Skip Headers
Oracle® Audit Vault Server Installation Guide
Release 10.3 for IBM AIX on POWER Systems (64-Bit)

Part Number E23566-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

4 Installing the Oracle Audit Vault Server

This chapter includes an overview of the major steps required to install single instance Oracle Audit Vault Server (Audit Vault Server) and to install Audit Vault Server with Oracle Real Application Clusters (Oracle RAC). In each case, Oracle Audit Vault Server installs a customized, specially configured release of Oracle Database 11g Release 2 (11.2.0.3.0).

This chapter includes the following sections:

4.1 Reviewing Component-Specific Installation Guidelines

Review the following guidelines before starting Oracle Universal Installer:

4.1.1 Using an Oracle Automatic Storage Management Disk Group

This section is optional and describes how to identify disk groups and determine the free disk space that they contain. You can store either database or recovery files in an existing Oracle ASM disk group that you created during the Oracle Grid Infrastructure installation.

Note:

The Oracle ASM instance that manages the existing disk group will be running in the Oracle Grid Infrastructure home directory.

To determine if an existing Oracle ASM disk group exists, or to determine if there is sufficient disk space in a disk group, use the following procedure:

  1. View the contents of the oratab file to determine if an Oracle ASM instance is configured on the system:

    # more /etc/oratab
    

    If an Oracle ASM instance is configured on the system, then the oratab file should contain a line similar to the following:

    +ASM:oracle_home_path:N
    

    In this example, +ASM is the system identifier (SID) of the Oracle ASM instance and oracle_home_path is the Oracle home directory where Oracle ASM is installed. By convention, the SID for an Oracle ASM instance should be +ASM.

  2. Open a shell prompt and temporarily set the ORACLE_SID and ORACLE_HOME environment variables to specify the appropriate values for the Oracle ASM instance that you want to use.

    For example, if the Oracle ASM SID is named +ASM and is located in the grid subdirectory of the ORACLE_BASE directory, then enter the following commands to create the required settings:

    • Bourne, Bash, or Korn shell:

      $ ORACLE_SID=+ASM
      $ export ORACLE_SID
      $ ORACLE_HOME=/u01/app/oracle/product/11.2.0/grid/
      $ export ORACLE_HOME
      
    • C shell:

      % setenv ORACLE_SID +ASM
      % setenv ORACLE_HOME /u01/app/oracle/product/11.2.0/grid
      
  3. By using SQL*Plus, connect to the Oracle ASM instance as the SYS user with SYSASM privilege and start the instance if necessary:

    # $ORACLE_HOME/bin/sqlplus /nolog
    SQL> CONNECT SYS as SYSASM
    Enter password: SYS_password 
    SQL> STARTUP
    
  4. Enter the following command to view the existing disk groups, their redundancy level, and the amount of free disk space in each one:

    SQL> SELECT NAME,TYPE,TOTAL_MB,FREE_MB FROM V$ASM_DISKGROUP;
    
  5. From the output, identify a disk group with the appropriate redundancy level and note the free space that it contains.

  6. If necessary, install or identify the additional disk devices required to meet the storage requirements listed in the previous section.

    Note:

    If you are adding devices to an existing disk group, then Oracle recommends that you use devices that have the same size and performance characteristics as the existing devices in that disk group.

4.2 Accessing the Server Installation Software

The Oracle Audit Vault Server software is available:

4.3 Basic Installation – Performing the Single Instance Server Installation

For an overview of requested information specific to the Audit Vault Server installation, see Section 4.8.

See Section 2.16 for important information about setting the correct locale.

To perform Audit Vault Server single instance basic installation:

  1. Invoke Oracle Universal Installer (OUI) to install Oracle Audit Vault.

    Log in as the oracle user. Alternatively, switch the user to oracle using the su - command. Change your current directory to the directory containing the installation files. Start Oracle Universal Installer from the Oracle Audit Vault package.

    cd directory-containing-the-Oracle-Audit-Vault-installation-files
    ./runInstaller
    

    Oracle Universal Installer starts up and launches itself.

    If you need assistance at any time during installation, click Help.

    If you encounter problems during installation, examine the Oracle Universal Installer actions recorded in the installation log file. The log file is located in the cfgtoollogs/oui directory, in the following location:

    $ORACLE_HOME/cfgtoollogs/oui/installActionsdate_time.log
    
  2. The following table lists the various screens displayed and the options to select during an Oracle Audit Vault Server Basic Installation:

    Screen Action
    Configure Security Updates Enter your e-mail address, preferably your My Oracle Support (formerly OracleMetaLink) e-mail address or user name in the Email field.

    Select the I wish to receive security updates via My Oracle Support check box if you want to receive security updates.

    Enter your My Oracle Support password in the My Oracle Support Password field.

    Click Next.

    Select Installation Option Select Create and configure Oracle Audit Vault, and click Next

    This option installs and configures Oracle Audit Vault Server.

    Select Install Type Select Basic install, and click Next:

    This installation method is selected by default. It lets you quickly install Oracle Audit Vault Server with standard configuration options requiring minimal input.

    Basic Install Configuration Specify information for the following fields:
    • Oracle Base

      The Oracle base directory is a top-level directory for Oracle software installations owned by an Oracle installation owner account. The default Oracle base path is mountpoint/app/user, where user is the user account running the installation. You can change the path based on your requirements.

    • Software Location

      Either accept the default value or enter or browse to the Oracle home directory path in which you want to install Oracle Audit Vault Server.The directory path should not contain spaces.

      Ensure that the Oracle home path for the database home and the Oracle base path use only ASCII characters. At the time of this release, the use of non-ASCII characters for a Oracle database home or Oracle base is not supported.

    • Audit Vault SID

      Specify a unique Database Service ID (SID) for the Oracle Audit Vault Server installation. The Oracle Audit Vault SID is required. The SID will be used as the database SID, and will be the first portion (db_name) of the database service name.

    • Audit Vault Admin

      The account name of the Oracle Audit Vault Administrator. The Oracle Audit Vault Administrator account name is required.

      The Oracle Audit Vault Administrator user name will also be used for the following Oracle Database Vault users that are created to facilitate the separation of duties:

      AV_ADMINdvo – The Database Vault Owner (granted DV_OWNER role) to manage Database Vault roles and configuration, where AV_ADMIN represents the Oracle Audit Vault Administrator user name.

      AV_ADMINdva – The Database Vault Account Manager (granted DV_ACCTMGR role) to manage database user accounts, where AV_ADMIN represents the Oracle Audit Vault administrator user name.

    • Password

      The password for the Oracle Audit Vault administrator account.

      The password entered will also be used for the standard database accounts (sys, system, sysman, dbsnmp). The password will also be used for the Oracle Database Vault users (Database Vault Owner and the Database Vault Account Manager users) that are created to facilitate the separation of duties.

    • Confirm Password

      The confirming password for the Oracle Audit Vault Administrator account.

    Basic Install Configuration (Continued) Specify information for the following fields, and click Next.
    • Create a Separate Audit Vault Auditor

      Accept the selected default check box to choose to create the Oracle Audit Vault Auditor account name to have a separation of duties between the Oracle Audit Vault Administrator and Auditor. Deselecting the check box disables the text fields for the Oracle Audit Vault Auditor user name and password. The Oracle Audit Vault Administrator in this case will be granted the role of Oracle Audit Vault Auditor and assume these duties.

    • Audit Vault Auditor

      The account name of the Oracle Audit Vault Auditor.

    • Password

      The password for the Oracle Audit Vault auditor account.

    • Confirm Password

      The confirming password for the Oracle Audit Vault Auditor account.

    Create Inventory You are prompted by the installer to specify the Inventory Directory path for the central inventory the first time you install any Oracle software on your computer.

