Topics
You can use the AVCLI commands to configure host connections from the command line. You must be granted the AV_ADMIN role before you can run these commands. This appendix does not list all of the AVCLI commands, however. It only covers the commands that an Audit Vault and Database Firewall administrator needs to configure secured target connections.
All AVCLI commands must end in a semi-colon (;).
See Also:
Using the Audit Vault Command-Line Interface for general usage information about using the AVCLI command line interface.
Setting the JAVA_HOME Environment Variable
In the Audit Vault Server, you must set the JAVA_HOME environment variable to point to JDK installation directory.
The AVCLI host commands enable you to configure the host computer on which the Audit Vault Agent will reside.
Table A-1 lists the AVCLI agent host commands.
Table A-1 AVCLI Agent Host Commands
| Command | Description |
|---|---|
|
Adds the host to Audit Vault Server and identifies it as a host on which an agent can be deployed |
|
|
Alters a host registered with the Audit Vault Server |
|
|
Lists the names of the currently registered agent host computers |
|
|
Drops the specified agent host from Audit Vault Server |
|
|
Activates the host on Audit Vault Server |
|
|
Deactivates the specified host |
Learn about the REGISTER HOST AVCLI command.
The REGISTER HOST command adds the host to Audit Vault Server and identifies it as a host on which an agent can be deployed.
Syntax
REGISTER HOST host_name [WITH IP ip_address]
Arguments
| Argument | Description |
|---|---|
|
|
The name of the host computer that you want to register. See Also:
|
|
|
The IP ADDRESS associated with the host. If the IP address is not specified, then the IP address for the host is deduced by doing a host name lookup on the host name specified. It is possible to override this behavior to associate with a different IP address, by specifying the IP address. |
Result
The host is successfully registered with the Audit Vault Server.
If the IP address is not specified, then the host name lookup fails with the following error. Retry registering the host with an IP address.
OAV:-46594: unable to resolve host <host_name>
Usage Notes
To change the IP address associated with a host, use the ALTER HOST command.
Examples
avcli> REGISTER HOST sample_host.example.com;
Registers the host, sample_host.example.com, to run the agent process with the Audit Vault Server.
avcli> REGISTER HOST sample_host.example.net with ip 192.0.2.1;
Registers the host, sample_host.example.net, and associates it with the IP address 192.0.2.1.
Syntax
ALTER HOST hostname SET {key=value [,key=value...]} ALTER HOST hostname SET {key=value [,LOGLEVEL=component_name:loglevel_value...]} ALTER HOST hostname DROP ATTRIBUTE {attribute name}
Arguments
| Argument | Description |
|---|---|
|
|
The name of the host. |
|
|
The attribute being changed. See Table A-2 for supported |
Usage Notes
This command alters the attributes associated with the named host using key/value pairs. To modify multiple attributes in a single command invocation, specify comma-separated key/value pairs.
The following host name attributes are supported:
Table A-2 Host Attributes (key values)
| Parameter | Description |
|---|---|
|
|
The new host name that replaces the existing one. |
|
|
The new IP address that replaces the existing IP address. |
|
|
The log level of various code components running on this host. This option can dynamically change the log levels of various Audit Vault Server code components. The
where See Table A-3 for descriptions of Multiple components log levels can be changed by delimiting them using the | symbol. |
The following are valid values for the LOGLEVEL attribute:
Table A-3 LOGLEVEL Component Names
| Parameter | Description |
|---|---|
|
|
agent |
|
|
Audit Vault Server |
|
|
shared Server and Agent |
Table A-4 LOGLEVEL Values
| Loglevel Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
Examples
avcli> ALTER HOST sample_host.example.com SET ip=192.0.2.1;
Alters the host, sample_host.example.com, and changes the associated IP address to 192.0.2.1.
avcli> ALTER HOST sample_host.example.com SET name=new_sample_host.example.com;
Alters the host, sample_host.example.com, to new_sample_host.example.com. Additionally, it updates the IP address by doing a lookup against new_sample_host.example.com.
avcli> ALTER HOST sample_host.example.com SET loglevel=av.agent:info|av.common:debug;
Alters the log levels of the av.agent and av.common code components embedded in the agent process running on the host, sample_host.example.com.
The LIST HOST command lists the names of the currently registered agent host computers.
Syntax
LIST HOST
Example
avcli> LIST HOST;
The various active hosts registered with the Audit Vault Server are listed.
Use the DROP HOST command to drop hosts that are specified by the value of the host_name parameter.
The DROP HOST command drops the host specified by the host_name from the Audit Vault Server and removes any associated metadata.
After dropping a host, if you want to register it again to collect audit data, you must reinstall the Audit Vault Agent on this host.
Syntax
DROP HOST hostnameArguments
| Argument | Description |
|---|---|
|
|
The name of the host computer being dropped. See Also:
|
Usage Notes
Ensure that the agent process on this host is in the stopped state before dropping the host. The DROP HOST command will fail otherwise.
Example
avcli> DROP HOST sample_host;
The host, sample_host, and any associated metadata is dropped.
The ACTIVATE HOST command activates the host specified by hostname.
Syntax
ACTIVATE HOST hostname
Arguments
| Argument | Description |
|---|---|
|
|
The host name. |
Usage Notes
Once an host is activated, an activation key appears, which must be entered when an agent process is started to complete activation process.
Example
avcli> ACTIVATE HOST sample_host.example.com;
Activates the host, sample_host.example.com, and displays the activation key for this host.
The DEACTIVATE HOST command deactivates the host specified by hostname.
Syntax:
DEACTIVATE HOST hostname
Arguments
| Argument | Description |
|---|---|
|
|
The host name. |
Usage Notes
Once a host is deactivated, it may not be able to connect to the Audit Vault Server.
Example
avcli> DEACTIVATE HOST sample_host.example.com;
Deactivates the host, sample_host.example.com. The agent process on this host may not be able to connect to the Audit Vault Server.
The AVCLI Database Firewall commands enable you to configure the Database Firewall.
Table A-5 lists the AVCLI Database Firewall commands.
Table A-5 Database Firewall Commands
| Command | Description |
|---|---|
|
Registers the Database Firewall that has the specified IP address with the Audit Vault Server |
|
|
Drops an already registered Database Firewall from the Audit Vault Server. |
|
|
Lists all the Database Firewalls registered with the Audit Vault Server |
|
|
Reboots a named Database Firewall that is already registered with the Audit Vault Server |
|
|
Powers off a named Database Firewall that is already registered with the Audit Vault Server |
|
|
Creates a resilient pair with two Database Firewalls for high availability |
|
|
Swaps Database Firewalls in a resilient pair that includes the named Database Firewall |
|
|
Drops the resilient pair that contains the specified Database Firewall |
|
|
Alters the Database Firewall attributes |
|
|
Displays the status for a particular Database Firewall |
The REGISTER FIREWALL command registers the Database Firewall that has the specified IP address with the Audit Vault Server.
Syntax
REGISTER FIREWALL firewall_name WITH IP ip_address
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the Database Firewall. |
|
|
The IP address of the Database Firewall. |
Usage Notes
The Database Firewall must be installed at the given IP address location.
To specify a firewall name with a space, enclose the entire string in quotes.
Example
avcli> REGISTER FIREWALL sample_fw WITH IP 192.0.2.14;
Database Firewall sample_fw is installed at IP address 192.0.2.14.
The DROP FIREWALL command drops an already registered Database Firewall from the Audit Vault Server.
Syntax
DROP FIREWALL firewall_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the Database Firewall. |
Example
avcli> DROP FIREWALL sample_fw;
The Database Firewall sample_fw is dropped.
The LIST FIREWALL command lists all the Database Firewalls registered with the Audit Vault Server.
Syntax
LIST FIREWALL
Example
avcli> LIST FIREWALL;
A list of the Database Firewalls registered with Audit Vault Server appears.
The REBOOT FIREWALL command reboots a named Database Firewall that is already registered with the Audit Vault Server.
Syntax
REBOOT FIREWALL firewall_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the Database Firewall. |
Example
avcli> REBOOT FIREWALL sample_fw;
The Database Firewall sample_fw reboots.
The POWEROFF FIREWALL command powers off a named Database Firewall that is already registered with the Audit Vault Server.
