Enterprise Manager Database Control repository on the main node, as follows:
emca -deconfig all db -cluster -repos drop
Stop the Audit Vault Server.
avctl stop_av
Shut down Oracle Database.
SQL> SHUTDOWN IMMEDIATE
Stop the listener.
lsnrctl stop
Check the Oracle RAC Cluster Ready Services (CRS) Version.
Ensure that the CRS version is Release 11.2.0.3 or later. If the CRS version is not Release 11.2.0.3 or later, then you must first patch CRS to Release 11.2.0.3 before continuing with this upgrade.
Unset the TZ environment variable.
In CSH:
unsetenv TZ
In KSH:
export TZ=
Install Oracle Audit Vault Server 10.3 in Software Only mode on the main node.
During the installation, select an empty directory for the $ORACLE_HOME directory. Do not reuse the existing Audit Vault $ORACLE_HOME directory.
./runInstaller oracle_install_db_SID=SID
Set SID to the unique database name of the Audit Vault 10.2.3.2.6 Server you are upgrading from.
NOTE: In a RAC environment, the database unique name differs from the database SID; the SID is node-specific, whereas the database unique name is not.
Disable Oracle Database Vault.
See Oracle Database Vault Administrator's Guide for Release 11.2.0.3, Appendix B, "Disabling and Enabling Oracle Database Vault."
Set the environment variables for the Oracle Audit Vault Server Release 10.3 installation.
See Oracle Audit Vault Administrator's Guide, Chapter 2, "Checking and Setting Environment Variables," in for more information.
Set the ORACLE_UNQNAME environment variable to match the ORACLE_SID value. For example, if your shell is CSH:
setenv ORACLE_UNQNAME oracle_sid
On the main node, edit the $ORACLE_HOME/install/netca_cust.rsp file to match the listener port numbers of the Oracle Audit Vault Server 10.2.3.2.6 installation.
For example, if the local listener in your Oracle Audit Vault Server 10.2.3.2.6 installation was configured to run at port 1522, then update the $ORACLE_HOME/install/netca_cust.rsp file in your Oracle Audit Vault Server 10.3 home directory to port 1522. To do this, update the LISTENER_PROTOCOLS and NSN_PROTOCOLS entries, which contain the port number.
On the main node, run NetCA:
$ORACLE_HOME/bin/netca -silent -responsefile $ORACLE_HOME/install/netca_cust.rsp
Ensure that it completes without errors.
Start the listener.
lsnrctl start
Run DBUA in interactive mode and accept all the defaults.
dbua
Choose the local listener, that is, LISTENER_sid, when DBUA prompts you to Register the database with All Listeners.
You can choose to register with all the listeners, but Oracle recommends that you register the local listener.
In SQL*Plus, log in as SYS with the SYSDBA privilege and then set the COMPATIBLE initialization parameter to reflect the Release 11.2.0.3 upgrade.
sqlplus sys as sysdba
Enter password: password
SQL> ALTER SYSTEM SET COMPATIBLE='11.2.0.3.0' SCOPE=SPFILE;
Restart Oracle Database.
SQL> SHUTDOWN IMMEDIATE SQL> STARTUP
Run the AVCA upgrade script to upgrade Audit Vault, as follows:
avca upgrade old_oh 10.2.3.2.6_Oracle_home_directory -rac Y -racnode node1,node2
Enable Oracle Database Vault manually on all the other nodes.
After the upgrade script completes successfully, run the following AVCTL command and check that the result shows 10.3.0.0.0:
avctl show_av_status
This section contains:
Before upgrading an Oracle Audit Vault Agent to Release 10.3, ensure that you have already upgraded the Oracle Audit Vault Server to Release 10.3. An Audit Vault Server can only manage agents with version numbers less than or equal to its own.
Before you begin the upgrade, apply the latest bundle patch (BP6) on the Oracle Audit Vault Agent installation of Release 10.2.3.2.x to upgrade it to Release 10.2.3.2.6.
You must have the agent user name and password that were provided during the initial installation of the Audit Vault Agent. For example, if the Release 10.2.3.2.6 agent name is myagent and it is configured to use the user name myagentuser, then you must use the same agent name/user name for the Release 10.3 agent as well, because it is an upgrade.
If you do not remember the agent user name, then you can find it by logging into the Audit Vault Console, and clicking on the Agents tab. You may need to view or edit the agent to obtain the user name.
If you cannot remember the agent password, follow the instructions in Chapter 5, Section 5.4.4, "Changing the AV_AGENT Password," in the Oracle Audit Vault Administrator's Guide.
Install Audit Vault Agent 10.3.
See Oracle Audit Vault Agent Installation Guide and "Information Required to Upgrade the Audit Vault Agent to 10.3".
After the installation completes successfully, set the environment variables to match your Audit Vault Agent Release 10.3 $ORACLE_HOME directory.
See Oracle Database Vault Administrator's Guide, Release 10.3, Chapter 2, "Registering Source Databases and Collectors."
Run the AVCA upgrade script:
avca upgrade -old_oh 10.2.3.2.6_Agent_Oracle_home
When this script completes, the Audit Vault Agent 10.3 upgrade is successful.
After you install Oracle Audit Vault, check if there is a patch set or critical patch update (CPU) available. Before applying any Oracle Audit Vault patch sets, back up your Oracle Audit Vault database, the Oracle Audit Vault Server home, and the Oracle Audit Vault collection agent home. See Section 3.1 for more information.
