Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X 

A

access
remote, security guidelines for, 2.1.2
revoking for secured targets, 11.2.3
access rights
about managing, 11.1
administrator account types, 11.1
controlling by user, 11.3.2
planning, 1.7.8
secured targets. controlling by target or group, 11.3.3
accounts
administrative accounts, 11.1
setting up on secured targets
about, B.3.1
IBM DB2, B.3.6.2
Microsoft SQL Server, B.3.5.2
MySQL, B.3.7
Oracle Database, B.3.2
Sybase ASE, B.3.3.2
Sybase SQL Anywhere, B.3.4
ACFS
See Oracle ACFS
Actions button, 1.8.3
ACTIVATE HOST command, A.2.5
activate, Audit Vault Agent with key, 5.2.6
Active Directory
See Microsoft Active Directory
administrative features, 1.3.4
administrators
access rights, 11.1
roles, 1.5
tasks, 1.5
user account types, 11.1
agent host commands, A.2
agentctl command
start/stop, 5.3.1.1
to register Audit Vault Agent as Windows service, 5.2.7.2
agents
See Audit Vault Agent
alerts
configuring email service for, 3.4.1
forwarding to syslog, 3.3.3
ALTER DISKGROUP command, A.9.6
ALTER ENFORCEMENT POINT command, A.4.6
ALTER FIREWALL command, A.3.9
ALTER HOST command, A.2.2
ALTER REMOTE FILESYSTEM command, A.10.2
ALTER SAN SERVER command, A.9.2
ALTER SECURED TARGET command, A.5.2
ALTER SMTP SERVER command, A.7.2
ALTER SMTP SERVER DISABLE command, A.7.4
ALTER SMTP SERVER ENABLE command, A.7.3
ALTER SYSTEM SET command, A.11.1
ALTER SYSTEM SMTP SERVER SECURE MODE OFF command, A.7.6
ALTER SYSTEM SMTP SERVER SECURE MODE ON command, A.7.5
appliances, AVDF machines, caution, 3.1, 4.1
architecture
high availability resilient pairs, 1.4.3, 8.1
of Oracle AVDF components, 1.4.1.1
archiving
defining archiving locations, 3.5.2
NFS filesystem, 3.5.2
policies
creating, 3.5.3.1
described, 3.5.1
port for Windows File Sharing transfer method, 3.5.2
purging data files after restoring, 12.2.2
restoring from archives, 12.2.2
security guidelines, 2.1.2
space requirements, 12.1.2, 3.5.1
starting an archive job, 12.2.1
transfer method, 3.5.2
scp, 3.5.1, 3.5.2
SMB, 3.5.1, 3.5.2
ArcSight Security Information Event Management (SIEM)
about, 10.1
defined, 1.3.6
deployment procedure, 10.2
enabling interface, 10.2
specifying ArcSight server, 10.2
audit trails
cleanup
IBM DB2 audit files, 6.4.6
Microsoft SQL Server audit trail, B.4.2
Oracle Database, B.4.1
collections, AVCLI command for, A.6
configurations
REDO logs, recommended settings, C.1
configuring collection, 6.4.1
dropping a trail, A.6.4
finding list of, A.6.3
IBM DB2
about, B.2.13
prerequisite for starting, 6.4.6
MySQL
trail location, 6.4.5, A.6.1, A.6.2, B.2.7, B.5.3
XML transformation required, 6.4.5
planning, 1.7.5
planning configurations, 1.7.5
platform support, B.2.13
purging Oracle Database trail, B.4.1
starting and stopping, 6.4.2
starting collection, A.6.1
status
Collecting, 6.4.3
Idle, 6.4.3
Recovering, 6.4.3
Stopped, 6.4.3
Unreachable, 6.4.3
status, checking, 6.4.3
stopping collection, A.6.2
TABLE, B.2.13
types, B.2.13
location for DIRECTORY type, 6.4.1, B.5.3
Audit Vault Agent
about, 1.4.1.4
activating, 5.2.6
audit data collection when agent is stopped, 1.4.1.4
deactivating, 5.3.3
debug, logging, 5.3.2
deploying and activating, 5.2
log files location, 5.3.2
logging levels, setting, 5.3.2
OS user account for deployment, 5.2.4
planning deployments, 1.7.4
plug-ins
about, 5.5.1, B.1
deploy and activate procedure, 5.5.4
undeploying, 5.5.5
removing, 5.3.3
requirements, Java SE 6, 1.4.1.4, 5.2.4
starting, 5.3.1.1
starting, initial, 5.2.6
stopping, 5.3.1.1, 5.3.3
timestamps for Oracle Database trail purge process, B.4.1.2
Windows service, registering, 5.2.7.1
Windows service, stopping, 5.3.1.2
Windows service, unregistering, 5.2.7.3
Audit Vault and Database Firewall
administrative features, 1.3.4
administrator roles, 1.5
administrator tasks, 1.5
auditing features, 1.3.5
component diagram, 1.4.1.1
components, 1.4.1.1
configuration workflow, 1.6