Syntax
POWEROFF FIREWALL firewall_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the Database Firewall. |
Example
avcli> POWEROFF FIREWALL sample_fw;
The Database Firewall sample_fw switches off.
The CREATE RESILIENT PAIR command creates a resilient pair with two Database Firewalls for high availability.
Syntax
CREATE RESILIENT PAIR FOR FIREWALL PRIMARY primary_firewall SECONDARY secondary_firewall
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the primary Database Firewall. Only this Firewall can generate syslog alerts |
|
|
The name of the secondary Database Firewall. |
Example
avcli> CREATE RESILIENT PAIR FOR FIREWALL PRIMARY sample_fw1 SECONDARY sample_fw2;
A resilient pair is created with primary Database Firewall sample_fw1 and secondary Database Firewall sample_fw2.
The SWAP RESILIENT PAIR command swaps Database Firewalls in a resilient pair that includes the named Database Firewall.
Syntax
SWAP RESILIENT PAIR HAVING FIREWALL firewall_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the Database Firewall. |
Example
avcli> SWAP RESILIENT PAIR HAVING FIREWALL sample_fw1;
In the existing resilient pair, Database Firewall sample_fw1, the primary firewall is swapped with the secondary firewall, or the reverse.
The DROP RESILIENT PAIR command drops the resilient pair that contains the specified Database Firewall.
Syntax
DROP RESILIENT PAIR HAVING FIREWALL firewall_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the Database Firewall. |
Example
avcli> DROP RESILIENT PAIR HAVING FIREWALL sample_fw1;
The existing resilient pair that includes Database Firewall sample_fw1 is broken.
The ALTER FIREWALL command alters the Database Firewall attributes.
Syntax
ALTER FIREWALL firewall_name SET attribute=value [, attribute=value]
Arguments
| Argument | Description |
|---|---|
|
|
The name of the Database Firewall. |
|
|
The pair (attribute and new value) for the Database Firewall. Separate multiple pairs by a space on the command line. See Table A-6 for a list of attributes. |
Usage Notes
Table A-6 lists Database Firewall attributes that you can specify for the attribute=value argument.
Table A-6 Oracle Database Firewall Attributes
| Parameter | Description |
|---|---|
|
|
The new name of the Database Firewall. |
|
|
The IP address of the Database Firewall. |
Example
avcli> ALTER FIREWALL sample_fw1 SET NAME=sample_newfw1;
Database Firewall name changes from sample_fw1 to sample_newfw1.
avcli> ALTER FIREWALL sample_fw1 SET IP=192.0.2.169;
Database Firewall IP address is set to 192.0.2.169.
The SHOW STATUS command displays the status for a particular Database Firewall.
Syntax
SHOW STATUS FOR FIREWALL firewall_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the Database Firewall. |
Example
avcli> SHOW STATUS FOR FIREWALL sample_fw1;
The running information for Database Firewall sample_fw1 appears.
The AVCLI Enforcement Point commands enable you to configure the Database Firewall.
Table A-7 lists the AVCLI Enforcement Point commands.
Table A-7 Enforcement Point Commands
| Command | Description |
|---|---|
|
Creates an enforcement point with the specified name and protects the Database Firewall using either mode DAM or DPE |
|
|
Drops the enforcement point |
|
|
Lists all the enforcements points associated with the Database Firewall or secured target |
|
|
Starts an enforcement point that was previously suspended |
|
|
Stops the enforcement point monitoring the secured target |
|
|
Alters the enforcement point and attributes |
The CREATE ENFORCEMENT POINT command creates an enforcement point with the specified name and protects the Database Firewall using either mode DAM or DPE.
Syntax
CREATE ENFORCEMENT POINT enforcement_point_name FOR SECURED TARGET secured_target_name USING FIREWALL firewall_name TRAFFIC SOURCE traffic_source_name WITH MODE DPE|DAM
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the enforcement point. |
|
|
The name of the secured target. |
|
|
The name of the Database Firewall. |
|
|
The name of the traffic source |
Example
avcli> CREATE ENFORCEMENT POINT sample_ep FOR SECURED TARGET sample_source USING FIREWALL sample_fw TRAFFIC SOURCE sample_trafficsource WITH MODE DPE;
An enforcement point named sample_ep is created on Database Firewall sample_fw, using DPE mode to protect the secured target sample_source, and using the traffic source sample_trafficsource.
The DROP ENFORCEMENT POINT command drops the enforcement point.
Syntax
DROP ENFORCEMENT POINT enforcement_point_nameArguments
| Argument | Descriptions |
|---|---|
|
|
The name of the enforcement point. |
Example
avcli> DROP ENFORCEMENT POINT sample_ep;
The enforcement point named sample_ep is dropped from the Database Firewall.
The LIST ENFORCEMENT POINT command lists all the enforcements points associated with either the Database Firewall or the secured target.
Syntax
LIST ENFORCEMENT POINT FOR FIREWALL firewall_name LIST ENFORCEMENT POINT FOR SECURED TARGET secured_target_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the Database Firewall. |
|
|
The name of the secured target. |
Example
avcli> LIST ENFORCEMENT POINT FOR FIREWALL sample_fw;
A list of all the enforcement points associated with Database Firewall sample_fw appears.
avcli> LIST ENFORCEMENT POINT FOR SECURED TARGET sample_source;
A list all the enforcement points associated with secured target sample_source appears.
The START ENFORCEMENT POINT command starts an enforcement point that was previously suspended.
Syntax
START ENFORCEMENT POINT enforcement_point_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the enforcement point. |
Example
avcli> START ENFORCEMENT POINT sample_ep;
The enforcement point named sample_ep starts.
The STOP ENFORCEMENT POINT command stops the enforcement point monitoring the secured target.
Syntax
STOP ENFORCEMENT POINT enforcement_point_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the enforcement point. |
Example
avcli> STOP ENFORCEMENT POINT sample_ep;
The enforcement point named sample_ep stops.
The ALTER ENFORCEMENT POINT command alters the enforcement point and attributes.
Syntax
ALTER ENFORCEMENT POINT enforcement_point_name SET attribute=value [, attribute=value]
Arguments
| Argument | Description |
|---|---|
|
|
The name of the enforcement point. |
|
|
The pair (attribute and new value) for the enforcement point being altered. Separate multiple pairs by a space on the command line. See Table A-8 for enforcement point attributes. |
Usage Notes
Attributes are specified by a comma-separated list of key=value/pairs. The following key values are supported:
Table A-8 Enforcement Point Attributes
| Parameter | Description |
|---|---|
|
|
The new secured target name, which should be registered already in the Audit Vault Server, including the address. |
|
|
The mode which monitors the enforcement point. Valid modes are: DAM or DPE. |
|
|
|
|
|
New valid traffic sources for enforcement point. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The new IP Address for Remote agent. |
Examples
avcli> ALTER ENFORCEMENT POINT ep1 SET TARGET=newsource;
The enforcement point to monitor new secured target is altered.
avcli> ALTER ENFORCEMENT POINT ep1 SET MODE=dam;
The enforcement point monitoring is altered to DAM mode.
avcli> ALTER ENFORCEMENT POINT ep1 SET database_response=true, Full_error_message=true;
The enforcement point is altered to activate database response and log error messages associated with error codes.
avcli> ALTER ENFORCEMENT POINT ep1 SET database_interrogation=true;
The enforcement point is altered to activate direct database interrogation.
The AVCLI secured target commands enable you to configure both database and nondatabase secured targets for Audit Vault Server.
Table A-9 lists the AVCLI secured target commands.
Table A-9 AVCLI Secured Target Commands
| Command | Description |
|---|---|
|
Registers a secured target to be monitored by Audit Server |
|
|
Modifies the attributes of a secured target |
|
|
Lists all the addresses registered with the secured target |
|
|
Lists the various active secured targets registered with the Audit Vault Server |
|
|
Lists the secured target types currently registered with Audit Vault Server |
|
|
Lists the attributes of a given secured target |
|
|
Lists the metrics of a given secured target, such as the various trails |
|
|
Removes the registration of the specified secured target from Audit Vault Server |
The REGISTER SECURED TARGET command registers a secured target to be monitored by Audit Vault Server.