    Select the oraInventory Group Name of the operating system group that should own the Oracle Inventory directory (the Oracle Inventory group).

    Click Next.

    Note: By default, the Oracle Inventory directory is not installed under the Oracle Base directory. This is because all Oracle software installations share a common Oracle Inventory, so there is only one Oracle Inventory for all users, whereas there is a separate Oracle Base for each user.

    Perform Prerequisite Checks This option checks the system to verify that it is configured correctly and the minimum requirements are met to perform the Oracle Audit Vault Server installation. If you have completed all of the preinstallation steps in this guide, all of the checks should pass.

    If you click Check Again, then you can run the prerequisite check again to see if the minimum requirements are met to carry on with the database installation.

    Click Fix & Check Again, if you want the installer to fix the problem and check the system requirements once more.

    Note: The Fix & Check Again option generates a script that you need to run as the root user. This generated script sets some of the system parameters to Oracle-recommended values. Oracle recommends that you do not modify the contents of this script. Refer to Section 2.4 for more information about fixup scripts.

    To get a list of failed requirements, select ShowFailed from the list. To get a list of all the prerequirement checks run by the OUI, select Show All. To get a list of the prerequirement checks that are successful, select Show Succeeded.

    Note: Oracle recommends that you use caution in checking the Ignore All option. If you check this option, then Oracle Universal Installer may not confirm that your system is able to install Oracle Audit Vault Server successfully.

    See Also: Chapter 2 for information about the system requirements

    Summary Review the information displayed on this screen, and click Install.

    Note: Starting with Oracle Audit Vault Server Release 10.3, you can save all the installation steps into a response file by clicking Save Response File. Later, this file can be used for a silent installation. See Section 4.7 and Appendix A for more information.

    Install product This screen states the progress of an Oracle Audit Vault Server installation. After Oracle Audit Vault Server is installed, you are prompted to execute a root configuration script for new inventory as the root user.

    This screen displays the status information for the configuration assistants that configure the Oracle Audit Vault Server. Finally, a message is displayed at the end of Audit Vault Configuration Assistant process. Click Next.

    Follow the steps as indicated on the Execute Configuration scripts screen to run the root.sh, and, if required, the orainstRoot.sh configuration scripts as the root user.

    After running the scripts, click OK on the Execute Configuration scripts screen to continue.

    Finish This screen is shown automatically when all the configuration tools are successful.

    Review the Oracle Enterprise Manager Database Control URL and the Oracle Audit Vault Console URL information displayed in this screen and click Close.

    On the Exit page, click Exit. Then, on the Confirmation message box, click Yes to exit Oracle Universal Installer.


    Caution:

    After installation is complete, do not manually remove, or run cron jobs that remove /tmp/.oracle or /var/tmp/.oracle directories or their files while Oracle software is running. If you remove these files, then Oracle software can encounter intermittent hangs. Oracle Restart installations will fail with the following error:
    CRS-0184: Cannot communicate with the CRS daemon.
    

See Section 4.9.6 for information about logging into Oracle Audit Vault Console and Oracle Enterprise Manager Database Control.

After you have completed the installation, proceed to Section 4.9 to perform the postinstallation tasks.

4.4 Advanced Installation – Prerequisite Information for Installing in an Oracle Real Application Clusters Environment

This section assumes you performed phase one of the installation procedures for installing Oracle Audit Vault with Oracle Real Application Clusters (Oracle RAC) as described in Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for AIX Based Systems. These tasks include preinstallation tasks, configuring Oracle Clusterware and Oracle Database storage, and installing Oracle Clusterware. You are now ready to install Oracle Audit Vault in an Oracle RAC environment.

This section describes the remaining installation procedures for installing Oracle Audit Vault with Oracle Real Application Clusters (Oracle RAC).

Verifying System Readiness for Installing Oracle Audit Vault with CVU

To help to verify that your system is prepared to install Oracle Audit Vault with Oracle RAC successfully, use the Cluster Verification Utility (CVU) runcluvfy command.

See the "Verifying System Readiness for Installing Oracle Database with CVU " section in Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for AIX Based Systems.

If the cluster verification check fails, then review and correct the relevant system configuration steps, and run the test again. Use the system configuration checks described in "Troubleshooting Installation Setup" section in Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for AIX Based Systems to assist you.

4.5 Advanced Installation – Installing Single Instance and Installing in an Oracle Real Application Clusters Environment

This section describes the advanced installation for both the single instance installation and the Oracle RAC installation.

Note:

Oracle ASM Release 11.2.0.3 requires Oracle Clusterware Release 11.2.0.3. Oracle Audit Vault 10.3 requires Cluster Ready Services (CRS) 11.2.0.3, which installs with Oracle Clusterware Release 11.2.0.3.

See Section 2.16 for important information about setting the correct locale.

Perform the following procedures to install Oracle Audit Vault.

  1. Run Oracle Universal Installer (OUI) to install Oracle Audit Vault.

    Log in as the oracle user. Alternatively, switch user to oracle using the su - command. Change your current directory to the directory containing the installation files. Start Oracle Universal Installer from the Oracle Audit Vault package.

    cd directory-containing-the-Oracle-Audit-Vault-installation-files
    ./runInstaller
    

    Oracle Universal Installer starts up and launches itself.

    If you need assistance at any time during installation, click Help.

    If you encounter problems during installation, examine the Oracle Universal Installer actions recorded in the installation log file. The log file is located in the cfgtoollogs/oui directory, in the following location:

    $ORACLE_HOME/cfgtoollogs/oui/installActionsdate_time.log
    
  2. The following table lists the various screens displayed and the options to select during an Oracle Audit Vault Server Basic Installation:

    Screen Action
    Configure Security Updates Enter your e-mail address, preferably your My Oracle Support (formerly OracleMetaLink) e-mail address or user name in the Email field.

    Select the I wish to receive security updates via My Oracle Support check box if you want to receive security updates.

    Enter your My Oracle Support password in the My Oracle Support Password field.

    Click Next.

    Select Installation Option Select Create and configure Oracle Audit Vault, and click Next

    This option installs and configures Oracle Audit Vault Server.

    Select Install Type Select Advanced install, and click Next:

    This installation method offers you more controls and options for the full Oracle Audit Vault Server installation along with more install screens.

    Grid Installation Options Select the type of Audit Vault installation you want to perform, and click Next.
    • Single instance Audit Vault installation: This option installs a single instance of Oracle Audit Vault Server.

    • Oracle Real Application Clusters database installation: This option installs Oracle Audit Vault Server in an Oracle Real Application Clusters (Oracle RAC) environment.

    When you select Oracle Real Application Clusters database installation, you must make node selections.

    If you are installing on a clustered system (Oracle Clusterware is installed and the system is already part of a cluster), the Node Selection screen appears from which to select the nodes on which Oracle Audit Vault will be installed. Local node will always be selected by default. If you are installing Oracle Audit Vault single instance on this local node only, select the Local Only Installation option, then click Next.

    If you are installing on a clustered system (Oracle Clusterware is installed and the system is already part of a cluster), select the nodes on which Oracle Audit Vault must be installed. Oracle recommends to install software on all the cluster nodes instead of a subset of nodes. After selecting these nodes, click Next.

    See Section 4.8.2 for more information about node selection.

    Select Product Languages This option enables you to select the language in which you want to run the product.

    Select the product Language from the Available Languages list, transfer it to the Selected Languages list. Click Next.

    Specify Installation Location Specify Oracle Base, Software Location, and click Next.

    The Oracle base directory is a top-level directory for Oracle software installations owned by an Oracle installation owner account. The default Oracle base path is mountpoint/app/user, where user is the user account running the installation. You can change the path based on your requirements.

    In the Software Location field, accept the default value or enter or browse to the Oracle home directory path in which you want to install Oracle Audit Vault Server.The directory path should not contain spaces. Click Next.

