Go to main content
1/30
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Changes in This Release
Oracle AVDF Release 12.1.2 Changes
Oracle AVDF Release 12.1.1 Changes
Quick Reference for Common Tasks
About this Quick Reference
Audit Vault Server
Database Firewall
Hosts
Agent
Host Monitor
Secured Targets
BIG-IP ASM Integration
Arcsight Integration
Other Administrator Tasks
Reference Information
Part I Getting Started
1
Introducing Oracle Audit Vault and Database Firewall
Downloading the Latest Version of This Manual
Supported Platforms
Understanding System Features and Concepts
About Audit Vault and Database Firewall
System Requirements
Supported Secured Targets
Administrative Features
Auditing Features
Integrations With Third-Party Products
Overview of the Oracle AVDF Component Architecture
Components of Oracle AVDF
How Oracle AVDF Components Work Together
The Audit Vault Server
The Database Firewall
The Audit Vault Agent
Placing Oracle AVDF Within Your Enterprise Architecture
High-Availability Modes
Understanding the Administrator's Role
Summary of Configuration Steps
Configuring Oracle AVDF and Deploying the Audit Vault Agent
Configuring Oracle AVDF and Deploying the Database Firewall
Planning the System Configuration
Questions to Help You Plan the Oracle AVDF Configuration
Step 1: Plan the Audit Vault Server Configuration
Step 2: Plan the Database Firewall Configuration
Step 3: Plan the Audit Vault Agent Deployments
Step 4: Plan the Audit Trail Configurations
Step 5: Plan Integration Options
Step 6: Plan for High Availability
Step 7: Plan User Accounts and Access Rights
Logging in to the Audit Vault Server Console UI
Logging in to the Audit Vault Server Console
Understanding the Tabs and Menus in the Audit Vault Server Console
Working with Lists of Objects in the UI
Logging in to the Database Firewall Console UI
Logging in to the Database Firewall Console UI
Using the Database Firewall UI
Using the AVCLI Command Line Interface
Using the AVDF Enterprise Manager Plug-in
2
General Security Guidelines
Installing Securely and Protecting Your Data
Installing Securely
Protecting Your Data
General Security Recommendations
Considerations for Deploying Network-Based Solutions
Handling Network Encryption
Handling Server-Side SQL and Context Configurations
How Oracle AVDF Works with Various Database Access Paths
Security Considerations for Special Configurations
Handling an Oracle Shared Server Configuration and Dispatchers
How TCP Invited Nodes Are Affected by Client IP Addresses
Additional Behavior to be Aware Of
3
Configuring the Audit Vault Server
About Configuring the Audit Vault Server
Logging In to the Audit Vault Server
Specifying Initial System Settings and Options (Required)
Specifying the Server Date, Time, and Keyboard Settings
Specifying the Audit Vault Server System Settings
Setting or Changing the Audit Vault Server Network Configuration
Configuring or Changing the Audit Vault Server Services
Configuring the Audit Vault Server Syslog Destinations
Configuring the Email Notification Service
About Email Notifications in Oracle AVDF
Configuring the Email Notification Service
Configuring Archive Locations and Retention Policies
About Archiving and Restoring Data in Oracle AVDF
Defining Archiving Locations
Creating or Deleting Archiving Policies
Creating Archiving (Retention) Policies
Deleting Archiving Policies
Defining Resilient Pairs for High Availability
Registering a Database Firewall in the Audit Vault Server
Testing the Audit Vault Server System Operation
4
Configuring the Database Firewall
About Configuring the Database Firewall
Logging in to the Database Firewall
Configuring the Database Firewall's Network and Services Configuration
Configuring a Database Firewall's Network Settings