Syntax
REGISTER SECURED TARGET secured_target_name OF SECURED TARGET TYPE "secured_target_type" [AT location] [AUTHENTICATED BY username/password]
Arguments
| Argument | Description |
|---|---|
|
|
Name of secured target. Must be unique. |
|
|
A valid secured target type, for example See Also: LIST SECURED TARGET TYPE to find a list of supported secured target types. |
|
|
The secured target database connection information. See Also: This is optional. It can be added later. The location is an opaque string that specifies how to connect to the secured target, typically a JDBC connect string. The syntax that you use depends on the secured target type. See the database-specific Usage Notes below. If location is not provided, certain features such as entitlement retrieval, audit settings management, SPA retrieval, and audit trail collection are disabled if applicable to this secured target type. |
|
|
Optional. Credentials to connect to the secured target. After you enter this argument and run the See the database-specific Usage Notes in the following sections. |
Note:
The syntax of this command will be changed in Oracle Audit Vault and Database Firewall release 20.1.0.0.0.
General Examples
avcli> HELP REGISTER SECURED TARGET;
Displays detailed help for the REGISTER SECURED TARGET command.
Oracle Database Usage Notes and Examples
For the location argument, enter the host name, port number, and service ID (SID), separated by a colon. Use the following syntax:
AT host:port:service
For example:
Oracle Database: jdbc:oracle:thin:@//host:port/service
If you are unsure of this connection information, then run the lsnrctl status listener_name command on the computer where you installed the secured target database.
The AUTHENTICATED BY command prompts for the secured target user name and password. This user account must exist in the secured target database.
To find this user, query the SESSION_PRIVS and SESSION_ROLES data dictionary views.
Oracle Database Examples:
avcli> REGISTER SECURED TARGET sample_source OF SECURED TARGET TYPE "Oracle Database" AT jdbc:oracle:thin:@//anymachinename:1521/example.com AUTHENTICATED BY system/welcome_1;
Registers a Oracle secured target, sample_source, of secured target type Oracle Database, reachable using connect string jdbc:oracle:thin:@//anymachinename: 1521/example.com using credentials system/welcome_1.
SQL Server Example With DB
avcli > REGISTER SECURED TARGET sample_mssqldb OF SECURED TARGET TYPE "Microsoft SQL Server" AT jdbc:av:sqlserver://hostname:port authenticated by <user>/<password>;
SQL Server Example with Windows Authentication
avcli > REGISTER SECURED TARGET sample_mssqldb OF SECURED TARGET TYPE "Microsoft SQL Server" AT “jdbc:av:sqlserver://<Host Name>:<Port>;authenticationMethod=ntlmjava;domain=<domain name>” authenticated by <windows user>/<windows user password>;
IBM DB2 Example
avcli> REGISTER SECURED TARGET sample_db2db OF SECURED TARGET TYPE "IBM DB2 LUW" AT jdbc:av:db2://host:port;
Registers a DB2 secured target, sample_db2db, of secured target type "IBM DB2 LUW", reachable using connect string jdbc:av:db2://host:port using credentials sa/welcome_1.
The ALTER SECURED TARGET command modifies the attributes of a secured target.
Syntax
ALTER SECURED TARGET secured_target_name SET attribute=value [, attribute=value] ALTER SECURED TARGET secured target name ADD ADDRESS ip:port:[service] ALTER SECURED TARGET secured target name DROP ADDRESS ip:port:[service]
Arguments
| Argument | Description |
|---|---|
|
|
The name of the secured target database to be modified. The name is case-sensitive. See Also: LIST SECURED TARGET to find a list of existing secured targets. |
|
|
The key/value pair for the secured target attributes of the secured target to be modified. You can modify one or more secured target attributes at a time using a space on the command line. See Also:
|
|
|
The IP address |
|
|
The port number |
|
|
Note:
The syntax of this command will be changed in Oracle Audit Vault and Database Firewall release 20.1.0.0.0.
Table A-10 lists secured target attributes that you can specify,
Table A-10 Secured Target Attributes
| Attribute | Description |
|---|---|
|
|
The name for this secured target database instance. This must not be defined already in the Audit Vault Server for another secured target. |
|
|
The location of the secured target |
|
|
The new set of username and password pair used to connect to the secured target. This is a two part value separated by a slash (/). |
|
|
The description for this secured target database instance |
|
|
The maximum number of enforcement point threads for the secured target. The valid range is between 1 and 16 (inclusive). The default value is 1. |
General Usage Examples:
avcli> ALTER SECURED TARGET sample_source SET name=sample_source2;
The secured target name of sample_source changed to sample_source2.
avcli> ALTER SECURED TARGET sample_source SET credentials=scott/leopard;
The credentials used to connect to the secured target, sample_source, are changed.
avcli> ALTER SECURED TARGET sample_source SET description='This is a new description';
Number of enforcement point threads is set for secured target, sample_source.
avcli> ALTER SECURED TARGET sample_source SET maximum_enforcement_point_threads=14;
The description for the secured target, sample_source, is changed.
avcli> ALTER SECURED TARGET sample_source ADD address 192.0.2.2:1234:srcdb;
New secured target address is registered with secured target sample_source.
avcli> ALTER SECURED TARGET sample_source DROP address 192.0.2.2:1234:srcdb;
Secured target address registered before with secured target, sample_source, is dropped.
avcli> ALTER SECURED TARGET sample_source set maximum_enforcement_point_threads = 10;
Sets the maximum number of enforcement point threads for secured target sample_source to 10.
Oracle Example:
avcli> ALTER SECURED TARGET secured target sample_source set location=jdbc:oracle:thin:@//new_sample_host:1521:sample_db;
The location of the secured target, sample_source, changes.
This command is used to upload and delete a secured target wallet file.
Syntax
ALTER SECURED TARGET <Secured target name> SET WALLET_FILE=<Path of the wallet file>
ALTER SECURED TARGET <Secured target name> DROP ATTRIBUTE WALLET_FILE
Arguments
| Argument | Description |
|---|---|
|
|
Name of the secured target. |
|
|
Name of wallet attribute (Key). |
|
|
Path to wallet file (Value). |
The LIST ADDRESS FOR SECURED TARGET command lists all the addresses registered with the secured target.
Syntax
LIST ADDRESS FOR SECURED TARGET secured_target_name
Arguments
| Argument | Descriptions |
|---|---|
|
|
The name of the secured target. |
Example
avcli> LIST ADDRESS FOR SECURED TARGET sample_source;
All the addresses for secured target, sample_source, appear.
The LIST SECURED TARGET command lists the active secured targets registered with the Audit Vault Server.
Syntax
LIST SECURED TARGET;
Lists the active secure targets registered with the Audit Vault Server.
The LIST SECURED TARGET TYPE command lists the secured target types currently supported in the Audit Vault Server.
Syntax
LIST SECURED TARGET TYPE
Examples
avcli> LIST SECURED TARGET TYPE;
Lists the secured target types currently supported in the Audit Vault Server.
The LIST ATTRIBUTE FOR SECURED TARGET command lists the attributes of a given secured target.
Syntax
LIST ATTRIBUTE FOR SECURED TARGET secured target name;
Arguments
| Argument | Description |
|---|---|
|
|
The name of the secured target. To find all registered secured targets, see "LIST SECURED TARGET". |
The LIST METRICS command lists the metrics of a given secured target, such as various trails.
Syntax
LIST METRICS FOR SECURED TARGET secured_target_nameArguments
| Argument | Description |
|---|---|
|
|
The name of the secured target To find all registered secured targets, see "LIST SECURED TARGET". |
Usage Notes
The LIST METRICS command has the same usage for all secured target types.
Examples
avcli> LIST METRICS FOR SECURED TARGET sample_source;
Metrics available for the secured target, sample_source, are listed.
The DROP SECURED TARGET command removes the registration of the specified secured target from Audit Vault Server.
Syntax
DROP SECURED TARGET secured_target_nameArguments
| Argument | Description |
|---|---|
|
|
The name of the secured target. To find all registered secured targets, see "LIST SECURED TARGET". |
Usage Notes
Ensure that all trails associated with this secured target are in stopped state before dropping the secured target. Otherwise, the DROP SECURED TARGET command fails. See HELP STOP COLLECTION for an explanation of how to stop active trails.