This section describes the following postinstallation tasks if you need to update this patch:
Back up the files before you begin a critical patch upgrade and keep these files until you have tested the upgrade.
A CPU is a collection of patches for security vulnerabilities. It also includes non-security fixes required (because of interdependencies) by those security patches. CPUs are cumulative, and they are provided quarterly on the Oracle Technology Network (OTN). As a best practice, apply the latest CPUs to the Oracle Audit Vault Server.
For general information about CPUs, visit the following Web site:
http://www.oracle.com/security/critical-patch-update.html
For specific information about critical patch updates and security alerts, see:
http://www.oracle.com/technology/deploy/security/alerts.htm
This section describes known issues and workarounds for single instance and Oracle installations on all platforms.
This section contains:
Invalid Objects Appear After Upgrade of Single Instance Database from Audit Vault 10.2.3.2.6 to 10.3
Oracle RAC Remote Databases Down on IBM AIX on Power Systems After Installation
When you upgrade the Audit Vault Server from a previous release, error messages appear in the $ORACLE_HOME/av/log/avca.log file. This problem does not affect the Audit Vault agent installation.
These error messages are as follows:
ORA-00001: unique constraint (DVSYS.*) violated ORA-00955: name is already used by an existing object ORA-02260: table can have only one primary key ORA-02261: such unique or primary key already exists in the table ORA-02275: such a referential constraint already exists in the table ORA-02303: cannot drop or replace a type with type or table dependents ORA-04042: procedure, function, package, or package body does not exist ORA-01920: user name '*' conflicts with another user or role name ORA-01921: role name '*' conflicts with another user or role name ORA-01951: ROLE 'AV_*' not granted to 'SYS' ORA-01952: system privileges not granted to 'DBA' ORA-24145: evaluation context DVSYS.* already exists
Workaround: You can ignore these error messages.
Oracle Bug: 8489866
After you upgrade from Audit Vault Release 10.2.3.2.x to Release 10.3, invalid objects may appear.
For example:
SQL> SELECT OBJECT_NAME, OBJECT_ID, OWNER FROM ALL_OBJECTS WHERE STATUS='INVALID'; OBJECT_NAME OBJECT_ID OWNER ------------------------------ ---------- ------------------------------ DV$3 71282 DVSYS DV$4 71283 DVSYS 2 rows selected.
Workaround: Run the UTL_RECOMP.RECOMP_SERIAL PL/SQL procedure to recompile the invalid objects.
exec utl_recomp.recomp_serial('DVSYS');
Oracle Bug: 13389960
When deinstalling Audit Vault Agent from home, you may see the following error.
AVAGENT DEINSTALL FROM HOME EXISTING WITH THE FOLLOWING ERROR ---------------------------------------------------------------------- ## [START] Oracle install clean ## ERROR: null Exited from program. ############# ORACLE DEINSTALL & DECONFIG TOOL END ############# -------------------------------------------------------------------
Workaround: You can ignore this message. The prompt returns following the displayed message.
Oracle Bug: 13400226
During the Audit Vault Server upgrade process from Audit Vault Release 10.2.3.6 to 10.3 for Oracle RAC installations, the following errors appear when the upgrade process reaches the Enterprise Manager repository stage while running Database Upgrade Assistant (DBUA):
ORA-01403: no data found
ORA-01704: string literal too long
Workaround: You can ignore these messages. The upgrade process will complete successfully.
Oracle Bug: 13458418
On Oracle RAC systems on the IBM AIX on Power platform, after the Oracle Audit Vault Server RAC installation has completed, the remote database instances may be down.
Workaround: Use the following command to start each remote database instance from the primary node:
$ORACLE_HOME/bin/srvctl start instance -d database_SID -i instance_SID
Oracle Bug: 13387318
This section contains:
After you install the Audit Vault Server on an Oracle cluster, accessing the Audit Vault console using the AV_AUDITOR role fails on some versions of Internet Explorer (IE). After you log in as AV_AUDITOR, there may be an error.
Workaround: If you log in as AV_AUDITOR, and see an error right after logging in, click on the Diagnose Network Problem button. You should then be able to log in.
Oracle Bug: 13369982
When used to collect syslog data, the OSAUD collector can crash continuously and without recovery if the syslog.conf file was not created with the proper syntax.
Workaround: Ensure that you created the syslog.conf file using the correct syntax. Refer to the operating system documentation for information about editing the syslog.conf file and the proper syntax to use. If an invalid syslog.conf syntax is causing the collector crash, then fix the syslog.conf file. After you restart the OSAUD collector, then the collector activities should resume. To restart the collector, run the avctl stop_collector and avctl start_collector commands using the following syntax:
avctl stop_collector -collname collector_name -srcname source_name avctl start_collector -collname collector_name -srcname source_name
Oracle Bug: 13498703
On the IBM AIX on POWER Systems (64-Bit) system, if the JAVA_COMPILER environment variable is set, then the agent OC4J may dump core when you try to run the avctl start_collector command.
Workaround: Follow these steps:
Unset the JAVA_COMPILER environment variable.
For example:
unset JAVA_COMPILER
Restart the agent.
avctl stop_agent avctl start_agent
Oracle Bug: 13567520
There are no known source database configuration issues for Oracle Audit Vault.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Audit Vault Release Notes, Release 10.3
E23572-03
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|