Configuring a Database Firewall's Network Services
Setting the Date and Time in the Database Firewall
Specifying the Audit Vault Server Certificate and IP Address
Configuring Database Firewalls on Your Network
About Configuring the Database Firewalls on Your Network
Configuring Traffic Sources
Configuring a Bridge in the Database Firewall
Configuring a Database Firewall as a Traffic Proxy
Viewing the Status and Diagnostics Report for a Database Firewall
5
Registering Hosts and Deploying the Agent
Registering Hosts in the Audit Vault Server
About Registering Hosts
Registering Hosts in the Audit Vault Server
Changing Host Names
Deploying and Activating the Audit Vault Agent on Host Computers
About Deploying the Audit Vault Agent
Steps Required to Deploy and Activate the Audit Vault Agent
Registering the Host
Deploying the Audit Vault Agent on the Host Computer
(Oracle AVDF 12.1.1 Only) Requesting Agent Activation
Activating and Starting the Audit Vault Agent
Registering or Unregistering the Audit Vault Agent as a Windows Service
About the Audit Vault Agent Windows Service
Registering the Audit Vault Agent as a Windows Service
Unregistering the Audit Vault Agent as a Windows Service
Stopping, Starting, and Other Agent Operations
Stopping and Starting the Audit Vault Agent
Stopping and Starting the Agent on Unix Hosts
Stopping and Starting the Agent on Windows Hosts
Changing the Logging Level for the Audit Vault Agent
Deactivating and Removing the Audit Vault Agent
Updating the Audit Vault Agent
Deploying Plug-ins and Registering Plug-in Hosts
About Plug-ins
Ensuring that Auditing is Enabled in the Secured Target
Registering the Plug-in Host in Audit Vault Server
Deploying and Activating the Plug-in
Un-Deploying Plug-ins
Deleting Hosts from the Audit Vault Server
6
Configuring Secured Targets, Audit Trails, and Enforcement Points
About Configuring Secured Targets
Registering Secured Targets and Creating Groups
Registering or Removing Secured Targets in the Audit Vault Server
Registering Secured Targets
Modifying Secured Targets
Removing Secured Targets
Creating or Modifying Secured Target Groups
Controlling Access to Secured Targets and Target Groups
Preparing Secured Targets for Audit Data Collection
Using an NTP Service to set Time on Secured Targets
Ensuring that Auditing is Enabled on the Secured Target
Setting User Account Privileges on Secured Targets
Scheduling Audit Trail Cleanup
Configuring and Managing Audit Trail Collection
Adding an Audit Trail in the Audit Vault Server
Stopping and Starting Audit Trails in the Audit Vault Server
Checking the Status of Audit Trails in the Audit Vault Server
Deleting an Audit Trail
(Required for MySQL) Running the XML Transformation Utility
(Required for IBM DB2) Converting Binary DB2 Audit Files to ASCII Format
Configuring Enforcement Points
About Configuring Enforcement Points for Secured Targets
Creating and Configuring an Enforcement Point
Modifying an Enforcement Point
Starting, Stopping, or Deleting Enforcement Points
Viewing the Status of Enforcement Points
Finding the Port Number Used by an Enforcement Point
Configuring Stored Procedure Auditing (SPA)
Configuring and Using Database Interrogation
About Database Interrogation
Using Database Interrogation for SQL Server and SQL Anywhere Databases
Using Database Interrogation for Oracle Databases with Network Encryption
Configuring Database Interrogation for SQL Server and SQL Anywhere
Setting Database Interrogation Permissions in a Microsoft SQL Server Database
Setting Database Interrogation Permissions in a Sybase SQL Anywhere Database
Configuring Database Interrogation for Databases Using Network Encryption
Step 1: Apply the Specified Patch to the Oracle Database
Step 2: Run the Oracle Advance Security Integration Script