Dropping a secured target stops the Audit Vault Server from monitoring it. Any audit data collected earlier continues to be available in the Audit Vault Server repository.
Examples
avcli> DROP SECURED TARGET sample_source;
Drops the sample_source secured target.
The AVCLI target group commands enable you to alter a target group.
Table A-11 AVCLI Target Group Commands
| Command | Description |
|---|---|
|
Adds a specific target to a target group. |
|
|
Deletes a specific target from a target group. |
Use this command to add a specific target to a target group.
Syntax
ALTER TARGETGROUP <target group name> ADD TARGET <target name>
HELP ALTER TARGETGROUP
Arguments
| Argument | Description |
|---|---|
|
|
To seek help on available options. |
|
|
The name of the specific target that needs to be added. |
|
|
The name of the specific target group. |
Example
alter targetgroup tg1 add target t1
Use this command to delete a specific target from a target group.
Syntax
ALTER TARGETGROUP <target group name> DELETE TARGET <target name>
HELP ALTER TARGETGROUP
Arguments
| Argument | Description |
|---|---|
|
|
To seek help on available options. |
|
|
The name of the specific target that needs to be deleted. |
|
|
The name of the specific target group. |
Example
alter targetgroup tg1 delete target t1
The AVCLI secured target audit trial collection commands enable you to manage the audit trail collections for the secured targets.
Table A-12 lists the AVCLI secured target connection commands.
Table A-12 AVCLI Secured Target Connection Commands
| Command | Description |
|---|---|
|
Starts the collection of specified audit trail data from a given secured target |
|
|
Stops the audit trail collection |
|
|
Lists the available audit trails that have been started with the |
|
|
Drops an audit trail |
The START COLLECTION FOR SECURED TARGET command starts the collection of specified audit trail data from a given secured target, optionally using the specified collection plug-in.
Syntax
START COLLECTION FOR SECURED TARGET secured_target_name USING HOST host FROM location [USING PLUGIN plugin id]
Arguments
| Argument | Description |
|---|---|
|
secured_target_name |
The name of the secured target whose audit trail collection you want to begin. |
|
|
The name of the host where the secured target agent resides. |
|
|
The
|
|
|
The collection plug-in id being used. Required if there is more than one possible plug-in. Optional if there is only one plug-in. |
See Also:
LIST SECURED TARGET to find all registered secured targets.
LIST HOST to find a list of configured agent hosts.
LIST ATTRIBUTE FOR SECURED TARGET for detailed information about a secured target.
LIST PLUGIN FOR SECURED TARGET TYPE to find a list of existing plug-ins for the type.
General Usage Notes
To start the trail, the agent process which manages the trail should also be in running state. If the collection process connects to the secured target, the secured target must up and running. When multiple plug-ins can process audit data from a secured target, use the optional USING PLUGIN directive to disambiguate the collection process.
A trail starts in the START_REQUESTED state and transitions to a starting state, followed by a running state. If there is no outstanding audit data to process from the given trail, the collection process switches to an idle state. The current state can be viewed using the LIST TRAIL command.
If a trail must be authenticated, the Audit Vault Server uses the credentials provided in the AUTHENTICATED BY argument of the REGISTER SECURED TARGET command.
After you run the START COLLECTION command, the Audit Vault Server begins to collect audit data from the configured secured targets. If you want to stop the collection, then run the STOP COLLECTION command.
Windows Systems Usage Notes
On Windows systems, enter directory and file name locations in either double-quoted strings or as a nonquoted string using forward slashes. For example:
... FROM DIRECTORY "c:\app\oracle\product\11.1\av"; ... FROM DIRECTORY c:/app/oracle/product/11.1/av;
General Examples
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM directory /opt/audit_trail;
Audit data collection from trail /opt/audit_trail for secured target sample_source starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM TABLE sys.aud$;
Audit data collection from table trail sys.aud$ for secured target sample_source starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM syslog /usr/syslog/syslog*;
Collecting syslog trail /usr/syslog/syslog* for secured target sample_source starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM event log application;
Collecting application event log trail for secured target sample_source starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM transaction log;
Collecting transaction log trails for secured target sample_source starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM TABLE sys.aud$ USING PLUGIN com.sample_plugin;
Audit data collection from table trail sys.aud$ for the secured target sample_source, using the com.sample_plugin, plug-in starts.
Oracle Database Secured Target Usage Notes
Audit Trail Settings
For the operating system type of audit trail, use the following settings:
| Type of Audit Trail | trail_type Setting | audit_trail Setting |
|---|---|---|
|
Operating system directory |
|
|
|
Syslog file |
|
|
|
Windows event log |
|
N/A |
SQL Server Secured Target Usage Notes
Audit Trail Settings
You can write the SQL Server audit trail to the Windows event log, C2 trace files, or server side trace files. The FROM trail_type audit_trail arguments are as follows:
| Type of Audit Trail | trail_type Setting | audit_trail Setting |
|---|---|---|
|
Windows event log |
|
N/A |
|
C2 trace file |
|
|
|
Server-side trace files |
|
|
|
|
|
|
Best Practice:
The user must have admin privileges to access the security event log collector system. The user has an option to choose the following properties as the maximum event log size.
| Event Log Properties | To Accomplish |
|---|---|
|
Overwrite event as needed |
To delete the oldest event first. It automatically clears events. |
|
Do not overwrite events |
To avoid overwriting of existing events. In this case the user has to manually clear the event log. |
Sybase ASE Secured Target Usage Notes and Examples
For the Sybase ASE audit trail, set the trail_type audit_trail setting to TABLE SYSAUDITS.
Sybase ASE Example
avcli> START COLLECTION FOR SECURED TARGET hr_syb_db USING HOST sybserver FROM TABLE SYSAUDITS;
MySQL Usage Notes
The trail location is the path to the directory where converted XML files are created by running the MySQL XML transformation utility.
IBM DB2 Usage Notes and Examples
For the IBM DB2 audit trail, set the trail_type audit_trail setting to DIRECTORY directory_location.
IBM DB2 Example
avcli> START COLLECTION FOR SECURED TARGET hr_db2_db USING HOST db2server FROM DIRECTORY "d:\temp\trace";
Oracle Solaris Secured Target Usage Notes
For an Oracle Solaris secured target, the trail location used in this command must be in the format:
hostname:path_to_trail
where hostname matches the hostname in the audit log names, which look like this:
timestamp1.timestamp2.hostname
Windows Secured Target Usage Notes
For a Windows secured target, the event log audit trail type collects data from the Windows Security Event Log. The trail location used in this command must be security.
Best Practice:
The user must have admin privileges to access the security event log collector system. The user has an option to choose the following properties as the maximum event log size.
| Event Log Properties | To Accomplish |
|---|---|
|
Overwrite event as needed |
To delete the oldest event first. It automatically clears events. |
|
Do not overwrite events |
To avoid overwriting of existing events. In this case the user has to manually clear the event log. |
Active Directory Secured Target Usage Notes
For Active Directory secured target, the event log audit trail type collects data from the security and directory service. The trail location used in this command must be security or directory service.
Best Practice:
| Event Log Properties When Maximum Event Log Size Is Reached | To Accomplish |
|---|---|
|
Overwrite event as needed |
It is recommended to select To delete the oldest event first. It automatically clears events. |
|
Do not overwrite events |
To avoid overwriting of existing events. In this case the user has to manually clear the event log. |
The STOP COLLECTION FOR SECURED TARGET command stops the audit trail collection.
Syntax
STOP COLLECTION FOR SECURED TARGET secured_target_name USING HOST hostname FROM location [USING PLUGIN plugin_id]]
Arguments
| Argument | Description |
|---|---|
|
|
The name of the secured target for the trail collection you want to stop. |
|
|
The name of the host where the secured target agent resides. |
|
|
The
|
|
|
The collection plug-in id being used. Required if there is more than one possible plug-in. Optional if there is only one plug-in. |
See Also:
LIST SECURED TARGET to find a list of all registered secured targets.
LIST HOST to find a list of configured agent hosts.
LIST ATTRIBUTE FOR SECURED TARGET for detailed information about a secured target.
LIST PLUGIN FOR SECURED TARGET TYPE to find a list of existing plug-ins for the type.