database, password policy note, 1.4.1.2
documentation, downloading latest, 1.1
in enterprise architecture, diagram, 1.4.2
IPv6 not supported, 2.4
process flow, 1.4.1.1
Audit Vault Server
about, 1.4.1.2
administrative tasks
archiving log disk space, monitoring, 12.8
changing user passwords, 11.4.1
flash recovery area, 12.9
SYSAUX tablespace usage, 12.7
backup and restore, 12.12
certificate
location, 12.1.2.1
supplying to Database Firewall, 4.5
changing keyboard layout, 12.1.4
configuration
about, 3.1
initial tasks, 3.3
network settings, 3.3.2.1
configuring
services, 3.3.2.2
SSH access, 3.3.2.2
Web access, 3.3.2.2
diagnostics, 12.1.5
failover, 8.2.8
high availability
about, 8.2.1
failover, 8.2.8
status, 8.2.6
IP address
changing, reboot required, 3.3.2.1
supplying to Database Firewall, 4.5
jobs monitoring, 12.3
log files location, A.11.1
logging in to UI, 1.8.1
network configuration, 3.3.2.1
Oracle Database, and Database Vault, 1.4.1.2
pairing, 8.2.1
planning configuration, 1.7.2
port numbers, default, 3.3.2.1
primary server in resilient pair, 8.2.4
public key, 12.1.2.2
reboot upon changing host name, 3.3.2.1
rebooting, powering off, 12.1.3
registering Database Firewall in, 3.7
removing Database Firewall from, 12.13.4
removing secured targets from, 6.2.1.3
secondary server in resilient pair, configuring, 8.2.3
SNMP access, 3.3.2.2
status, checking, 12.1.1
syslog destinations, configuring, 3.3.3
testing system operation, 3.8
UI, tabs described, 1.8.2
user accounts, creating in, 11.2.2
auditing features, 1.3.5
authentication
using for host monitor-Database Firewall communication, 7.5
AVCLI commands
ACTIVATE HOST, A.2.5
ALTER DISKGROUP, A.9.6
ALTER ENFORCEMENT POINT, A.4.6
ALTER FIREWALL, A.3.9
ALTER HOST, A.2.2
ALTER REMOTE FILESYSTEM, A.10.2
ALTER SAN SERVER, A.9.2
ALTER SECURED TARGET, A.5.2
ALTER SMTP SERVER, A.7.2
ALTER SMTP SERVER DISABLE, A.7.4
ALTER SMTP SERVER ENABLE, A.7.3
ALTER SYSTEM SET, A.11.1
ALTER SYSTEM SMTP SERVER SECURE MODE OFF, A.7.6
ALTER SYSTEM SMTP SERVER SECURE MODE ON, A.7.5
CONNECT, A.13.1
CREATE ENFORCEMENT POINT, A.4.1
CREATE RESILIENT PAIR, A.3.6
DEACTIVATE HOST, A.2.6
DEPLOY PLUGIN, A.12.1
DOWNLOAD LOG FILE, A.11.3
DROP ENFORCEMENT POINT, A.4.2
DROP FIREWALL, A.3.2
DROP HOST, A.2.4
DROP REMOTE FILESYSTEM, A.10.3
DROP RESILIENT PAIR, A.3.8
DROP SAN SERVER, A.9.4
DROP SECURED TARGET, A.5.8
DROP SMTP SERVER, A.7.9
DROP TRAIL FOR SECURED TARGET, A.6.4
GRANT ACCESS, A.8.3
GRANT ADMIN, A.8.5
GRANT SUPERADMIN, A.8.1
-HELP, A.13.3
LIST ADDRESS FOR SECURED TARGET, A.5.3
LIST ATTRIBUTE FOR SECURED TARGET, A.5.6
LIST ATTRIBUTE OF SMTP SERVER, A.7.8
LIST DISK, A.9.5
LIST DISKGROUP, A.9.7
LIST ENFORCEMENT POINT, A.4.3
LIST EXPORT, A.10.4
LIST FIREWALL, A.3.3
LIST HOST, A.2.3
LIST METRICS, A.5.7
LIST PLUGIN FOR SECURED TARGET TYPE, A.12.2
LIST REMOTE FILESYSTEM, A.10.5
LIST SAN SERVER, A.9.8
LIST SECURED TARGE, A.5.4
LIST SECURED TARGET TYPE, A.5.5
LIST TARGET FOR SAN SERVER, A.9.3
LIST TRAIL FOR SECURED TARGET, A.6.3
POWEROFF FIREWALL, A.3.5
QUIT, A.13.5
REBOOT FIREWALL, A.3.4
REGISTER FIREWALL, A.3.1
REGISTER HOST, A.2.1
REGISTER REMOTE FILESYSTEM, A.10.1
REGISTER SAN SERVER, A.9.1
REGISTER SECURED TARGET, A.5.1
REGISTER SMTP SERVER, A.7.1
REVOKE ACCESS, A.8.4
REVOKE ADMIN, A.8.6
REVOKE SUPERADMIN, A.8.2
SHOW CERTIFICATE, A.11.2
SHOW ISCSI INITIATOR DETAILS FOR SERVER, A.9.9
SHOW STATUS FOR FIREWALL, A.3.10
SHOW STATUS OF REMOTE FILESYSTEM, A.10.6
START COLLECTION FOR SECURED TARGET, A.6.1
START ENFORCEMENT POINT, A.4.4
STOP COLLECTION FOR SECURED TARGET, A.6.2
STOP ENFORCEMENT POINT, A.4.5
SWAP RESILIENT PAIR, A.3.7
TEST SMTP SERVER, A.7.7
UNDEPLOY PLUGIN, A.12.3
-VERSION, A.13.4
AVCLI utility
about, 12.10.1
downloading, 12.10.2
finding version of, 12.10.6
help information, 12.10.6
invoking, 12.10.3
Java_Home environment variable, 12.10.2, 12.10.3
log files location, 12.10.5
logging levels, setting, 12.10.5
running scripts, 12.10.4