Step 3: Provide the Database Firewall Public Key to the Oracle Database
Step 4: Enable Database Interrogation for the Oracle Database
Enabling Database Interrogation
Disabling Database Interrogation
Configuring and Using Database Response Monitoring
About Database Response Monitoring
Configuring Database Response Monitoring
Enabling Database Response Monitoring
Setting Up Login/Logout Policies in the Firewall Policy
7
Enabling and Using Host Monitoring
About Host Monitoring
Installing and Enabling Host Monitoring
Prerequisites for Host Monitoring
Step 1: Register the Computer that will Run the Host Monitor
Step 2: Deploy the Audit Vault Agent and Install the Host Monitor
Deploying the Agent and Host Monitor on Windows Hosts
Deploying the Agent and Host Monitor on Linux Hosts
Step 3: Create a Secured Target for the Host-Monitored Database
Step 4: Create an Enforcement Point in DAM Mode
Step 5: Create a NETWORK Audit Trail
Starting, Stopping, and Other Host Monitor Operations
Starting the Host Monitor
Stopping the Host Monitor
Changing the Logging Level for a Host Monitor
Checking the Status of a Host Monitor Audit Trail
Uninstalling the Host Monitor (Linux Hosts Only)
Updating the Host Monitor (Linux Hosts Only)
Using Certificate-based Authentication for the Host Monitor
Requiring a Signed Certificate for Host Monitor Connections to the Firewall
Getting a Signed Certificate from the Audit Vault Server
8
Configuring High Availability
About High Availability Configurations in Oracle AVDF
Configuring a Resilient Pair of Audit Vault Servers
About Pairing Audit Vault Servers
Prerequisites for Configuring a Resilient Pair of Audit Vault Servers
Step 1: Configure the Secondary Audit Vault Server
Step 2: Configure the Primary Audit Vault Server
Step 3: Start High Availability Pairing of the Audit Vault Servers
Checking the High Availability Status of an Audit Vault Server
Updating Audit Vault Agents After Pairing Audit Vault Servers
Handling a Failover of the Audit Vault Server Pair
Configuring a Resilient Pair of Database Firewalls
About Configuring a Resilient Pair of Database Firewalls
Configuring a Resilient Pair of Database Firewalls
Swapping Roles in a Resilient Pair of Database Firewalls
Breaking (Un-pairing) a Resilient Pair of Database Firewalls
9
Configuring Integration with BIG-IP ASM
About the Integration of Oracle AVDF with BIG-IP ASM
How the Integration Works
Deploying the Oracle AVDF and BIG-IP ASM Integration
About the Deployment
System Requirements
Configuring Oracle AVDF to Work with F5
Configuring BIG-IP ASM
Logging Profile
Policy Settings
Developing a BIG-IP ASM iRule
Required Syslog Message Format
Configuring syslog-ng.conf
Viewing F5 Data in Oracle AVDF Reports
10
Configuring Integration with ArcSight SIEM
How Oracle AVDF Integrates with HP ArcSight SIEM
Enabling the HP ArcSight SIEM Integration
Part II General Administration Tasks
11
Managing User Accounts and Access
About Oracle AVDF Administrative Accounts
Configuring Administrative Accounts for the Audit Vault Server
Guidelines for Securing the Oracle AVDF User Accounts
Creating Administrative Accounts for the Audit Vault Server
Changing a User Account Type for the Audit Vault Server
Deleting an Audit Vault Server Administrator Account
Managing User Access to Secured Targets or Groups
About Managing User Access
Controlling Access by User
Controlling Access by Secured Target or Group
Changing User Passwords in Oracle AVDF
Recommended Password Guidelines
Changing the Audit Vault Server Administrator User Password
Changing the Database Firewall Administrator Password
12
Managing the Audit Vault Server and Database Firewalls
Managing Audit Vault Server Settings, Status, and Maintenance Operations