LIST TRAIL FOR SECURED TARGET to view the current state of secured target.
General Usage Notes
Since the command is sent to the trail directly, the agent process does not need to be in running state. When multiple plug-ins process audit data from a secured target, use the optional USING PLUGIN directive to disambiguate the process.
A trail will be in a STOP_REQUESTED state when stopped and transitions to a stopping state, followed by a stopped state.
Windows Systems Usage Notes
On Windows systems, enter directory and file name locations in either double-quoted strings or as a nonquoted string using forward slashes. For example:
... FROM DIRECTORY "c:\app\oracle\product\11.1\av"; ... FROM DIRECTORY c:/app/oracle/product/11.1/av;
General Examples
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM directory /opt/audit_trail;
Audit data collection from trail /opt/audit_trail for secured target sample_source stops.
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM TABLE sys.aud$;
Audit data collection from table trail sys.aud$ for secured target sample_source stops.
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM syslog /usr/syslog/syslog*;
Collecting syslog trail /usr/syslog/syslog* for secured target sample_source stops.
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM event log application;
Collecting application event log trail for secured target sample_source stops
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM transaction log;
Collecting transaction log trail for secured target sample_source stops
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM TABLE sys.aud$ USING PLUGIN com.sample_plugin;
Audit data collection from table sys.aud$ for the secured target, sample_source, using the com.sample_plugin, plug-in stops
Oracle Database Usage Notes and Examples
Audit Trail Settings
For the operating system type of audit trail, use the following settings:
Oracle Database Examples
Operating system directory example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM DIRECTORY $ORACLE_HOME/logs;
Operating system syslog file example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM SYSLOG /etc/syslog.conf;
Operating system Windows event log example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM EVENTLOG;
Database audit trail example:
avcli> START COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM TABLE sys.aud$;
REDO log example:
avcli> START COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM TRANSACTION LOG;
SQL Server Usage Notes and Example
The SQL Server audit trail can be in the Windows event log, C2 trace files, or server side trace files. The FROM trail_type audit_trail arguments are as follows:
| Type of Audit Trail | trail_type Setting | audit_trail Setting |
|---|---|---|
|
Windows event log |
|
n/a |
|
C2 trace file |
|
|
|
Server-side trace files |
|
|
SQL Server Examples
Windows event log example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST mssqlserver FROM EVENTLOG;
C2 trace example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST mssqlserver FROM DIRECTORY "c:\SQLAuditFile*.trc";
Server-side trace example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST mssqlserver FROM DIRECTORY "c:\SQLAuditFile*.trc";
Sybase ASE Usage Notes and Example
For the Sybase ASE audit trail, set the trail_type audit_trail setting to TABLE SYSAUDITS.
Sybase ASE Example
avcli> STOP COLLECTION FOR SECURED TARGET hr_syb_db USING HOST sybserver FROM TABLE SYSAUDITS;
MySQL Usage Notes
The trail location is the path to the directory where converted XML files are created by running the MySQL XML transformation utility.
IBM DB2 Usage Notes and Example
For the IBM DB2 audit trail, set the trail_type audit_trail setting to DIRECTORY directory_location.
IBM DB2 Example
avcli> STOP COLLECTION FOR SECURED TARGET hr_db2_db USING HOST db2server FROM DIRECTORY "d:\temp\trace";
Oracle Solaris Usage Notes
For Oracle Solaris, the trail location must be in the format:
hostname:path_to_trail
where hostname matches the hostname in the audit log names, which look like this:
timestamp1.timestamp2.hostname
Windows Secured Target Usage Notes
For a Windows secured target, the event log audit trail type collects data from the Windows Security Event Log. The trail location used in this command must be security.
The LIST TRAIL FOR SECURED TARGET command lists the available audit trails that have been started with the START COLLECTION command or stopped with the STOP COLLECTION command.
Syntax
LIST TRAIL FOR SECURED TARGET secured_target_nameArguments
| Argument | Description |
|---|---|
|
|
The name of the secured target. To find a list of existing secured targets, see "LIST SECURED TARGET". |
Usage Notes
LIST TRAIL FOR SECURED TARGET does not list audit trails have been created but not yet started or stopped.
Examples
avcli> LIST TRAIL FOR SECURED TARGET sample_source;
The trails available for the secured target sample_souce are listed.
The DROP TRAIL FOR SECURED TARGET drops a trail that no longer needs to be monitored.
Note:
An audit trail must be in a STOPPED state in order for it to be dropped. A trail that has previously collected audit data associated with it cannot be dropped.
Syntax
DROP TRAIL FOR SECURED TARGET secured_target_name USING HOST hostname FROM location
Arguments
| Argument | Description |
|---|---|
|
|
The name of the secured target whose audit trail you want to drop. |
|
|
The name of the host where the secured target agent resides. |
|
|
The
|
See Also:
LIST SECURED TARGET to find all registered secured targets.
LIST HOST to find a list of configured agent hosts.
LIST ATTRIBUTE FOR SECURED TARGET for detailed information about a secured target.
Examples
avcli> DROP TRAIL FOR SECURED TARGET sample_source USING HOST foo FROM DIRECTORY /opt/audit_trail;
The audit trail from the directory /opt/audit_trail for secured target sample_source is dropped.
avcli> DROP TRAIL FOR SECURED TARGET sample_source USING HOST foo FROM TABLE sys.aud$;
The audit trail from table trail sys.aud$ for secured target sample_source is dropped.
avcli> DROP TRAIL FOR SECURED TARGET sample_source USING HOST foo FROM SYSLOG DEFAULT /usr/syslog/syslog*;
Syslog trail /usr/syslog/syslog* for secured target sample_source is dropped.
avcli> DROP TRAIL FOR SECURED TARGET sample_source USING HOST foo FROM TRANSACTION LOG;
The transaction log trail for secured target sample_source is dropped.
The AVCLI SMTP commands enable you to manage SMTP email notifications for Audit Vault Server reports and alert.
Table A-13 lists the SMTP-specific AVCLI commands.
Table A-13 AVCLI SMTP Commands
| Command | Description |
|---|---|
|
Registers the SMTP server configuration with the Audit Vault Server |
|
|
Modifies the SMTP server configuration and state |
|
|
Enables SMTP server configurations for servers registered with the |
|
|
Disables the SMTP server configuration |
|
|
Enables the SMTP server configuration and specifies the secure protocol mode used |
|
|
Disables secure mode in an existing secure SMTP server |
|
|
Tests SMTP integration with the Audit Vault Server by sending a test email |
|
|
Displays the current SMTP configuration details used by Audit Vault Server |
|
|
Unregisters the SMTP Server registered with the Audit Vault Server and removes any associated configuration metadata |
The REGISTER SMTP SERVER command registers the SMTP server configuration with the Audit Vault Server.
Syntax
REGISTER SMTP SERVER AT host:[port] SENDER ID sender_id SENDER EMAIL sender_email [AUTHENTICATED BY username/password]
Arguments
| Argument | Description |
|---|---|
|
|
The name, and optionally, the outgoing port number of the SMTP server. The |
|
|
The user ID of the person responsible for sending the email (that is, the email address that appears after |
|
|
The email address of the person whose ID you entered for the |
|
|
Optional. The authentication credentials for the recipient user. If the SMTP server runs in authenticated mode and needs a valid |
Note:
The syntax of this command will be changed in Oracle Audit Vault and Database Firewall release 20.1.0.0.0.
Usage Notes
Right after you create the SMTP server configuration, it is enabled and ready to use.
If the SMTP server is a secure server, then run the ALTER SYSTEM SMTP SECURE MODE ON command after you run REGISTER SMTP SERVER.
To test the configuration, run the TEST SMTP SERVER command.
This command associates the sender id and sender email with this configuration data so that all generated emails are sent with this sender id and sender email.
Examples
avcli> REGISTER SMTP SERVER AT sample_mail.example.com sender id "do-not-reply";
For an SMTP server running in non-authentication mode at sample_mail.example.com, all email is generated and sent from the address: do-not-reply<donotreply@example.com>.
avcli> REGISTER SMTP SERVER AT sample_mail.example.com:455 SENDER ID av-alerts SENDER EMAIL avalerts@example.com AUTHENTICATED BY smtpuser/smtppass;
For an SMTP server running in authentication mode at sample_mail.example.com, port 455; all email is generated and sent from the address: av-alerts<avalerts@example.com>. The credentials smtpuser/smtppass connect to this server to send emails.