B

backup, Audit Vault Server, 12.12
Big Data Appliance, as secured target, 1.3.3, B.1
BIG-IP ASM (Application Security Manager)
about integration, 9.1
benefits of integration with Oracle Database Firewall, 9.1
configuration requirements, 9.3.1
configuring with Database Firewall, 9.3.3
creating logging profile, 9.3.4
custom iRule, 9.3.5.1
how integration works, 9.2
integration with Database Firewall, 9.1
iRules syslog messages, 9.3.5.1
policy settings, 9.3.4.2
sample iRule, 9.3.5
system requirements for integration, 9.3.2
transmitting iRule syslog messages, 9.3.5.2
blocking
Database Firewall inline mode, enabling bridge, 4.6.3
DPE mode in enforcement point, 6.5.2
IPv6 traffic, 2.4
bridge IP addresses
in Database Firewall, 4.6.3
subnet restriction for DPE mode, 4.6.3

C

CDB, registering secured target, 6.2.1.1
certificate
Audit Vault Server, 12.1.2.1
fetching from upgraded firewall, 12.13.5
supplying to Database Firewall, 4.5
Validation Failed, 12.13.5
Certificate Validation Failed, firewall status, 12.13.5
Client IP Addresses, and TCP invited nodes, 2.5.2
client program name
security considerations, 2.5.3
client-side security, 2.5.3
COLLECTING trail status, 6.4.3
collection agents
See Audit Vault Agent
collection attributes
about, B.5.2.1
Active Directory, not required, B.5.2.1
IBM DB2, B.5.2.3
Linux, not required, B.5.2.1
MySQL, B.5.2.4
Oracle ACFS, B.5.2.5
Oracle Database, B.5.2.2
Solaris, not required, B.5.2.1
SQL Server, not required, B.5.2.1
Sybase ASE, not required, B.5.2.1
Windows, not required, B.5.2.1
collection plug-ins
deploying with AVCLI command, A.12.1
undeploying, A.12.3
collector plug-ins
finding list of, A.12.2
command line utility
downloading AVCLI, 12.10.2
components, of Oracle AVDF, 1.4.1.1
configuration
audit trails, 6.4.1
BIG-IP ASM, 9.3.1
Database Firewall
about, 4.1
database interrogation, 6.7.1.1
enforcement points, 6.5.2
high availability
Audit Vault Server, 8.2.3
Database Firewall, 8.3.1
secured targets
about, 6.1
registering, 6.2.1.1
understanding workflow, 1.6
CONNECT command, A.13.1
connect strings (for Secured Target Location field), B.5.1
connections, maintaining for database clients, 6.5.3
console
filtering and sorting lists, 1.8.3
reset view, 1.8.3
CREATE ENFORCEMENT POINT command, A.4.1
CREATE RESILIENT PAIR command, A.3.6