    Ensure that the Oracle home path for the Audit Vault Server home and the Oracle base path use only ASCII characters. At the time of this release, the use of non-ASCII characters for a Oracle Audit Vault Server home or Oracle base is not supported.

    Create Inventory You are prompted by the installer to specify the Inventory Directory path for the central inventory the first time you install any Oracle software on your computer.

    Select the oraInventory Group Name of the operating system group that should own the Oracle Inventory directory (the Oracle Inventory group).

    Click Next.

    Note: By default, the Oracle Inventory directory is not installed under the Oracle Base directory. This is because all Oracle software installations share a common Oracle Inventory, so there is only one Oracle Inventory for all users, whereas there is a separate Oracle Base for each user.

    Specify Audit Vault Details Specify information for the following fields and click Next:

    See Section 4.8 for more information about each of these topics.

    • Audit Vault Admin

      The account name of the Oracle Audit Vault Administrator. The Oracle Audit Vault Administrator account name is required.

    • Password

      The password for the Oracle Audit Vault administrator account.

    • Confirm Password

      The confirming password for the Oracle Audit Vault Administrator account.

    • Create a Separate Audit Vault Auditor

      Accept the selected default check box to choose to create the Oracle Audit Vault Auditor account name to have a separation of duties between the Oracle Audit Vault Administrator and Oracle Auditor. Deselecting the check box disables the text fields for the Oracle Audit Vault Auditor user name and password. The Oracle Audit Vault Administrator in this case will be granted the role of Oracle Audit Vault Auditor and assume these duties.

    • Audit Vault Auditor

      The account name of the Oracle Audit Vault Auditor.

    • Password

      The password for the Oracle Audit Vault auditor account.

    • Confirm Password

      The confirming password for the Oracle Audit Vault Auditor account.

    • Database Vault Owner

      The account name of the Oracle Database Vault Owner.

    • Password

      The password for the Oracle Database Vault Owner account.

    • Confirm Password

      The confirming password for the Oracle Database Vault Owner account.

    • Create a Separate Database Vault Account Manager

      Accept the selected default check box to choose to create the Oracle Database Vault Account Manager account name to have a separation of duties between the Oracle Database Vault Owner and Oracle Database Vault Account Manager. Deselecting the check box disables the text fields for the Oracle Database Vault Account Manager user name and password. The Oracle Database Vault Owner in this case will be granted the role of Oracle Database Vault Account Manager and assume these duties.

    • Account Manager

      The account name of the Oracle Database Vault Account Manager.

    • Password

      The password for the Oracle Database Vault Account Manager account.

    • Confirm Password

      The confirming password for the Oracle Database Vault Account Manager account.

    See Section 4.8.1.4 for more information about Audit Vault Admin and Auditor user accounts and passwords

    See Section 4.8.1.5 for more information about Database Vault Owner and Account Manager user accounts and passwords.

    Specify Database Identifiers Specify the following information, and click Next:
    • Global Database Name

      Specify the Global Database Name using the following syntax:

      db_unique_name.db_domain
      

      where:

      db_unique_name is the name of the database. It can contain a maximum of 30 characters as long as the first eight characters are unique and begin with an alphabetic character. The characters can include alphanumeric, underscore (_), dollar ($), and pound (#), no other special characters are permitted in a database name.

      db_domain is the computer environment used for the database. It should contain no more than 128 characters (alphanumeric, underscore (_), and pound (#)), inclusive of all periods.

      Note: Ensure that the combination of database name (first eight unique characters of database unique name), delimiter, and the database domain name does not exceed 128 characters.

      For example:

      sales.us.example.com
      

      where:

      db_unique_name is sales

      db_domain is us.example.com

      When you enter the Global Database Name, Oracle Universal Installer automatically populates the SID prefix with the database name. You can change this name in Advanced installation. Oracle Universal Installer limits the SID to 12 alphanumeric characters and the SID cannot contain an underscore (_), dollar ( $), or pound (#).

      See Setting the ORACLE_HOSTNAME Environment Variable.

    • Oracle Service Identifier (SID)

      Oracle Service Identifier (SID) is a unique name for an Oracle database instance on a specific host. The SID helps in identifying the control file, and locating the files required to open the database. When you enter the Global Database Name, Oracle Universal Installer automatically populates the Oracle Service Identifier field with the database name.

      Oracle Universal Installer limits the SID to 12 alphanumeric characters for single instance databases. For Oracle RAC databases, the SID prefix, which is the first 8 characters of the SID, must be a unique name for each database. The SID prefix cannot contain underscore (_), dollar ( $), or pound (#).

    Specify Memory Options Specify the following memory details, and click Next:

    Memory

    Enable Automatic Memory Management option is selected by default. This option enables the database to automatically distribute memory between SGA and PGA. If you deselect this option, then the SGA and PGA must be sized manually.

    Specify Management Options Select one of the following options, and click Next:
    • Use an existing Oracle Enterprise Manager Grid Control for database management: This option is useful if you have Oracle Enterprise Manager installed.

    • Use Oracle enterprise Manager Database Control for database management: This option enables you to manage Oracle Audit Vault Server locally.

    See Also: Section 1.8 for more information about database management options.

    Specify Database Storage Options Select one of the following options, and click Next.
    • File System: Specify the database file location.

    • Oracle Automatic Storage Management: Specify a password for the ASMSNMP user.

    Note: Installing Oracle data files on an Oracle ACFS file system is not supported. Oracle recommends that these data files are installed in Oracle ASM disk groups.

    See Also: Section 1.7 for more information about database storage options.

    See Also: Section 4.1.1 for more information about using Oracle Automatic Storage Management disk groups

    Specify Recovery Options Select one of the following options, and click Next.
    • Do not enable automated backups

    • Enable automated backups: If you select this option, then the backup job will use a specified recovery area storage.

      Select File System to use a file system directory for the fast recovery area, and then specify the fast recovery area path in the Recovery Area location field.

      Select Oracle Automatic Storage Management to use an Automatic Storage Management disk group for the fast recovery area.

      Specify your operating system user credentials to perform the backup job.

      See Also: Section 1.9 for more information about database backup and recovery options.

      See Also: Section 3.6 for more information about Oracle Automatic Storage Management

    Select ASM Disk Group This screen is displayed only if you select Oracle Automatic Storage Management as your storage option.

    Disk groups are created during the Oracle Grid Infrastructure installation. Disk groups are configured with the SYSASM privilege using asmcmd or SQL create diskgroup commands. An ASM disk group consists of multiple disk partitions.

    The table in this screen displays existing disk groups created during the Oracle Grid Infrastructure installation. Select the disk group that you want to use for database file storage.

    Specify Schema Passwords Enter and confirm passwords for the privileged database accounts, and click Next.

    Note: Optionally, you can use the same password for all accounts. However, Oracle recommends that you specify a different password for each account. You must remember the passwords that you specify.

    Refer to Section 4.9.3 for information about password guidelines.

    Privileged Operating System Groups The operating system groups are selected by default. You can also manually select the OSDBA and OSOPER groups.

    Click Next.

    See Also: Section 2.7 for information about operating system groups and users

    Perform Prerequisite Checks This option checks if the minimum system requirements to perform the Oracle Audit Vault Server installation are met.

    If you click Check Again, then you can run the prerequisite check again to see if the minimum requirements are met to carry on with the Oracle Audit Vault Server installation.

    Click Fix & Check Again, if you want the installer to fix the problem and check the system requirements once more.

    Note: The Fix & Check Again option generates a script that you need to run as the root user. This generated script sets some of the system parameters to Oracle-recommended values. Oracle recommends that you do not modify the contents of this script. Refer to Section 2.4 for more information about fixup scripts.