The ALTER SMTP SERVER command modifies the SMTP server configuration and state.
Syntax
ALTER_SMTP SERVER AT host:[port] [SENDER ID sender_id]| [SENDER EMAIL sender_email] | [AUTHENTICATED BY username/password]
Arguments
| Argument | Description |
|---|---|
|
|
The name, and optionally, the outgoing port number of the SMTP server. The |
|
|
The user ID of the person responsible for sending the email (that is, the email address that appears after |
|
|
The email address of the person whose ID you entered for the |
|
|
Optional. The authentication credentials for the recipient user. If the SMTP server runs in authenticated mode and needs a valid |
Note:
The syntax of this command will be changed in Oracle Audit Vault and Database Firewall release 20.1.0.0.0.
Usage Notes
After you complete the SMTP server configuration, it is enabled and ready to use.
If the SMTP server is a secure server, then run the ALTER SYSTEM SMTP SECURE MODE ON command after you run REGISTER SMTP SERVER.
To test the configuration, run the TEST SMTP SERVER command.
If you omit an argument, then Audit Vault Server uses the previously configured setting.
Example
avcli> ALTER SMTP SERVER AT new_sample_host:465;
The host and port configuration information of the SMTP server is changed.
avcli> ALTER SMTP SERVER SENDER ID new-do-not-reply;
The sender ID configuration information of the SMTP server is changed.
avcli> ALTER SMTP SERVER AT new_sample_host:465 sender id new-do-not-reply;
The host and port as well as the sender ID of the SMTP server is changed.
The ALTER SMTP SERVER ENABLE command enables SMTP server configurations for servers registered with the REGISTER SMTP SERVER command or modified with the ALTER SMTP SERVER command.
Syntax
ALTER SMTP SERVER ENABLE
Usage Notes
When you enable the configuration, Audit Vault Server uses the configuration that was in place when you last disabled the SMTP configuration.
To find details about the most recent service configuration, see "LIST ATTRIBUTE OF SMTP SERVER".
Example
avcli> ALTER SMTP SERVER ENABLE; SMTP integration is enabled.
Enables the integration between the Audit Vault and SMTP server.
The ALTER SMTP SERVER DISABLE command disables the SMTP server configuration.
Syntax
ALTER SMTP SERVER DISABLE
Usage Notes
After you disable the configuration, Audit Vault Server preserves the most recent configuration. So, when you re-enable the configuration, this configuration is made active again.
To find details about the most recent service configuration, see "LIST ATTRIBUTE OF SMTP SERVER".
This command may be useful when the SMTP Server is down for system maintenance.
Example
avcli> ALTER SMTP SERVER DISABLE; SMTP integration is disabled.
Disables the integration between the Audit Vault and SMT Server.
Use the ALTER SMTP SERVER SECURE MODE ON command to enable SMTP server configurations and specify the secure protocol mode that is in use.
The ALTER SMTP SERVER SECURE MODE ON command enables the SMTP server configuration and specifies the secure protocol mode used.
Syntax
ALTER SMTP SERVER SECURE MODE ON PROTOCOL [SSL | TLS ] [TRUSTSTORE location]Arguments
| Argument | Description |
|---|---|
|
|
Optional: One of the following types of protocol:
|
|
|
The path to the truststore file used to validate the server certificates. Optional. |
Usage Notes
Run this command after you run either the REGISTER SMTP SERVER or ALTER SMTP SERVER command.
Only run this command if the SMTP server that you are configuring is a secure server.
See Also:
Examples
avcli> ALTER SMTP SERVER SECURE MODE ON PROTOCOL ssl TRUSTSTORE /sample_tstore;
This command acknowledges that the SMTP Server registered with Oracle Audit Vault Server is in secure mode, that is, supports SSL or TLS, and uses the file /sample_tstore to validate the certificate obtained from the SMTP Server during connects.
avcli> ALTER SMTP SERVER SECURE MODE ON PROTOCOL tls TRUSTSTORE /sample_tstore;
This example sets TLS protocol instead of SSL.
Use the ALTER SMTP SERVER SECURE MODE OFF command to disable the secure mode in secure SMTP servers.
The ALTER SMTP SERVER SECURE MODE OFF command disables secure mode in an existing secure SMTP server.
Syntax
ALTER SMTP SERVER SECURE MODE OFF
Usage Notes
Run this command after you run either the REGISTER SMTP SERVER or ALTER SMTP SERVER command.
Example
avcli> ALTER SMTP SERVER SECURE MODE OFF; Updated SMTP server configuration to not use secure protocol.
Sets the SMTP Server registered with Oracle Audit Server to non-secure mode.
Use the TEST SMTP SERVER command to test the SMTP integration with Oracle Audit Vault Server by sending a test email.
The TEST SMTP SERVER command tests SMTP integration with the Audit Vault Server by sending a test email.
Syntax
TEST SMTP SERVER SEND EMAIL TO email_address Arguments
| Argument | Description |
|---|---|
|
|
Recipient of the test email notification |
Usage Notes
If the test fails, then check the configuration by running the LIST ATTRIBUTE OF SMTP SERVER command.
You can recreate the configuration by running the ALTER_SMTP SERVER command.
If there are no errors, a test email appears in the mail box of the user specified by the e-mail address argument.
You can provide a list of comma-separated email addresses to this command.
A SMTP Server must first be registered with the Audit Vault Server before this command can be used.
Example
avcli> TEST SMTP SERVER SEND EMAIL TO me@example.com;
To test the SMTP integration, a test email is sent to the email address, me@example.com.
avcli> TEST SMTP SERVER SEND EMAIL TO abc@example1.com,xyz@example2.com;
To test the SMTP integration, a test email is sent to the email address list, abc@example1.com,xyz@example2.com.
The LIST ATTRIBUTE OF SMTP SERVER command displays the current SMTP configuration details used by Audit Vault Server.
Syntax
LIST ATTRIBUTE OF SMTP SERVER
Usage Notes
To reconfigure the SMTP service connection, run the ALTER SMTP SERVER ("ALTER SMTP SERVER") command.
Example
avcli> LIST ATTRIBUTE OF SMTP SERVER;
The configuration data/attributes for the SMTP server appear.
The DROP SMTP SERVER command unregisters the SMTP Server registered with the Audit Vault Server and removes any associated configuration metadata.
Syntax
DROP SMTP SERVER
Example
avcli> DROP SMTP SERVER; SMTP server unregistered successfully.
The SMTP Server is unregistered and any associated configuration metadata is removed.
The AVCLI security management command enable you to manage various administrator and super administrator privileges.
Table A-14 AVCLI Security Management Commands
| Command | Description |
|---|---|
|
Changes Transparent Data Encryption (TDE) configuration to rekey or to reset the repository encryption password |
|
|
Shows whether data encryption is enabled or disabled for the Audit Vault Server repository |
|
|
Grants super administrator privileges to the user specified by |
|
|
Revokes super administrator privileges from users specified by |
|
|
Grants access to secured target name or secured target group name to specified user |
|
|
Revokes access to secured target or secured target group name from specified user |
|
|
Grants administrator privileges to specified user |
|
|
Revokes administrator privileges from specified user |
|
|
Unlocks a user account |
The ALTER DATA ENCRYPTION command lets a super administrator change the Transparent Data Encryption (TDE) configuration in the Audit Vault Server repository. A super administrator can use this command to rekey the master encryption key, or to reset the repository encryption (wallet) password.
Syntax
ALTER DATA ENCRYPTION REKEY ALTER DATA ENCRYPTION CHANGE WALLET PASSWORD
Examples
avcli> ALTER DATA ENCRYPTION REKEY;
This command rekeys the master encryption key for the Audit Vault Server repository.
avcli> ALTER DATA ENCRYPTION CHANGE WALLET PASSWORD;
This commands gives prompts to change the repository encryption (wallet) password.
The GRANT SUPERADMIN command grants super administrator privileges to the user specified by username.
Syntax
GRANT SUPERADMIN TO usernameArguments
| Argument | Description |
|---|---|
|
|
The specified user. |
Usage Notes
This user automatically receives regular administrator rights as well.