D

DAM mode, 1.4.3, 8.1
Database Activity Monitoring, defined, 1.4.1.3
enforcement point monitoring mode, 6.5.2
with SQL blocking firewall policy, 6.5.2
data files, purging after restore, 12.2.2
data retention policies
about, 3.5.1
creating, 3.5.3.1
data security, 2.1
Database Activity Monitoring
DAM mode, defined, 1.4.1.3
database clients
connecting through proxy Database Firewall, 4.6.4
database connections
and Database Firewall, 2.4
Database Firewall
about, 1.4.1.3
adding Database Firewall to Audit Vault Server, 3.7
certificate validation failed, 12.13.5
configuration, 4.1
Audit Vault Server certificate and IP address, 4.5
network services, 4.3.2
network settings, 4.3.1
proxy, 4.6.4
traffic sources, 4.6.2
diagnostics, 4.7
high availability, configuring, 8.3.1
integration with BIG-IP ASM, 9.1
requirements, 9.3.3
logging in to UI, 1.9.1
network placement, 4.6.1
network services configuration, 4.3.2
network settings, changing, 4.3.1
network traffic, capturing to file, 12.13.2
non-TCP-based connections, 2.4
planning configuration, 1.7.3
ports
for external network access, D.5
for firewall services, D.3
required to be open, D.1
proxy
configuration, 4.6.4
database client connections, 4.6.4
public key, 6.7.3.3
reboot, power off, 12.13.3
removing from Audit Vault Server, 12.13.4
SNMP access, 4.3.2
SSH access, 4.3.2
status
Certificate Validation Failed, 12.13.5
viewing, 4.7
traffic sources, configuring, 4.6.2
ways to connect to, 1.4.2
Web access, 4.3.2
database interrogation, B.2.1
about, 6.7.1
configuring for Microsoft SQL Server databases, 6.7.2.1
configuring for Oracle databases with Network Encryption, 6.7.1.2
configuring for Sybase SQL Anywhere databases, 6.7.2.2
disabling, 6.7.5
enabling, 6.7.4
enforcement point setting, 6.5.3
Sybase SQL Anywhere, installing ODBC driver for Linux, 6.7.2.2
Database Policy Enforcement
DPE mode, defined, 1.4.1.3
database response monitoring
about, 6.8.1
enabling, 6.8.2.1
enforcement point setting, 6.5.3
Database Vault, enabled, 1.4.1.2
databases supported, 1.3.3
date and time
setting
in Audit Vault Server, 3.3.1
in Database Firewall, 4.4
timestamps in reports, 3.3.1
DB2
See IBM DB2
DEACTIVATE HOST command, A.2.6
debugging
Audit Vault Agent, 5.3.2
AVCLI debug log level, setting, 12.10.5
Java framework (Jfwklog) LOGLEVEL, A.11.1
Syslog, generating debug messages, 3.3.3
deleting hosts, 5.6
DEPLOY PLUGIN command, A.12.1
developers, downloading SDK, 12.11
diagnostics
Audit Vault Server, 12.1.5
Database Firewall, 4.7
DIRECTORY audit trail
about, B.2.13
directory mask
trail location for DIRECTORY trail type, 6.4.1, B.5.3
disk groups
about repository, 13.5.1
disk space
additional for SMB and scp archive data transfer, 3.5.2
monitoring archive log space, 12.8
dispatcher service, security considerations, 2.5.1
DNS servers
configuring for Audit Vault Server, 3.3.2.2
configuring for Database Firewall, 4.3.2
documentation, AVDF, downloading latest, 1.1
DOWNLOAD LOG FILE command, A.11.3
DPE mode
and spoofing detection rules, 6.5.2
bridge IP addresses, 4.6.3
connections, switching from DAM mode, 6.5.3
Database Policy Enforcement, defined, 1.4.1.3
enforcement point monitoring mode, 6.5.2
traffic disruption on time synchronization, 4.4
DROP ENFORCEMENT POINT command, A.4.2
DROP FIREWALL command, A.3.2
DROP HOST command, A.2.4
DROP REMOTE FILESYSTEM command, A.10.3
DROP RESILIENT PAIR command, A.3.8
DROP SAN SERVER command, A.9.4
DROP SECURED TARGET command, A.5.8
DROP SMTP SERVER command, A.7.9
DROP TRAIL FOR SECURED TARGET command, A.6.4

E

email notifications
about configuring service, 3.4.1
altering SMTP configuration, A.7.2
configuring (in UI), 3.4.2
disabling SMTP configuration, A.7.4
enabling SMTP configuration, A.7.3
finding SMTP configuration, A.7.8
registering for, A.7.2
registering SMTP service, A.7.1
removing configuration for secure server, A.7.6
time stamp shown in, 3.3.1
unregistering SMTP service, A.7.9
encryption
Network Encryption, 6.7.3.3
network encryption, handling, 2.3.1
Oracle Databases, configuration for handling, 6.7.3
providing public key to encrypted Oracle Database, 6.7.3.3
security guidelines, 2.3.1
enforcement points
configuring, 6.5.2, 6.5.2
database interrogation setting, 6.5.3
database response setting, 6.5.3
definition, 6.5.1
deleting, 6.5.4
DPE mode and IP spoofing, 6.5.2
Maintain Existing Connections setting, 6.5.3
modifying, 6.5.3
port number used, 6.5.6
starting and stopping, 6.5.4
status, 6.5.2
status values, defined, 6.5.5
status, viewing, 6.5.5
Enterprise Manager, AVDF Plug-in for, 1.11
entitlement auditing, B.2.1
EVENT LOG audit trail, B.2.13
exiting AVCLI, A.13.5

F

failover, Audit Vault Server, 8.2.8
filesystem
additional space for SMB and scp archive data transfer, 3.5.2
filtering, lists in Audit Vault Server console, 1.8.3
firewall policies, login and logout, 6.8.2.2
flash recovery area, monitoring in Audit Vault Server, 12.9
formatting, lists in Audit Vault Server console, 1.8.3

G

GRANT ACCESS command, A.8.3
GRANT ADMIN command, A.8.5
GRANT SUPERADMIN command, A.8.1
granting access privileges, A.8.3
granting ADMIN privileges, A.8.5
granting super admin privileges, A.8.1
groups
access rights
controlling by group, 11.3.3
controlling by user, 11.3.2
creating secured target groups, 6.2.2
guidelines, general security, 2.2