    To get a list of failed requirements, select ShowFailed from the list. To get a list of all the prerequirement checks run by the OUI, select Show All. To get a list of the prerequirement checks that are successful, select Show Succeeded.

    Note: Oracle recommends that you use caution in checking the Ignore All option. If you check this option, then Oracle Universal Installer may not confirm that your system is able to install Oracle Audit Vault Server successfully.

    See Also: Chapter 2 for information about the system requirements

    Summary Review the information displayed on this screen, and click Install.

    Note: Starting with Oracle Audit Vault Server Release 10.3, you can save all the installation steps into a response file by clicking Save Response File. Later, this file can be used for a silent installation. See Section 4.7 and Appendix A for more information.

    Install product This screen states the progress of an Oracle Audit Vault Server installation. After Oracle Audit Vault Server is installed, you are prompted to execute a root configuration script for new inventory as the root user.

    This screen displays the status information for the configuration assistants that configure the Oracle Audit Vault Server. Finally, a message is displayed at the end of Audit Vault Configuration Assistant process. Click Next.

    Follow the steps as indicated on the Execute Configuration scripts screen to run the root.sh, and, if required, the orainstRoot.sh configuration scripts as the root user.

    After running the scripts, click OK on the Execute Configuration scripts screen to continue.

    Finish This screen is shown automatically when all the configuration tools are successful.

    Review the Oracle Enterprise Manager Database Control URL and the Oracle Audit Vault Console URL information displayed in this screen and click Close.

    On the Exit page, click Exit. Then, on the Confirmation message box, click Yes to exit Oracle Universal Installer.


    Caution:

    After installation is complete, do not manually remove, or run cron jobs that remove /tmp/.oracle or /var/tmp/.oracle directories or their files while Oracle software is running. If you remove these files, then Oracle software can encounter intermittent hangs. Oracle Restart installations will fail with the following error:
    CRS-0184: Cannot communicate with the CRS daemon.
    
  3. On AIX systems, the default path for discovering eligible disks is /dev/raw/*. If your disks are located elsewhere, you must change the disk discovery path for the disks to be discovered by Oracle Universal Installer. To change the path, click Change Disk Discovery Path.

After you have completed the installation of Oracle Audit Vault Server, proceed to Section 4.9 to perform the postinstallation tasks.

See Section 4.9.6 for information about logging into Oracle Audit Vault Console and Oracle Enterprise Manager Database Control.

4.6 Advanced Installation - Software Only Installation

This section describes the advanced installation for a software only installation. See Section 1.5 for information about why you would want to perform a software only installation to apply software patches during an initial Audit Vault Server installation.

Perform the following procedures to install Oracle Audit Vault Server software only.

  1. Prepare the Audit Vault Server response file. You must create this response file because it is not supplied as part of the shiphome or Oracle home. Copy these lines from the following listing to a file, fill in the password information on each line for each configuration assistant, and then save the file to a name and directory of your choosing, such as av_config.rsp.

    # Passwords for DBCA
    oracle.assistants.server|S_HOSTUSERPASSWORD= <OS password needs to be given, if automatic backup is choosen>
    oracle.assistants.server|S_SYSPASSWORD=<sys password>
    oracle.assistants.server|S_SYSTEMPASSWORD=<system password>
    oracle.assistants.server|S_SYSMANPASSWORD=<sysman password>
    oracle.assistants.server|S_DBSNMPPASSWORD=<DBSNMP password>
    oracle.assistants.server|S_ASMSNMPPASSWORD= <ASMSNMP password, if ASM storage is choosen>
     
    # Passwords for DVCA
    oracle.av.server|s_ownerPasswd=<DV owner password>
    oracle.av.server|s_mgrPasswd=<DV manager password, if DV manager account is choosen>
     
    # Passwords for AVCA
    oracle.av.server|s_adminPasswd=<AV admin password>
    oracle.av.server|s_auditPasswd=<AV audit password, if AV auditor user is choosen>
    
  2. Run the Installer to install the Oracle Audit Vault Server software binaries using the following command and option:

    cd directory-containing-the-Oracle-Audit-Vault-installation-files
    ./runInstaller -noconfig
    

    The -noconfig parameter indicates to install the software binaries only and do not run the configuration assistants.

    Proceed with this installation and configuration Audit Vault option. This will install the Audit Vault Server software only and prepare the configToolAllCommands file under $ORACLE_HOME/cfgtoollogs by saving interview values for later configuration. When this installation process is complete, exit the installer.

  3. Download from My Oracle Support the Audit Vault Server 10.3.0.0 patches that must be applied before the configuration and unzip them into the $ORACLE_HOME/av/patch directory. The /patch directory should contain only the unarchived one-off patches and not the zip files.

    https://support.oracle.com/
    
    1. After signing in to My Oracle Support, click the Patches & Updates tab.

    2. Click Product or Family (Advanced) in the Patch Search panel.

    3. As you enter "Audit Vault" in the field that states "Type in comma separated values or choose from the list", choose "Oracle Audit Vault" from the list.

    4. In the Select up to 10 field, select the drop down arrow and select "Audit Vault 10.3.0.0. (Oracle Audit Vault)"

    5. Click Search.

    6. From the list of patches that display, select the patches and platform by clicking only the appropriate checkboxes to the right of the patch number, then select Download from the menu that displays. On the popup screen, click the name of the patch zip file, click Save, and specify a directory into which to save each patch zip file. If there are no patches available to download, the patch list that displays will be empty.

    7. Unzip each patch into its Audit Vault home location, OracleHome/av/patch directory.

  4. Configure the Oracle Audit Vault binaries. Execute the following command as the installation user. This command installs the patches, runs the configuration assistants, and completes the Audit Vault Server installation. Use as the response file location, the location of the response file you prepared in Step 1.

    cd directory-containing-the-configToolAllCommands utility
    configToolAllCommands RESPONSE_FILE=response file location
    

    For example:

    cd $ORACLE_HOME/configtoollogs
    configToolAllCommands RESPONSE_FILE=$ORACLE_HOME/av/av_config.rsp
    
  5. Validate that the Oracle Audit Vault Server installation is successful and that the server is running. Issue the following command after having set the environment variables for the Oracle Audit Vault Server home, PATH, LD_LIBRARY_PATH, and SID. If successful, this command will indicate the server is running.

    avctl show_av_status
    
    Oracle Audit Vault 10g Database Control Release 10.3.0.0  Copyright (c) 1996,
     2011 Oracle Corporation.  All rights reserved.
    https://hrdb.us.example.com:1158/av
    Oracle Audit Vault 10g is running. 
    ------------------------------------
    Logs are generated in directory /oracle/product/10.3.0/av_1/av/log
    

After you have completed the installation of Oracle Audit Vault Server, proceed to Section 4.9 to perform the postinstallation tasks.

4.7 Performing a Silent Installation Using a Response File

Follow these brief steps to perform a silent installation using a response file:

Note:

The Audit Vault silent installation does not support the Basic installation. Silent installation supports only the Advanced installation.
  1. Make sure all prerequisites are met for the installation of Audit Vault Server.

  2. Prepare the Audit Vault Server response file. A template response file can be found at AV_installer_location/response/av.rsp on the Audit Vault Server installation media.

    Prepare the response file by entering values for all parameters that are missing in the response file, then save the file. For parameters that should not be changed, a comment is included in the file to indicate that you should not change the parameter value. Note that for both single instance and Oracle RAC installations, RAW storage is not used. Also note that the CLUSTER_NODES parameter must be specified for installing Audit Vault Server in an Oracle RAC environment. Do not edit any values in the second part of either response file.

  3. Set the DISPLAY environment variable to an appropriate value before proceeding with the silent installation. See Section 2.2.4 for more information.