Example
avcli> GRANT SUPERADMIN TO scott;
Super administrator (and administrator) privileges granted to user scott.
The REVOKE SUPERADMIN command revokes super administrator privileges from users specified by username.
Syntax:
REVOKE SUPERADMIN FROM usernameArguments
| Argument | Description |
|---|---|
|
|
The specified user. |
Usage Notes
The user continues to retain regular administrator rights.
Example:
avcli> REVOKE SUPERADMIN FROM scott;
Super administrator privileges are revoked from user scott.
The GRANT ACCESS command grants access to a secured target name or secured target group name to a specified user.
Syntax
GRANT ACCESS ON SECURED TARGET secured_target_name TO username GRANT ACCESS ON SECURED TARGET GROUP secured_target_group name TO username
Arguments
| Argument | Description |
|---|---|
|
|
The specified user. |
|
|
The name of the secured target. |
|
|
The name of the secured target group. |
Example
avcli> GRANT ACCESS ON SECURED TARGET sample_source TO scott;
User scott granted access to secured target sample_source.
avcli> GRANT ACCESS ON SECURED TARGET GROUP hr_db_group TO hr;
User hr granted access to group of secured targets specified by the group hr_db_group.
The REVOKE ACCESS command revokes access to a secured target or secured target group name from a specified user.
Syntax
REVOKE ACCESS ON SECURED TARGET secured_target_name FROM username REVOKE ACCESS ON SECURED TARGET GROUP secured_target_group_name FROM username
Arguments
| Argument | Description |
|---|---|
|
|
The specified user. |
|
|
The name of the secured target. |
|
|
The name of the secured target group. |
Example
avcli> REVOKE ACCESS ON SECURED TARGET sample_source FROM scott;
Access to secured target sample_source revoked from user scott.
avcli> REVOKE ACCESS ON SECURED TARGET GROUP hr_db_group FROM hr;
Access to a group of secured targets specified by the group hr_db_group revoked from user hr.
The GRANT ADMIN command grants administrator privileges to specified user.
Syntax
GRANT ADMIN TO username
Arguments
| Argument | Description |
|---|---|
|
|
The specified user. |
Example
avcli> GRANT ADMIN TO scott;
Administrator privileges granted to user scott.
The REVOKE ADMIN command revokes administrator privileges from specified user.
Syntax:
REVOKE ADMIN FROM username
Arguments
| Argument | Description |
|---|---|
|
|
The specified user. |
Example:
avcli> REVOKE ADMIN FROM scott;
Administrator privileges revoked from user scott.
Table A-15 lists SAN storage AVCLI commands.
Table A-15 AVCLI SAN Storage Commands
| Command | Description |
|---|---|
|
Registers a SAN server of a specified storage type with the Audit Vault Server |
|
|
Alters a SAN server registered with the Audit Vault Server by logging into or logging out of a target available on the SAN server |
|
|
Displays the details of targets available on a specified SAN server |
|
|
Drops a SAN server registered with Audit Vault Server |
|
|
Displays details of disks available on the system |
|
|
Alters a diskgroup by adding or dropping disks |
|
|
Displays details of all diskgroups in the system |
|
|
Displays details of SAN servers registered with the Audit Vault Server |
|
|
Displays iSCSI initiator details for the Audit Vault Server |
Syntax:
REGISTER SAN SERVER SAN_server_name OF TYPE storage_type ADDRESS address [PORT port] [METHOD discovery_method] [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
| Argument | Description |
|---|---|
|
|
Name of the SAN server. Must be unique. |
|
|
Storage type. Currently, only |
|
|
IP address SAN server |
|
|
Optional. Port number. Default is 3260. |
|
|
Optional. Method used to discover targets. Possible values are: SENDTARGETS [AUTHENTICATED BY username/password] ISNS Default is |
Note:
The syntax of this command will be changed in Oracle Audit Vault and Database Firewall release 20.1.0.0.0.
Examples:
avcli> REGISTER SAN SERVER testServer1 OF TYPE iSCSI ADDRESS 192.0.2.1;
Registers a SAN server testServer1 of storage type iSCSI at address 192.0.2.1. The default port number 3260 and the default discovery method sendtargets will be used.
avcli> REGISTER SAN SERVER testServer2 Of Type iSCSI ADDRESS 192.0.2.1 METHOD sendtargets AUTHENTICATED BY username2/password2;
Registers a SAN server testServer2 of storage type iSCSI at address 192.0.2.1 using the discover method sendtargets with credentials username2 and password2.
Use the ALTER SAN SERVER command to alter SAN servers that are registered with Oracle Audit Vault Server by logging into or logging out of a target that is available on the SAN server
The ALTER SAN SERVER command alters a SAN server registered with the Audit Vault Server by logging in or logging out of a target available on the SAN server.
Syntax:
ALTER SAN SERVER server_name LOGIN target_name ADDRESS address [PORT port][AUTHENTICATED BY username/password] [ON SECONDARY] ALTER SAN SERVER server_name LOGOUT target_name ADDRESS address [PORT port][AUTHENTICATED BY username/password] [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
| Argument | Description |
|---|---|
|
|
Name of the SAN server registered with the Audit Vault Server. |
|
|
Name of the target on the SAN server. To get a list of targets, use the command "LIST TARGET FOR SAN SERVER". |
|
|
IP address or hostname of the target on the SAN server |
|
|
Optional. Default is 3260. |
|
|
If needed, credential used to log in to the target. |
Note:
The syntax of this command will be changed in Oracle Audit Vault and Database Firewall release 20.1.0.0.0.
Example:
avcli> ALTER SAN SERVER testServer1 LOGIN target1 ADDRESS sample_target.example.com AUTHENTICATED BY username1/password1;
Alter the SAN server testServer1 by logging into target1 at address sample_target.example.com using credentials username1 and password1. The default port number 3260 will be used.
avcli> ALTER SAN SERVER testServer2 LOGOUT target2 ADDRESS sample_target.example.com;
Alter the SAN server testServer2 by logging out of target2 at address sample_target.example.com.
The LIST TARGET FOR SAN SERVER command displays details of the targets available on a specified SAN server.
Syntax:
LIST TARGET FOR SAN SERVER server_name [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
| Argument | Description |
|---|---|
|
|
Name of the SAN server registered with the Audit Vault Server. |
Example:
avcli> LIST TARGET FOR SAN SERVER testServer1;
Displays the details of targets available on SAN server testServer1.
Syntax:
DROP SAN SERVER server_name [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
| Argument | Description |
|---|---|
|
|
Name of the SAN server registered with the Audit Vault Server. |
Example:
avcli> DROP SAN SERVER testServer1;
Removes SAN server testServer1 from the Audit Vault Server.
The LIST DISK command displays details of all disks available in the system, or disks in a specific disk group.
Syntax:
LIST DISK [FOR DISKGROUP SYSTEMDATA|EVENTDATA|RECOVERY] [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Examples:
avcli> LIST DISK;
Displays the details of all disks in the system.
avcli> LIST DISK FOR DISKGROUP SYSTEMDATA;
Displays the details of the SYSTEMDATA disk group.
Syntax:
ALTER DISKGROUP SYSTEMDATA|EVENTDATA|RECOVERY ADD DISK disk_name [ON SECONDARY] ALTER DISKGROUP SYSTEMDATA|EVENTDATA|RECOVERY DROP DISK disk_name [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
| Argument | Description |
|---|---|
|
|
Name of the disk to add or drop. When adding a disk, the disk must be available in the system, and not previously added to a disk group. To display all disks available in the system, use the command "LIST DISK". |
Examples:
avcli> ALTER DISKGROUP SYSTEMDATA ADD DISK disk1;
Adds disk1 to the SYSTEMDATA disk group.
avcli> ALTER DISKGROUP RECOVERY DROP DISK disk2;
Drops disk2 from the RECOVERY disk group.
Syntax:
LIST DISKGROUP [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Example:
avcli> LIST DISKGROUP;
Displays details for all disk groups in the system, for example, name, total space, and free space. To see details of disk in a specific disk group, use the command "LIST DISK".