H

-HELP command, A.13.3
help information about AVCLI, A.13.1, A.13.3
high availability
about resilient pairs, 1.4.3, 8.1
diagram, 1.4.3
for Audit Vault Server, 8.2
for Database Firewall, 8.3.1
peer system IP/certificate, 8.2.6
SAN repository, 13.5.1
status, checking, 8.2.6
host monitors
about, 7.1
authentication, using, 7.5
checking status of, 7.3.4
deploying on Unix, 7.2.3.2
deploying on Windows, 7.2.3.1
enforcement point for, 7.2.5
installing, 7.2.1
prerequisites, 7.2.1
supported platforms, 7.2.1
uninstalling (Unix hosts only), 7.3.5
updating, Linux only, 7.4
host name, changing, reboot required, 3.3.2.1
hosts
AVCLI commands used for, A.2
changing names, 5.1.3
deleting from Audit Vault Server, 5.6
registering
procedure, 5.1.2
registering, about, 5.1.1

I

IBM DB2
audit trail location, B.2.6
collection attributes, B.5.2.3
converting binary audit file to ASCII text file, 6.4.6
starting audit trail, prerequisite ASCII conversion, 6.4.1
supported versions, B.2.1
user account script, B.3.6.2
IDLE trail status, 6.4.3
initialization parameters
REDO log
audit secured target release 10.2, C.3, C.4
audit secured target release 11.2, C.2
installation, security guidelines, 2.1
integrations
with ArcSight SIEM, 10.1
with BIG-IP ASM, 9.1
with Oracle AVDF, about, 1.3.6
IP addresses
and spoofing detection in DPE mode, 6.5.2
Audit Vault Server
changing, reboot required, 3.3.2.1
subnet restrictions for proxy interface, 4.6.4
IPv6
connections not supported, 2.4
traffic blocked, 2.4
iRule syslog messages
BIG-IP ASM command, 9.3.5.2

J

Java framework, logging levels, debugging, A.11.1
Java SE 6, Audit Vault Agent requires, 1.4.1.4, 5.2.4
jobs, monitoring, 12.3

K

key, for activating agent, 5.2.6
keyboards
changing layout, 12.1.4
settings, 3.3.1

L

link properties
network setting
in Audit Vault Server, 3.3.2.1
in Database Firewall, 4.3.1
Linux
audit trail location, B.2.9
user/group access required for audit trail, B.2.9
LIST ADDRESS FOR SECURED TARGET command, A.5.3
LIST ATTRIBUTE FOR SECURED TARGET command, A.5.6
LIST ATTRIBUTE OF SMTP SERVER command, A.7.8
LIST DISK command, A.9.5
LIST DISKGROUP command, A.9.7
LIST ENFORCEMENT POINT command, A.4.3
LIST EXPORT command, A.10.4
LIST FIREWALL command, A.3.3
LIST HOST command, A.2.3
LIST METRICS command, A.5.7
LIST PLUGIN FOR SECURED TARGET TYPE command, A.12.2
LIST REMOTE FILESYSTEM command, A.10.5
LIST SAN SERVER command, A.9.8
LIST SECURED TARGET command, A.5.4
LIST SECURED TARGET TYPE command, A.5.5
LIST TARGET FOR SAN SERVER command, A.9.3
LIST TRAIL FOR SECURED TARGET command, A.6.3
lists, finding objects in Audit Vault Server console, 1.8.3
log files
Audit Vault Agent, location, 5.3.2
AVCLI, location, 12.10.5
Java framework, location, A.11.1
system, location, A.11.1
traffic logs, collected, 8.1
logging in
to Audit Vault Server, 1.8.1
to Database Firewall, 1.9.1
logging levels
Audit Vault Agent, setting, 5.3.2
Java framework, A.11.1
specifying for AVCLI utility, 12.10.5
login/logout policies, 6.8.2.2

M

MAC addresses, spoofing detection and DPE mode, 6.5.2
Maintain Existing Connections enforcement point setting, 6.5.3
metrics of secured targets, A.5.7
Microsoft Active Directory
audit trail location, B.2.11
supported versions, B.2.1
Microsoft SQL Server
audit trail location, B.2.3
database interrogation
configuring, 6.7.1.1
registering, B.4.2
supported versions, B.2.1
trace files, preventing from being deleted by accident, B.4.2
user account script, B.3.5.2
Microsoft Windows
audit trail location, B.2.10
file sharing
archiving transfer, recommended port, 3.5.2
host monitors, deploying on, 7.2.3.1
secured target user, administrative permissions, 6.3.3
services, registering AV Agent as, 5.2.7.2
supported versions, B.2.1
monitoring
Audit Vault Server diagnostics, 12.1.5
Database Firewall diagnostics, 4.7
monitoring mode
and SQL blocking, 6.5.2
enforcement point setting, 6.5.2
Months Archived field, 3.5.3.1
Months Online field, 3.5.3.1
MySQL
adding audit trail, prerequisite XML conversion, 6.4.1
audit trail location, B.2.7
collection attributes, B.5.2.4
supported versions, B.2.1
trail location, 6.4.5, A.6.1, A.6.2, B.2.7, B.5.3
user account script, B.3.7
XML transformation utility required, 6.4.5