Checking Server Status and System Operation
Accessing the Audit Vault Server Certificate and Public Key
Accessing the Server Certificate
Accessing the Server Public Key
Rebooting or Powering Off the Audit Vault Server
Changing the Keyboard Layout
Downloading Diagnostics for the Audit Vault Server (AVDF 12.1.2)
Archiving and Restoring Audit Data
Starting an Archive Job
Restoring Oracle AVDF Audit Data
Monitoring Jobs
Changing the Audit Vault Server's Network or Services Configuration
Managing Server Connectors for Email, Syslog, and Arcsight SIEM
Managing Plug-ins
Monitoring the Server Tablespace Space Usage
Monitoring the Server Archive Log Disk Space Usage
Monitoring the Server Flash Recovery Area
Downloading and Using the AVCLI Command Line Interface
About the AVCLI Command Line Interface
Downloading the AVCLI Command Line Utility and Setting JAVA_HOME
Starting AVCLI
Starting AVCLI Interactively
Running AVCLI Scripts
Specifying Log Levels for AVCLI
Displaying Help and the Version Number of AVCLI
Downloading the Oracle AVDF SDK
Backing up and Restoring the Audit Vault Server
Managing Database Firewalls
Changing the Database Firewall's Network or Services Configuration
Viewing and Capturing Network Traffic in a Database Firewall
Rebooting or Powering Off Database Firewall
Removing a Database Firewall from the Audit Vault Server
Fetching an Updated Certificate from a Database Firewall
Viewing Diagnostics for a Database Firewall
13
Configuring a SAN Repository (AVDF 12.1.2)
About Configuring a SAN Repository
Configuring a SAN Server to Communicate with Oracle AVDF
Registering or Dropping SAN Servers in the Audit Vault Server
Registering a SAN Server
Dropping a SAN Server
Discovering Targets on a SAN Server
About SAN Targets and Disks
Discovering Targets on a SAN Server and Making Disks Available
Logging out of Targets on a SAN Server
Adding or Dropping SAN Disks in the Audit Vault Server Repository
About Disk Groups in the Audit Vault Server Repository
Adding SAN Disks to the Audit Vault Server Repository
Dropping SAN Disks from the Audit Vault Server Repository
Part III General Reference
A
AVCLI Commands Reference
About the AVCLI Commands
Agent Host AVCLI Commands
REGISTER HOST
ALTER HOST
LIST HOST
DROP HOST
ACTIVATE HOST
DEACTIVATE HOST
Database Firewall AVCLI Commands
REGISTER FIREWALL
DROP FIREWALL
LIST FIREWALL
REBOOT FIREWALL
POWEROFF FIREWALL
CREATE RESILIENT PAIR
SWAP RESILIENT PAIR
DROP RESILIENT PAIR
ALTER FIREWALL
SHOW STATUS FOR FIREWALL
Enforcement Point AVCLI Commands
CREATE ENFORCEMENT POINT
DROP ENFORCEMENT POINT
LIST ENFORCEMENT POINT
START ENFORCEMENT POINT
STOP ENFORCEMENT POINT
ALTER ENFORCEMENT POINT
Secured Target AVCLI Commands
REGISTER SECURED TARGET
ALTER SECURED TARGET
LIST ADDRESS FOR SECURED TARGET
LIST SECURED TARGET
LIST SECURED TARGET TYPE
LIST ATTRIBUTE FOR SECURED TARGET
LIST METRICS
DROP SECURED TARGET
Audit Trail Collection AVCLI Commands
START COLLECTION FOR SECURED TARGET
STOP COLLECTION FOR SECURED TARGET
LIST TRAIL FOR SECURED TARGET
DROP TRAIL FOR SECURED TARGET
SMTP Connection AVCLI Commands
REGISTER SMTP SERVER
ALTER SMTP SERVER
ALTER SMTP SERVER ENABLE
ALTER SMTP SERVER DISABLE
ALTER SMTP SERVER SECURE MODE ON
ALTER SMTP SERVER SECURE MODE OFF
TEST SMTP SERVER
LIST ATTRIBUTE OF SMTP SERVER
DROP SMTP SERVER
Security Management AVCLI Commands
GRANT SUPERADMIN
REVOKE SUPERADMIN
GRANT ACCESS
REVOKE ACCESS
GRANT ADMIN
REVOKE ADMIN
SAN Storage AVCLI Commands (AVDF 12.1.2)
REGISTER SAN SERVER
ALTER SAN SERVER
LIST TARGET FOR SAN SERVER
DROP SAN SERVER
LIST DISK
ALTER DISKGROUP
LIST DISKGROUP
LIST SAN SERVER
SHOW ISCSI INITIATOR DETAILS FOR SERVER
Remote Filesystem AVCLI Commands (AVDF 12.1.2)
REGISTER REMOTE FILESYSTEM
ALTER REMOTE FILESYSTEM
DROP REMOTE FILESYSTEM
LIST EXPORT