  4. Invoke Oracle Universal Installer using the following options:

    ./runInstaller -silent -responseFile path_of_response_file
    

    Note:

    Before you invoke Oracle Universal Installer, run the rootpre.sh script to setup the AIX system the first time. If you have already run this script, then you can bypass the silent installation confirmation prompt by setting the following environment variable before starting the runInstaller utility:

    $ export SKIP_ROOTPRE=TRUE

For more information about these options, see Section 1.3.2. For general information about how to complete a database installation using response files, see Appendix A and Oracle Real Application Clusters Installation Guide for Linux and UNIX.

4.8 Oracle Audit Vault Server Installation Details

This section provides an overview of requested information specific to the Audit Vault Server installation.

An Audit Vault Server installation consists of the following options:

This section includes the following topics:

4.8.1 Basic Install Configuration and Advanced Install: Specify Audit Vault Details Screens

This section describes the required fields in the Basic Install Configuration screen and the Advanced Install Specify Audit Vault Details screen. Topics include:

4.8.1.1 Oracle Base

If you have created a path for Oracle base in accordance with the Optimal Flexible Architecture rules for well-structured Oracle software environments, then OUI provides this path as the default Oracle base path. For OUI to recognize the path as an Oracle software path, it must be in the form u0[1-9]/app, and it must be writable by any member of the oraInventory (typically oinstall) group. The oraInventory group members have permissions to modify the oraInventory file, which is the central inventory for all Oracle software installations. Oracle recommends that you create an Oracle base path manually. The Optimal Flexible Architecture path for the Oracle base is /u01/app/user, where user is the name of the user account that you want to own the Oracle Audit Vault Server software.

4.8.1.2 Software Location

The Soft Ware Location is the path that you must specify or browse to find the Oracle Audit Vault home where you want to install Oracle Audit Vault Server. The path can contain only alphanumeric characters (letters and numbers).

In addition, the special characters shown in Table 4-1 are allowed.

Table 4-1 Special Characters Allowed in the Oracle Audit Vault Home Location Name

Symbol Character Name

\

Backslash

/

Slash

-

hyphen

_

Underscore

.

Period

:

Colon


4.8.1.3 Audit Vault SID

The Audit Vault SID must be a unique name for the Oracle Audit Vault database. It will be used for the database SID, and will be the first portion (db_name) of the database service name.

The Audit Vault SID cannot exceed 8 characters and must begin with an alphabetic character.

The Audit Vault SID cannot contain any of the characters shown in Table 4-2.

Table 4-2 Invalid Oracle Audit Vault SID and Oracle Audit Vault Account Characters

Symbol Character Name

!

Exclamation point

@

At sign

%

Percent sign

^

Circumflex

&

Ampersand

*

Asterisk

(

Left parenthesis

)

Right parenthesis

-

Minus sign

+

Plus sign

=

Equal sign

"

Double quotation mark

|

Vertical bar

`

grave

~

tilde

[

Left bracket

{

Left brace

]

Right bracket

}

Right brace

;

Semicolon

:

Colon

'

Single quotation mark

<

Less than sign

>

Greater than sign

/

Slash

\

Backslash

?

Question mark

,

Comma

.

Period

#

Number sign

_

Underscore

$

Dollar sign

 

Space character


4.8.1.4 Oracle Audit Vault Server Accounts

The Oracle Audit Vault Server installation software prompts you for user names and passwords for the Oracle Audit Vault Administrator user and the separate, optional Oracle Audit Vault Auditor user. In addition, the installation creates an Oracle Database Vault Owner user and a separate, Oracle Database Vault Account Manager for you (basic installation) or the installation prompts you for these user names and passwords (advanced installation). Finally, the installation creates sys, system, sysman, and dbsnmp standard database users for you (basic installation) or the installation prompts for passwords for these users (advanced installation).

You must supply a user name and password for the Oracle Audit Vault administrator user and optionally for the Oracle Audit Vault auditor user during installation. The Create a Separate Audit Vault Auditor check box is selected by default, which means that a separate Oracle Audit Vault Auditor account will be created (and the corresponding user name and password are required). The Oracle Audit Vault Administrator user will be granted the AV_ADMIN role and the Oracle Audit Vault Auditor user will be granted the AV_AUDITOR role. Deselecting this check box means that the Oracle Audit Vault Administrator user will be granted both roles, because the separate Oracle Audit Vault Auditor user will not be created.

Oracle Audit Vault Administrator and Oracle Audit Vault Auditor Accounts

The Oracle Audit Vault Administrator account is granted the AV_ADMIN role. The user granted the AV_ADMIN role can manage the postinstallation configuration. This role accesses Oracle Audit Vault services to administer, configure, and manage a running Oracle Audit Vault system. This role registers audit sources. This role has the ability to configure parameters that assist in populating the Oracle Audit Vault data warehouse. For the basic installation, the Oracle Audit Vault Administrator user name is used to generate the following Oracle Database Vault users to facilitate the separation of duties:

  • AV_ADMINdvo – The Database Vault Owner (granted DV_OWNER role) to manage Database Vault roles and configuration

  • AV_ADMINdva – The Database Vault Account Manager (granted DV_ACCTMGR role) to manage database user accounts

For the advanced installation, the Specify Audit Vault Details screen includes prompts for the Database Vault Owner account name and password and a separate, optional Database Vault Account Manager account name and password.

The Oracle Audit Vault Auditor account is granted the AV_AUDITOR role. The user granted the AV_AUDITOR role accesses Oracle Audit Vault Reporting and Analysis services to monitor components, detect security risks, create and evaluate alert scenarios, create detail and summary reports of events across systems, and manage the reports. This role manages central audit settings. This role can use the data warehouse services to further analyze the audit data to assist in looking for trends, intrusions, anomalies, and other areas of interest.

The Oracle Audit Vault Administrator, Oracle Audit Vault Auditor, Database Vault Owner, and Database Vault Account Manager user names must not be the same. For the basic installation, the Oracle Audit Vault Administrator user name must be between 2 and 27 characters because the characters "dvo" and "dva" are appended to the Administrator name making the normal upper limit of 30 characters for the user names that are allowed to be 27 characters. For the advanced installation, the Oracle Audit Vault Administrator user name must be between 2 and 30 characters.

The length of the Oracle Audit Vault Auditor user name must be between 2 and 30 characters. Each user name must not be one of the following reserved names.