N

NETWORK audit trail, B.2.13
Network Encryption
configuring database interrogation to handle, 6.7.3
decrypting in Database Firewall, 6.7.1.2
native encryption required, 6.7.3.3
providing public key to encrypted Oracle Database, 6.7.3.3
network mask, Database Firewall network settings, 4.3.1
network services
configuring for Audit Vault Server, 3.3.2.2
configuring for Database Firewall, 4.3.2
network traffic, capturing to file in Database Firewall, 12.13.2
NFS filesystem
archiving transfer method, 3.5.2
registering with the Audit Vault Server, A.10.1
non-SQL protocol access, 2.4
non-TCP-based connections, and Database Firewall, 2.4

O

ODBC driver
required for SQL Anywhere database interrogation, 6.7.2.2
operating systems supported, 1.3.3
Oracle ACFS
audit trail location, B.2.12
collection attributes, B.5.2.5
supported versions, B.2.1
Oracle Advanced Security
See Network Encryption
Oracle database
decrypting Network Encryption traffic, 6.7.1.2
enabling auditing, 6.3.2
Oracle Database
12c, PDB/CDB and secured targets, 6.2.1.1
audit trail location, B.2.2
collection attributes, B.5.2.2
decrypting Network Encryption traffic, 6.7.1.2
purging audit trails, B.4.1
REDO logs, audit data collection reference, C.1
supported versions, B.2.1
user account script, B.3.2
using Network Encryption, configuration for handling, 6.7.3
Oracle RAC
secured target location, registering, 6.2.1.1, 6.2.1.1
Oracle shared server, security considerations, 2.5.1
OS username, security considerations, 2.5.3

P

passwords
changing for Audit Vault Server administrator, 11.4.2
changing for Database Firewall administrator, 11.4.3
guidelines for changing, 11.4.1
note on policy for AVDF database, 1.4.1.2
PDB, registering secured target, 6.2.1.1
peer system IP/certificate, high availability, 8.2.6
platforms supported, 1.2, B.2
for audit trail types, B.2.13
latest matrix, 1.4.1.4, 5.2.4, 7.2.1
plug-ins
about, 5.5.1, B.1
deploy and activate procedure, 5.5.4
enabling auditing, 5.5.2
SDK for developing, 12.11
un-deploying, 5.5.5
policies
archiving, 3.5.1
login and logout policies, 6.8.2.2
ports
default numbers used by Audit Vault Server, 3.3.2.1
enforcement point, finding, 6.5.6
for Audit Vault Server external network access, D.4
for Audit Vault Server services, D.2
for Database Firewall external network access, D.5
for internal TCP communication, D.6
proxy, 4.6.4
recommended for archiving using Windows file sharing transfer, 3.5.2
required for Database Firewall deployment, D.1
used by AVDF, D
power off
Audit Vault Server, 12.1.3
Database Firewall, 12.13.3
POWEROFF FIREWALL command, A.3.5
process flow, through Oracle AVDF components, 1.4.1.1
proxy
and database client connections, 4.6.4
configuring Database Firewall as, 4.6.4
IP address, subnet restrictions, 4.6.4
port numbers, 4.6.4
public key
Audit Vault Server, 12.1.2.2
Database Firewall, 6.7.3.3
providing to encrypted Oracle Database, 6.7.3.3
purging audit trails
IBM DB2 audit files, 6.4.6
Oracle Database, B.4.1
source database in Audit Vault environment, B.4.1.2

Q

QUIT command, A.13.5
quitting AVCLI, A.13.5
quotation marks
invalid in user names, 6.3.3, 11.2.1

R

reboot
Audit Vault Server, 12.1.3
Database Firewall, 12.13.3
upon changing host name, 3.3.2.1
REBOOT FIREWALL command, A.3.4
RECOVERING trail status, 6.4.3
REDO logs
audit data collection reference, C.1
REGISTER FIREWALL command, A.3.1
REGISTER HOST command, A.2.1
REGISTER REMOTE FILESYSTEM command, A.10.1
REGISTER SAN SERVER command, A.9.1
REGISTER SECURED TARGET command, A.5.1
REGISTER SMTP SERVER command, A.7.1
registering
hosts
procedure, 5.1.2
remote access, security guidelines, 2.1.2
remote monitors
See host monitors
reports
direct database interrogation, 6.7.1.1
host monitoring, 7.1
time stamp shown in PDF/XLS, 3.3.1
repository
about disk groups, 13.5.1
about SAN storage, 13.1
adding SAN disks, 13.5.2
dropping SAN disks, 13.5.3
dropping SAN servers, 13.3.2
high availability environment, 13.5.1
registering SAN servers, 13.3.1
Repository Page described, 13.5.1
requirements
Audit Vault Agent, Java SE 6, 1.4.1.4, 5.2.4
reset console view, 1.8.3
resilient pairs
about, 1.4.3, 8.1
of Audit Vault Servers, 8.2.1
restore, Audit Vault Server, 12.12
restoring, from archives, 12.2.2
REVOKE ACCESS command, A.8.4
REVOKE ADMIN command, A.8.6
REVOKE SUPERADMIN command, A.8.2
revoking
access privileges, 11.2.3, A.8.4
ADMIN privileges, A.8.6
super admin privileges, A.8.2
Role Conflict, high availability server status, 8.2.6