LIST REMOTE FILESYSTEM
SHOW STATUS OF REMOTE FILESYSTEM
Server Management AVCLI Commands
ALTER SYSTEM SET
SHOW CERTIFICATE
DOWNLOAD LOG FILE
Collection Plug-In AVCLI Commands
DEPLOY PLUGIN
LIST PLUGIN FOR SECURED TARGET TYPE
UNDEPLOY PLUGIN
General Usage AVCLI Commands
CONNECT
HELP
-HELP
-VERSION
QUIT
B
Plug-in Reference
About Oracle AVDF Plug-ins
Plug-ins Shipped with Oracle AVDF
Out-of-the Box Plug-ins at a Glance
Oracle Database
Microsoft SQL Server
Sybase ASE
Sybase SQL Anywhere
IBM DB2 for LUW
MySQL
Oracle Solaris
Oracle Linux
Microsoft Windows
Microsoft Active Directory
Oracle ACFS
Summary of Data Collected for Each Audit Trail Type
Scripts for Oracle AVDF Account Privileges on Secured Targets
About Scripts for Setting up Oracle AVDF Account Privileges
Oracle Database Setup Scripts
Sybase ASE Setup Scripts
About the Sybase ASE Setup Scripts
Setting Up Audit Data Collection Privileges for a Sybase ASE Secured Target
Setting Up Stored Procedure Auditing Privileges for a Sybase ASE Secured Target
Sybase SQL Anywhere Setup Scripts
Microsoft SQL Server Setup Scripts
About the SQL Server Setup Script
Setting Up Audit Data Collection Privileges for a SQL Server Secured Target
Setting Up Stored Procedure Auditing Privileges for a SQL Server Secured Target
IBM DB2 for LUW Setup Scripts
About the IBM DB2 for LUW Setup Scripts
Setting Up Audit Data Collection Privileges for IBM DB2 for LUW
Setting Up SPA Privileges for an IBM DB2 for LUW Secured Target
MySQL Setup Scripts
Audit Trail Cleanup
Oracle Database Audit Trail Cleanup
About Purging the Oracle Database Secured Target Audit Trail
Scheduling an Automated Purge Job
SQL Server Audit Trail Cleanup
MySQL Audit Trail Cleanup
Procedure Look-ups: Connect Strings, Collection Attributes, Audit Trail Locations
Secured Target Locations (Connect Strings)
Collection Attributes
About Collection Attributes
Oracle Database Collection Attributes
IBM DB2 for LUW Collection Attribute
MySQL Collection Attributes
Oracle ACFS Collection Attributes
Audit Trail Locations
C
REDO Logs Audit Data Collection Reference
About the Recommended Settings for Collection from REDO Logs
Oracle Database 11
g
Release 2 (11.2) and 12
c
Secured Target Audit Parameter Recommendations
Oracle Database 11
g
Release 1 (11.1) Secured Target Audit Parameter Recommendations
Oracle Database 10
g
Release 2 (10.2) Secured Target Audit Parameter Recommendations
D
Ports Used by Audit Vault and Database Firewall
Ports Required When Database Firewall is Deployed for Secured Targets
Ports for Services Provided by the Audit Vault Server
Ports for Services Provided by the Database Firewall
Ports for External Network Access by the Audit Vault Server
Ports for External Network Access by the Database Firewall
Ports for AVDF Internal TCP Communication
E
Troubleshooting Oracle Audit Vault and Database Firewall
Troubleshooting Tips
Partial or No Traffic Seen for an Oracle Database Monitored by Database Firewall
RPM Upgrade Failed
Agent Activation Request Returns 'host is not registered' Error
Unable to Deploy Agent on the Secondary Audit Vault Server
Operation Fails When I Try to Build Host Monitor or Collect Oracle Database Trail
'java -jar agent.jar' Failed on Windows Machine
Unable to Un-install the Audit Vault Agent Windows Service
Access Denied Error While Installing Agent as a Windows Service
Unable to Start the Agent Through the Services Applet On The Control Panel
Error When Starting the Agent
Error When Running Host Monitor Setup
Alerts on Oracle Database Secured Target are not Triggered for a Long Time
Internal capacity exceeded messages seen in the /var/log/messages file
F
Audit Vault Error Messages
Index
Scripting on this page enhances content navigation, but does not change the content in any way.