Names Names Names Names Names
ACCESS ADD ALL ALTER AND
ANONYMOUS ANY AQ_ADMINISTRATOR_ROLE AQ_USER_ROLE ARRAYLEN
AS ASC AUDIT AUTHENTICATEDUSER AV_ADMIN
AV_AGENT AV_ARCHIVER AV_AUDITOR AV_SOURCE AVSYS
BETWEEN BY CHAR CHECK CLUSTER
COLUMN COMMENT COMPRESS CONNECT CREATE
CTXAPP CTXSYS CURRENT DATE DBA
DBSNMP DECIMAL DEFAULT DELETE DELETE_CATALOG_ROLE
DESC DIP DISTINCT DM_CATALOG_ROLE DMSYS
DMUSER_ROLE DROP DV_ACCTMGR DV_ADMIN DVF
DV_OWNER DV_PUBLIC DV_REALM_OWNER DV_REALM_RESOURCE DV_SECANALYST
DVSYS EJBCLIENT ELSE EXCLUSIVE EXECUTE_CATALOG_ROLE
EXFSYS EXISTS EXP_FULL_DATABASE FILE FLOAT
FOR FROM GATHER_SYSTEM_STATISTICS GLOBAL_AQ_USER_ROLE GRANT
GROUP HAVING HS_ADMIN_ROLE IDENTIFIED IMMEDIATE
IMP_FULL_DATABASE IN INCREMENT INDEX INITIAL
INSERT INTEGER INTERSECT INTO IS
JAVA_ADMIN JAVADEBUGPRIV JAVA_DEPLOY JAVAIDPRIV JAVASYSPRIV
JAVAUSERPRIV LBAC_DBA LBACSYS LEVEL LIKE
LOCK LOGSTDBY_ADMINISTRATOR LONG MAXEXTENTS MDDATA
MDSYS MGMT_USER MGMT_VIEW MINUS MODE
MODIFY NOAUDIT NOCOMPRESS NOT NOTFOUND
NOWAIT NULL NUMBER OEM_ADVISOR OEM_MONITOR
OF OFFLINE OLAP_DBA OLAPSYS OLAP_USER
ON ONLINE ONT OPTION OR
ORDER ORDPLUGINS ORDSYS OUTLN OWF_MGR
PCTFREE PRIOR PRIVILEGES PUBLIC RAW
RECOVERY_CATALOG_OWNER RENAME RESOURCE REVOKE ROW
ROWID ROWLABEL ROWNUM ROWS SCHEDULER_ADMIN
SCOTT SELECT SELECT_CATALOG_ROLE SESSION SET
SHARE SI_INFORMTN_SCHEMA SIZE SMALLINT SQLBUF
START SUCCESSFUL SYNONYM SYS SYSDATE
SYSMAN SYSTEM TABLE THEN TO
TRIGGER TSMSYS UID UNION UNIQUE
UPDATE USER VALIDATE VALUES VARCHAR
VARCHAR2 VIEW WHENEVER WHERE WITH
WKPROXY WKSYS WK_TEST WKUSER WM_ADMIN_ROLE
WMSYS XDB XDBADMIN    

Each account name cannot contain any of the characters shown in Table 4-1.

Oracle Audit Vault Administrator and Oracle Audit Vault Auditor Passwords

For the basic installation, the Oracle Audit Vault Administrator password you enter for the Oracle Audit Vault Administrator account is also used for the standard database accounts (sys, system, sysman, dbsnmp). For the basic installation Basic Install Configuration screen, the Oracle Audit Vault Administrator user password is also used for the Oracle Database Vault Owner and Oracle Database Vault Account Manager user passwords.

For the advanced installation, the installer can choose individual passwords for each of these database accounts (sys, system, sysman, dbsnmp) or select to use the same password as the Oracle Audit Vault Administrator for all of these accounts. In addition, the Specify Audit Vault Details screen includes prompts for the Database Vault Owner user password and for a separate, optional Database Vault Account Manager user password if that user is created.

The Oracle Audit Vault Administrator and Oracle Audit Vault Auditor password cannot be the name of the Oracle Audit Vault Administrator, Oracle Audit Vault Auditor, Database Vault Owner, or Database Vault Account Manager. The Oracle Audit Vault Administrator user password is required, while the Oracle Audit Vault Auditor user password is only required when creating the separate, optional Oracle Audit Vault Auditor user.

There cannot be repeating characters in each password. The length of each password must be between 8 and 30 characters. Each password must consist of at least one upper alphabetic character, one alphabetic character, one numeric character, and one of the special characters shown in Table 4-3.

Table 4-3 Valid Oracle Audit Vault Administrator and Auditor Password Characters

Symbol Character Name

%

Percent sign

^

Circumflex

-

Hyphen

[

Left bracket

+

Plus sign

~

Tilde

,

Comma

#

Number sign

]

Right bracket

.

Period

_

Underscore


Each password must be identical to its corresponding password confirmation.

4.8.1.5 Oracle Database Vault User Accounts

The Audit Vault Server installation software prompts you for two accounts that you create during installation. These are the Database Vault Owner account and the separate, optional Database Vault Account Manager account. You must supply an account name and password for the Database Vault Owner account, and optionally for the Database Vault Account Manager account during installation.

The Create a Separate Database Vault Account Manager check box is selected by default, which means that a separate Database Vault Account Manager account will be created (and the corresponding user name and password are required). The Database Vault Owner user will be granted the DV_OWNER role and the Database Vault Account Manager user will be granted the DV_ACCTMGR role. Deselecting this check box means that the Database Vault Owner user will be granted both roles, because the separate Database Vault Account Manager user will not be created.

Database Vault Owner and Database Vault Account Manager Accounts

The Database Vault Owner, Database Vault Account Manager, Oracle Audit Vault Administrator, and Oracle Audit Vault Auditor account names must be different from each other (applicable when a separate Oracle Audit Vault Auditor or Database Vault Account Manager account is created). The Database Vault Owner name is required.

The length of each account name must be between 2 and 30 characters.

Each account name must not be one of the reserved names shown in the table in Section 4.8.1.4.

Each account name cannot contain any of the characters shown in Table 4-1.

Database Vault Owner and Database Vault Account Manager Passwords

The Database Vault Owner or Database Vault Account Manager password must not be the name of the Oracle Audit Vault Administrator, Oracle Audit Vault Auditor, Database Vault Owner, or Database Vault Account Manager. The Database Vault Owner user password is required, while the Database Vault Account Manager user password is only required when creating the separate, optional Database Vault Account Manager user.

There must be no repeating characters in each password. There must be no space characters in the password.

The length of each password must be between 8 and 30 characters.

Each password must consist of at least one upper alphabetic character, one alphabetic character, one numeric character, and one of the special characters shown in Table 4-1. All other characters are not allowed.

Each password must be identical to its corresponding password confirmation.

4.8.2 Advanced Install: Node Selection Screen

The Node Selection screen will appear if you are installing Oracle Audit Vault in an Oracle RAC environment and a clustered system (Oracle Clusterware) is installed and the system is already part of a cluster. On this screen, users can select the nodes on which they want to install Oracle Audit Vault, or they can select a local installation to install Oracle Audit Vault single instance.

See Oracle Real Application Clusters Installation Guide for Linux and UNIX for more information.

4.9 Required Postinstallation Server Tasks

Note:

The use of the Database Configuration Assistant (DBCA) to configure additional components after an Audit Vault Server installation is not supported. Oracle Audit Vault installs with all of the components that it requires already configured, so no additional components need to be configured using DBCA.

Creation of additional databases in the Oracle Audit Vault home is not supported.

Cloning of Oracle Audit Vault homes is not supported.

This section includes the following topics:

4.9.1 Download Patches

You can find mandatory Oracle Audit Vault patchsets on the My Oracle Support (formerly OracleMetaLink) Web site.

To find and download patchsets for Oracle Audit Vault:

  1. Log in to My Oracle Support from the following URL:

    https://support.oracle.com

  2. Click the Patches & Updates tab.

  3. Under Patch Search, click Product or Family (Advanced Search).

  4. Enter Oracle Audit Vault in the search field.

  5. In the first Select up to ten list, expand the Oracle Audit Vault list and select Audit Vault 10.3.0.0. Click Close.

  6. In the second Select up to five list, select your specific platform from the list, then click Close.

  7. Click Search. In a moment, the patches associated with your selection appear.

  8. Select the patch you want from the list by clicking its Patch ID link.

  9. Click View Read Me to read about the patch details, and then click Download to download the patch to your computer.

  10. Repeat Step 8 through Step 9 for each patch listed in the Patch Search Results section.

  11. Use the unzip utility provided with Oracle Audit Vault Server 10.3 to uncompress the Oracle patch updates that you downloaded from My Oracle Support. The unzip utility is located in the $ORACLE_HOME/bin directory.

Note:

Do not apply any Oracle Database one-off patches to the Oracle Audit Vault database unless directed to do so by Oracle Support Services.

4.9.2 Download Critical Patch Updates

A critical patch update (CPU) is a collection of patches for security vulnerabilities. It includes non-security fixes required (because of interdependencies) by those security patches. Critical patch updates are cumulative, and they are provided quarterly on the Oracle Technology Network. You should periodically check My Oracle Support for critical patch updates.