S

SAN disks
adding to repository, 13.5.2
dropping from repository, 13.5.3
SAN servers
discovering targets on, 13.4.2
dropping, 13.3.2
logging in to targets, 13.4.2
logging out of targets, 13.4.3
registering, 13.3.1
SAN storage
about, 13.1
ISCSI initiator name, configuring, 13.2
scp
See Secure Copy
scripts
account privileges on secured targets
about, B.3.1
IBM DB2, B.3.6.2
Microsoft SQL Server, B.3.5.2
MySQL, B.3.7
Oracle Database, B.3.2
Sybase ASE, B.3.3.2
Sybase SQL Anywhere, B.3.4
running AVCLI scripts, 12.10.4
SDK, downloading for plug-in development, 12.11
secondary server, configuring in resilient pair, 8.2.3
Secure Copy
archive datafile transfer, 3.5.1, 3.5.2
Secure Sockets Layer (SSL)
SMTP configuration, A.7.5
Secured Target Location field, 6.2.1.1, B.5.1
secured targets
about configuring, 6.1
access rights
controlling by secured target or group, 11.3.3
controlling by user, 11.3.2
altering, A.5.2
attributes
listing with AVCLI, A.5.6
Big Data Appliance, 1.3.3, B.1
collection attributes
about, B.5.2.1
Active Directory, not required, B.5.2.1
IBM DB2, B.5.2.3
Linux, not required, B.5.2.1
MySQL, B.5.2.4
Oracle ACFS, B.5.2.5
Oracle Database, B.5.2.2
Solaris, not required, B.5.2.1
SQL Server, not required, B.5.2.1
Sybase ASE, not required, B.5.2.1
Windows, not required, B.5.2.1
commands used for, A.5
defined, 1.3.3
dropping, A.5.8
finding attributes, A.5.6
finding metrics, A.5.7
groups, creating, 6.2.2
hosts, registering, 5.1.1
listing address, A.5.3
Microsoft Windows, administrative permissions, 6.3.3
name change, and reports, 6.2.1.2
nondatabase sources, about, 1.3.3
Oracle 12c PDB/CDB, 6.2.1.1
planning audit trail configuration, 1.7.5
registering, 6.2.1.1, A.5.1
removing from Audit Vault Server
about, 6.2.1.3
service name, 6.2.1.1
SID, 6.2.1.1
SPA (stored procedure auditing)
configuring, 6.6
supported types, 1.3.3
security
and installing, 2.1
Audit Vault and Database Firewall account guidelines, 11.2.1
client-side context information, 2.5.3
database access handling, 2.4
Database Vault, 1.4.1.2, 1.4.1.2
encryption, 2.3.1
general recommendations, 2.2
guidelines, 2.1
multiple databases on shared listener, 2.5.3
Oracle shared server and dispatchers, 2.5.1
recommendations, 2.2
TCP invited nodes, 2.5.2
Service Name field, 6.2.1.1, 6.2.1.1, A.5.2
settings, keyboard, 3.3.1
shared listener, security considerations, 2.5.3
SHOW CERTIFICATE command, A.11.2
SHOW ISCSI INITIATOR DETAILS FOR SERVER command, A.9.9
SHOW STATUS FOR FIREWALL command, A.3.10
SHOW STATUS OF REMOTE FILESYSTEM command, A.10.6
SID, 6.2.1.1
SID field, 6.2.1.1, A.5.2
SMB
See Windows File Sharing
SMTP
configuring connection (UI), 3.4.1
enabling (AVCLI), A.7.3
SNMP access
configuring for Audit Vault Server, 3.3.2.2
configuring for Database Firewall, 4.3.2
Solaris
audit trail location, B.2.8
audit trail location format, B.2.8, B.5.3
audit trail location format (avcli), A.6.1
supported versions, B.2.1
sorting lists in Audit Vault Server console, 1.8.3
SPA, configuring, 6.6
space requirements, archiving, 3.5.1
spoofing detection
MAC and IP address, and DPE mode, 6.5.2
SQL Anywhere
See Sybase SQL Anywhere
SQL Server
See Microsoft SQL Server
SQL, types not captured by Database Firewall, 2.3.2
SQL*Net
and Sybase ASE, required on Agent host, 5.2.4
SSH access
configuring for Audit Vault Server, 3.3.2.2
configuring for Database Firewall, 4.3.2
START COLLECTION FOR SECURED TARGET command, A.6.1
START ENFORCEMENT POINT command, A.4.4
status
audit trails, checking, 6.4.3
Audit Vault Server
checking, 12.1.1
Database Firewall, viewing for, 4.7
high availability, 8.2.6
host monitor, checking, 7.3.4
jobs in Audit Vault Server, 12.3
STOP COLLECTION FOR SECURED TARGET command, A.6.2
STOP ENFORCEMENT POINT command, A.4.5
STOPPED trail status, 6.4.3
stored procedure auditing, B.2.1
configuring, 6.6
stored procedure auditing (SPA)
configuring, 6.6
subnet
bridge IP address restriction, 4.6.3
Database Firewall network settings, default gateway, 4.3.1
Database Firewall network settings, network mask, 4.3.1
for proxy IP address, 4.6.4
system settings, default gateway, 3.3.2.1
system settings, network mask, 3.3.2.1
super administrators
access rights, 11.1
defined, 1.5
supported operating systems, 1.3.3
supported platforms, 1.2, B.2
for audit trail types, B.2.13
host monitor, 7.2.1
latest matrix, 1.4.1.4, 5.2.4, 7.2.1
supported secured targets, 1.3.3
Suspended, enforcement point status, 6.5.5
SWAP RESILIENT PAIR command, A.3.7
Sybase ASE
audit trail location, B.2.4
SQL*Net on Agent host, requirement, 5.2.4
supported versions, B.2.1
user account script, B.3.3.2
Sybase SQL Anywhere
audit trail location, B.2.5
database interrogation
configuring, 6.7.1.1
ODBC driver required, 6.7.2.2
supported versions, B.2.1
user account script, B.3.4
Synchronize Time After Save
Database Firewall, warning on traffic disruption, 4.4
synchronizing time
traffic disruption in DPE mode, 4.4
SYSAUX tablespace
monitoring in Audit Vault Server, 12.7
SYSDBA privilege
remote collection agent, effect on, 1.4.1.4
syslog
AVDF alert forwarding, format, 3.3.3
debug messages, generating, 3.3.3
forward to destinations, configuring, 3.3.3
IP addresses for forwarding, 3.3.3
SYSLOG audit trail, B.2.13
syslog files, B.2.13
SYSOPER privilege
remote collection agent, effect on, 1.4.1.4
system changes, caution on AVDF appliances, 3.1, 4.1
system configuration
understanding workflow, 1.6
workflow
with Audit Vault Agent, 1.6.1
with Database Firewall, 1.6.2
system configuration, planning, 1.7.1
system services
configuring for Audit Vault Server, 3.3.2.2
configuring for Database Firewall, 4.3.2

T

TABLE audit trail, B.2.13
tabs, UI, described, 1.8.2
TCP invited nodes, security considerations, 2.5.2
TEST SMTP SERVER command, A.7.7
testing, Audit Vault Server operation, 3.8
third-party products used with Oracle AVDF, 1.3.6
time synchronization, traffic disruption in DPE mode, 4.4
Time Zone Offset field, 3.3.1, 3.3.1
timestamps, and Audit Vault Server date and time, 3.3.1
trace files, Microsoft SQL Server, preventing deletion, B.4.2
traffic disruptions, and time synchronization in DPE mode, 4.4
traffic log files, collected, 8.1
traffic sources
changing in enforcement point, 6.5.3
Database Firewall, configuring in, 4.6.2
Trail Location field
directory mask for DIRECTORY trail type, 6.4.1, B.5.3
trail locations
supported per secured target, B.5.3
TRANSACTION LOG
audit trail, about, B.2.13
recommended settings reference, C.1
transfer method, archiving, 3.5.2
Transport Layer Security (TLS)
SMTP configuration, A.7.5
troubleshooting
Agent activation error using avcli, E.1.3
Agent cannot connect to Audit Vault Server, E.1.5
Audit Vault Agent
access denied while installing as Windows service, E.1.8
error on startup, E.1.10
java -jar agent.jar failed, E.1.6
unable to start through services applet, E.1.9
unable to uninstall Windows service, E.1.7
avcli agent activation error, E.1.3
cannot collect Oracle Database trail, E.1.5
Database Firewall, partial traffic only, E.1.1
host monitor fails, E.1.5
Host Monitor, setup error, E.1.11
Oracle Database alerts not triggered, E.1.12
RPM upgrade failed, E.1.2

U

UI
Audit Vault Server, tabs described, 1.8.2
Database Firewall, about, 1.9.2
UNDEPLOY PLUGIN command, A.12.3
Unix
deploying host monitor on, 7.2.3.2
UNREACHABLE trail status, 6.4.3
Unreachable, enforcement point status, 6.5.5
Update Certificate button, 12.13.5
updating
host monitors, Linux only, 7.4
user accounts
about managing, 11.1
Audit Vault Agent deployment, OS user, 5.2.4
changing type, 11.2.3
creating, 11.2.2
deleting, 11.2.4
planning, 1.7.8
users
logging in to the Audit Vault Server console, 1.8.1
user names with quotes invalid, 6.3.3, 11.2.1

V

-VERSION command, A.13.4
version number of AVCLI, finding, A.13.4

W

Web access
configuring for Audit Vault Server, 3.3.2.2
configuring for Database Firewall, 4.3.2
Web Application Firewall (WAF)
defined, 1.3.6
reports in BIG-IP ASM, 9.4
Windows
See Microsoft Windows
Windows Event Log, and DIRECTORY audit trail, B.2.13
Windows File Sharing
archive datafile transfer, 3.5.1, 3.5.2
Windows service
Audit Vault Agent, registering as, 5.2.7.1
Audit Vault Agent, stopping, 5.3.1.2
Audit Vault Agent, unregistering as, 5.2.7.3

X

XML files, and DIRECTORY audit trail, B.2.13