To find and download critical patch updates for Oracle Audit Vault:

  1. Follow Step 1 through Step 9 in Section 4.9.1 to find the critical patch updates for Oracle Audit Vault.

  2. In the list of articles that appears, search for the phrase Oracle Critical Patch Update.

  3. Select the most recent critical patch update article, and then read its instructions.

    Download the most recent critical patch update for Oracle Audit Vault. In most critical patch update articles, there is section entitled "Patch Download Procedure," which explains how to download the critical patch update.

For the latest information on whether a specific critical patch update is certified with Oracle Audit Vault, review the certification matrix on the My Oracle Support Web site, at:

https://support.oracle.com

4.9.3 Reset User Passwords

Audit Vault Server uses the password you enter for the Oracle Audit Vault administrator as the password for core database accounts such as SYS, SYSTEM, SYSMAN, and DBSNMP in a basic installation. For an advanced installation, the user is given the option of changing the password for each of these accounts.

For a basic installation, Oracle Audit Vault Server also uses the same Oracle Audit Vault Administrator password for the AV_ADMINdvo account, the Database Vault Owner (granted DV_OWNER role), to manage Database Vault roles and configuration and the AV_ADMINdva account, and the Database Vault Account Manager (granted DV_ACCTMGR role), to manage database user accounts. You must change these passwords according to your company policies.

For an advanced installation, Audit Vault Server uses the Database Vault Owner user password and the separate, optional Database Vault Account Manager user password for these users. You must change these passwords according to your company policies.

See Also:

Oracle Audit Vault Administrator's Guide for specific information about changing Oracle Audit Vault user passwords on a regular basis and how to change each user password

4.9.3.1 Using SQL*Plus to Reset Passwords

To reset user account passwords using SQL*Plus:

  1. Start SQL*Plus and log in as AV_ADMINdva account.

  2. Enter a command similar to the following, where password is the new password:

    SQL> ALTER USER account IDENTIFIED BY password;
    

    In this example:

    The IDENTIFIED BY password clause resets the password.

    See Also:

    Oracle Database Security Guide for more information about:

    • Changing passwords after installation

    • Oracle security procedures

    • Best security practices

4.9.3.2 Guidelines for Changing Passwords

Passwords for all Oracle system administration accounts except SYS, SYSTEM, SYSMAN, and DBSNMP are revoked after an Oracle Audit Vault Server installation. After the Audit Vault database is created during the installation, Oracle Database Configuration Assistant displays a screen with your Audit Vault database information and the Password Management button. For an Audit Vault installation, you should not need to unlock any locked accounts. Use the Password Management button to change the password only for the user names you use.

Apply the following guidelines when specifying passwords:

  • Passwords must be between 8 and 30 characters long.

  • Passwords must not start with a numeral.

  • Passwords must not be the same as the user name.

  • Passwords must not be Oracle reserved words.

  • The SYS account password must not be change_on_install.

  • The SYSTEM account password must not be manager.

  • The SYSMAN account password must not be sysman.

  • The DBSNMP account password must not be dbsnmp.

  • If you choose to use the same password for all the accounts, then that password must not be change_on_install, manager, sysman, or dbsnmp.

  • Passwords should have at least one alphabetic, one numeric, and one special character.

  • Passwords should not be simple or obvious words, such as welcome, account, database, and user.

  • Passwords should not have any consecutive repeating characters.

4.9.4 Run DVCA to Set Instance Parameters and Lock Out SYSDBA Sessions (Oracle RAC Only)

After installing Oracle Audit Vault for an Oracle Real Application Clusters (Oracle RAC) instance, you must run Database Vault Configuration Assistant (DVCA) with the -action optionrac switch on all other Oracle RAC nodes. This sets instance parameters and disables SYSDBA operating system authentication.

You must run this command on all Oracle RAC nodes other than the node on which the Oracle Audit Vault installation is performed. This step is required to enable the enhanced security features provided by Oracle Database Vault.

Note:

The listener and database instance should be running on the nodes on which you run DVCA.

Use the following syntax to run DVCA:

# dvca -action optionrac -racnode host_name -oh oracle_home 
-jdbc_str jdbc_connection_string -sys_passwd sys_password 
[-logfile ./dvca.log] [-silent] [-nodecrypt] [-lockout]

In this example:

  • action is the action to perform. The optionrac utility performs the action of updating the instance parameters for the Oracle RAC instance and optionally disabling SYSDBA operating system access for the instance.

  • racnode is the host name of the Oracle RAC node on which the action is being performed. Do not include the domain name with the host name.

  • oh is the Oracle home for the Oracle RAC instance. Provide the ORACLE_HOME path.

  • jdbc_str is the JDBC connection string used to connect to the database. For example, in the following JDBC connection string, "jdbc:oracle:oci:@orcl1", orcl1 is the net service name in the tnsnames.ora file ($ORACLE_HOME/network/admin/tnsnames.ora).

  • sys_password is the password for the SYS user. If you enter a cleartext password on the command line, then you must include the nodecrypt option. If you omit the password, then DVCA prompts you for it. For better security, Oracle strongly recommends that you omit the password and then enter it interactively when you are prompted.

  • logfile is optionally used to specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the $ORACLE_HOME/bin directory.

  • silent is required if you are not running DVCA in an Xterm window.

  • nodecrypt reads plain text passwords as passed on the command line.

  • lockout is used to disable SYSDBA operating system authentication.

Note:

You can reenable SYSDBA access by re-creating the password file with the nosysdba flag set to n (No). The orapwd utility enables you to do this.

After running DVCA, stop and restart the instance and database listener on all cluster nodes. This step is also applicable to the node on which Oracle Audit Vault was installed. Use the following commands:

srvctl stop instance -d sid -i instance_name -q
Connect String: sys as sysdba
Enter password: sysdbapassword
srvctl stop nodeapps -n node_name
srvctl start nodeapps -n node_name
srvctl start instance -d sid -i instance_name -q
Connect String: sys as sysdba
Enter password: sysdbapassword

4.9.5 Download JDBC Driver Files for Source Database Connectivity

Oracle Audit Vault enables you to collect audit records from audit trails in Microsoft SQL Server, Sybase Adaptive Server Enterprise (ASE), and IBM DB2 Universal Database (UDB) databases.

To allow connectivity between Audit Vault Server and Microsoft SQL Server databases, Audit Vault Server and Sybase ASE databases, and Audit Vault Server and IBM DB2 UDB databases, you must download and copy the respective JDBC Driver jar files to the designated location.

Section 4.9.5.1, Section 4.9.5.2, and Section 4.9.5.3 describe this download and copy process for each JDBC Driver.

4.9.5.1 Download SQL Server JDBC Driver Version 3.0 for SQL Server Connectivity

Oracle Audit Vault requires a JDBC connection to the SQL Server database. Audit Vault supports the use of Microsoft SQL Server JDBC Driver version 3.0 for this purpose. This driver provides high performance native access to Microsoft SQL Server 2000, 2005, and 2008 database data sources.

SQL Server JDBC Driver version 3.0 is not compatible with the Oracle Audit Vault 10.2.3.2.x Server and collection agents, which require version 1.2 of this driver. Version 1.2 is no longer available for download from Microsoft SQL Server.

To download SQL Server JDBC Driver version 3.0:

  1. Go to the following Web site: http://msdn.microsoft.com/en-us/sqlserver/aa937724

  2. Click the Download Microsoft SQL Server JDBC Driver 3.0 link.

  3. Select 1033\sqljdbc_3.0.1301.101_enu.tar.gz and then click Download.

  4. In a temporary directory, extract the files from this tar file.

  5. Find the sqljdbc.jar file and place it in the $ORACLE_HOME/jlib directories in both the Audit Vault Server and Audit Vault collection agent homes. You can use this file for both Windows and UNIX systems.

  6. Verify that the sqljdbc.jar file is present in the Oracle Audit Vault collection agent before you start the collection agent.

4.9.5.2 Download jConnect JDBC Driver for Sybase ASE Connectivity

Download jConnect for JDBC, which provides high performance native access to Sybase ASE data sources, from the following link:

http://www.sybase.com/products/allproductsa-z/softwaredeveloperkit/jconnect

jConnect for JDBC (jconn3.jar) is a high performance JDBC Driver from Sybase that communicates directly to Sybase data sources.

Copy the jconn3.jar file to the Oracle Audit Vault Server and Oracle Audit Vault Agent home locations:

$ORACLE_HOME/jlib

4.9.5.3 Copy the IBM DB2 Data Server Driver for JDBC and SQLJ to the Audit Vault Homes

Copy the IBM Data Server Driver for JDBC and SQLJ (db2jcc.jar) to the $ORACLE_HOME/jlib directories in both the Audit Vault Server and Audit Vault Agent homes. Oracle Audit Vault requires version 3.50 or later of the driver. This version of the db2jcc.jar file is available in either IBM DB2 UDB version 9.5 or IBM DB2 Connect version 9.5 or later.

This driver provides high performance native access to IBM DB2 database data sources. The DB2 collector uses this driver to collect audit data from IBM DB2 databases, so the driver must be present in Oracle Audit Vault OC4J before you can start the agent OC4J.

4.9.6 Log In to Oracle Audit Vault Console

Use the following instructions to log in to the Oracle Audit Vault Console:

  1. On the node from which you installed the database, open a Web browser to access the Oracle Audit Vault Console URL, and use the following URL syntax:

    https://host:port/av
    

    In the preceding example:

    • host is the name of the computer on which you installed Oracle Audit Vault Database.

    • port is the port number reserved for the Oracle Audit Vault Console during installation.

    If you do not know the correct port number to use, then perform the following steps in the Audit Vault Server home shell:

    1. Set the following environment variables: ORACLE_HOME, ORACLE_SID, and PATH. See Oracle Audit Vault Administrator's Guide for more information.

    2. Issue the avctl show_av_status command. The output displays the Oracle Audit Vault Console URL.

    3. On any system, enter this URL in a Web browser and Oracle Enterprise Manager will display the Oracle Audit Vault Console login page.

  2. Log in to the Oracle Audit Vault Console using the user name AV_ADMIN and the AV_ADMIN password that you created during the installation.

4.9.7 Next Steps to Perform as an Oracle Audit Vault Administrator

After Audit Vault Server installation is complete, see Oracle Audit Vault Collection Agent Installation Guide for information about installing Oracle Audit Vault collection agents and the collectors.

After an Oracle Audit Vault collection agent installation is complete, see Oracle Audit Vault Administrator's Guide for some Oracle Audit Vault Administration tasks to perform. These tasks include:

  1. For Linux and UNIX platforms only: Check and set environment variables in the shells in which you will be interacting with the Audit Vault Server and the Oracle Audit Vault collection agent (see the information about checking and setting Linux and UNIX environment variables).

  2. For collecting audit records from Oracle Database audit sources, see the information about registering Oracle Database sources and collectors.

  3. For collecting audit records from SQL Server Database audit sources, see the information about registering Microsoft SQL Server sources and collector.

  4. For collecting audit records from Sybase ASE Database audit sources, see the information about registering Sybase ASE database sources and collector.

  5. For collecting audit records from IBM DB2 database audit sources, see the information about registering IBM DB2 sources and collector.

  6. To start collecting audit records from a database audit source, see the information about starting collection agents and collectors.

  7. To perform other Oracle Audit Vault configuration tasks, see the information about performing additional Oracle Audit Vault configuration tasks.

  8. To manage and monitor an Oracle Audit Vault system, see the information about managing Oracle Audit Vault.

  9. Before going into production be sure to secure management communications, see the information about Oracle advanced security and secure management communication.

4.10 Recommended Postinstallation Tasks

Oracle recommends that you perform the tasks described in the following section after completing an installation:

4.10.1 Creating a Backup of the root.sh Script

Oracle recommends that you back up the root.sh script after you complete an installation. If you install other products in the same Oracle home directory, then Oracle Universal Installer updates the contents of the existing root.sh script during the installation. If you require information contained in the original root.sh script, then you can recover it from the backed up root.sh file.

4.10.2 Setting the NLS_LANG Environment Variable

NLS_LANG is an environment variable that specifies the locale behavior for Oracle software. This variable sets the language and territory used by the client application and the database server. It also declares the character set of the client, which is the character set of data entered or displayed by an Oracle client program, such as SQL*Plus.

See Also:

Appendix F, "Configuring Oracle Database Globalization Support" in Oracle Database Installation Guide for IBM AIX on POWER Systems (64-Bit) for more information about the NLS_LANG environment variable

4.10.3 Create a Fast Recovery Area Disk Group

During installation, by default you can create one disk group. If you plan to add an Oracle Audit Vault Server for a standalone server, then you should create the fast recovery area for database files.

4.10.3.1 About the Fast Recovery Area and the Fast Recovery Area Disk Group

The fast recovery area is a unified storage location for all Oracle Audit Vault Server files related to recovery. Database administrators can define the DB_RECOVERY_FILE_DEST parameter to the path for the fast recovery area to enable on-disk backups, and rapid recovery of data. Enabling rapid backups for recent data can reduce requests to system administrators to retrieve backup tapes for recovery operations.

When you enable fast recovery in the init.ora file, all RMAN backups, archive logs, control file automatic backups, and database copies are written to the fast recovery area. RMAN automatically manages files in the fast recovery area by deleting obsolete backups and archive files no longer required for recovery.

Oracle recommends that you create a fast recovery area disk group. Oracle Clusterware files and Oracle Audit Vault Server files can be placed on the same disk group, and you can also place fast recovery files in the same disk group. However, Oracle recommends that you create a separate fast recovery disk group to reduce storage device contention.

The fast recovery area is enabled by setting DB_RECOVERY_FILE_DEST. The size of the fast recovery area is set with DB_RECOVERY_FILE_DEST_SIZE. As a general rule, the larger the fast recovery area, the more useful it becomes. For ease of use, Oracle recommends that you create a fast recovery area disk group on storage devices that can contain at least three days of recovery information. Ideally, the fast recovery area should be large enough to hold a copy of all of your datafiles and control files, the online redo logs, and the archived redo log files needed to recover your database using the datafile backups kept under your retention policy.

Multiple databases can use the same fast recovery area. For example, assume you have created one fast recovery area disk group on disks with 150 GB of storage, shared by three different databases. You can set the size of the fast recovery for each database depending on the importance of each database. For example, if database1 is your least important database, database2 is of greater importance and database3 is of greatest importance, then you can set different DB_RECOVERY_FILE_DEST_SIZE settings for each database to meet your retention target for each database: 30 GB for database1, 50 GB for database2, and 70 GB for database3.

4.10.3.2 Creating the Fast Recovery Area Disk Group

To create a fast recovery file disk group:

  1. Navigate to the Grid home bin directory, and start ASM Configuration Assistant (ASMCA). For example:

    $ cd /u01/grid/bin
    $ ./asmca
    
  2. ASMCA opens at the Disk Groups tab. Click Create to create a new disk group.

  3. The Create Disk Groups window opens.

    In the Disk Group Name field, enter a descriptive name for the fast recovery area group. For example: FRA.

    In the Redundancy section, select the level of redundancy you want to use.

    In the Select Member Disks field, select eligible disks to be added to the fast recovery area, and click OK.

  4. The Diskgroup Creation window opens to inform you when disk group creation is complete. Click OK.

  5. Click Exit.