Syntax:
LIST SAN SERVER [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Example:
avcli> LIST SAN SERVER;
Displays details of SAN servers registered in the system, for example, storage name, storage type, etc.
The SHOW ISCSI INITIATOR DETAILS FOR SERVER command displays iSCSI initiator details for the Audit Vault Server. These initiator details are used in the SAN server configuration to allow it to connect to the Audit Vault Server.
Syntax:
SHOW ISCSI INITIATOR DETAILS FOR SERVER [ON SECONDARY]
Use the [ON SECONDARY] option in a high availability configuration to apply this command to secondary Audit Vault Server.
Example:
avcli> SHOW ISCSI INITIATOR DETAILS FOR SERVER;
Displays the iSCSI initiator details for the Audit Vault Server.
Table A-16 lists the remote filesystem AVCLI commands. Currently these commands support registering and managing connections to NFS filesystems that are used as archive locations.
Table A-16 AVCLI Remote Filesystem Commands
| Command | Description |
|---|---|
|
Registers a remote filesystem with the Audit Vault Server |
|
|
Alters a remote filesystem registered with the Audit Vault Server |
|
|
Drops a remote filesystem registered with the Audit Vault Server |
|
|
Displays the list of exports available on an NFS server |
|
|
Lists all remote filesystems registered with the Audit Vault Server |
|
|
Shows the status of a remote filesystem registered with the Audit Vault Server |
Use the REGISTER REMOTE FILESYSTEM command to register remote file systems with Oracle Audit Vault Server.
The REGISTER REMOTE FILESYSTEM command registers a remote filesystem with the Audit Vault Server. This command currently supports registering an NFS filesystem. After registering a remote filesystem, an administrator can select it when specifying an archive location.
Syntax:
REGISTER REMOTE FILESYSTEM filesystem_name OF TYPE NFS ON HOST NFS_server_address USING EXPORT export [MOUNT]
Arguments
| Argument | Description |
|---|---|
|
|
A unique name for the remote filesystem |
|
|
Hostname or IP address of the NFS server |
|
|
Name of the export directory on the NFS server. This directory must be created in |
Note:
Log in as Oracle user 503 to register the remote filesystem. Use the same user name on the NFS Server and the Audit Vault Server.
If this is any different, then edit the /etc/passwd/ file in the NFS Server and change the USER ID of Oracle user to 503.
Examples:
avcli> REGISTER REMOTE FILESYSTEM sample_Filesystem OF TYPE NFS ON HOST example_host.example.com USING EXPORT /export/home1;
Registers a remote NFS filesystem named sample_Filesystem on the host example_host.example.com using the export directory /export/home1. This will mount the registered remote filesystem.
avcli> REGISTER REMOTE FILESYSTEM sample_Filesystem OF TYPE NFS ON HOST example_host.example.com USING EXPORT /export/home1 MOUNT;
Registers a remote NFS filesystem named sample_Filesystem on the host example_host.example.com using the export directory /export/home1. This will also mount the registered remote filesystem.
The ALTER REMOTE FILESYSTEM command alters a remote filesystem registered with the Audit Vault Server.
Syntax:
ALTER REMOTE FILESYSTEM filesystem_name SET {key=value [,key=value...]} ALTER REMOTE FILESYSTEM filesystem_name MOUNT ALTER REMOTE FILESYSTEM filesystem_name UNMOUNT [FORCE]
Arguments
| Argument | Description |
|---|---|
|
|
Name of the remote filesystem |
|
|
For an NFS remote filesystem, the |
Examples:
avcli> ALTER REMOTE FILESYSTEM sample_filesystem SET NAME=newfilesystem;
Changes the name of the remote filesystem sample_filesystem to newfilesystem.
avcli> ALTER REMOTE FILESYSTEM sample_filesystem MOUNT;
Mounts the remote filesystem sample_filesystem.
avcli> ALTER REMOTE FILESYSTEM sample_filesystem UNMOUNT;
Unmounts remote filesystem sample_filesystem.
avcli> ALTER REMOTE FILESYSTEM sample_filesystem UNMOUNT FORCE;
Unmounts remote filesystem sample_filesystem and forces this operation.
The DROP REMOTE FILESYSTEM command drops a remote filesystem registered with the Audit Vault Server.
Syntax:
DROP REMOTE FILESYSTEM file_system_name
Arguments
| Argument | Description |
|---|---|
|
|
Name of the remote filesystem. |
Examples:
avcli> DROP REMOTE FILESYSTEM filesystem1;
Drops the remote filesystem filesystem1.
Syntax:
LIST EXPORT OF TYPE NFS ON HOST address
Arguments
| Argument | Description |
|---|---|
|
|
Hostname or IP address of the NFS server. |
Example:
avcli> LIST EXPORT OF TYPE NFS ON HOST example_server.example.com;
Lists the exports available on the NFS server example_server.example.com.
Table A-17 AVCLI Server Management Commands
| Command | Description |
|---|---|
|
Modifies system configuration data |
|
|
Displays the certificate for the Audit Vault Server |
|
|
Downloads the Audit Vault Server log file for diagnostics |
Use the ALTER SYSTEM SET command to modify system configuration data.
The ALTER SYSTEM command modifies system configuration data.
Syntax:
ALTER SYSTEM SET {attribute=value [,attribute=value...]}Arguments
| Argument | Description |
|---|---|
|
|
System attributes as key/value pairs. See Table A-18. |
Usage Notes
Typically, system configuration data affects all components system-wide.
Multiple component log levels can be changed by delimiting them using the | symbol.
Modify system configuration data by altering the attributes associated with the data using key=value pairs and multiple attributes by specifying comma-separated pairs.
Log files are in the $Oracle_Home/av/log directory in the Audit Vault Server.
The following attributes are supported:
Table A-18 System Attributes
| Parameter | Description |
|---|---|
|
|
The log level of components running on this host. The
See Table A-19 for component names and log level values. Multiple components' log levels can be changed by delimiting them using the |
|
|
Sets the system heartbeat interval to a numerical value in seconds. |
|
|
The interval in seconds before the system will try to restart failed audit trails. Default: 1800 |
|
|
The number of times the system will retry starting failed audit trails. Default: 5 |
Table A-19 shows valid values for component_name and loglevel_value for the LOGLEVEL attribute:
Table A-19 Logging component names and values
| Logging component name | Values |
|---|---|
|
|
Alert |
|
|
Agent |
|
|
Archive and Retrieve |
|
|
Data Warehouse |
|
|
Database Firewall |
|
|
Web Concole UI |
|
|
Java Server Process |
|
|
Notification |
|
|
Plug-in Management |
|
|
Policy Management |
|
|
Report Generation |
|
|
SAN Storage |
|
|
Transaction Log Trail |
|
|
All components. Valid only with |
Table A-20 Logging level and values
| Parameter | Description |
|---|---|
|
|
The |
|
|
The |
|
|
The |
|
|
The Be aware that |
Examples
avcli> ALTER SYSTEM SET SYS.HEARTBEAT_INTERVAL=10;
The SYS.HEARTBEAT_INTERVAL system configuration setting changes to 10 seconds.
avcli> ALTER SYSTEM SET LOGLEVEL=JfwkLog:DEBUG|PfwkLog:INFO;
The log levels of the JfwkLog and PfwkLog components running on the system change.
avcli> ALTER SYSTEM SET SYS.AUTOSTART_INTERVAL=900;
The system will restart failed audit trails after 900 seconds.
See Also:
Downloading Detailed Diagnostics Reports for the Audit Vault Server for information about generating a diagnostics report that captures Audit Vault Server appliance information.
The SHOW CERTIFICATE command displays the certificate for the Audit Vault Server.
Syntax
SHOW CERTIFICATE FOR SERVER
Example
avcli> SHOW CERTIFICATE FOR SERVER;
The Audit Vault Server certificate appears.
The DOWNLOAD LOG FILE command downloads the diagnostics log file (as a .zip file) from the Audit Vault Server and saves it in the following directory:
AVCLI_installation_path/av/log
Syntax
DOWNLOAD LOG FILE FROM SERVER
Example
avcli> DOWNLOAD LOG FILE FROM SERVER;
The Audit Vault Server log file is downloaded.
The AVCLI collection plug-in commands enable you to manage the deployment of collection plug-ins.
Table A-13 lists the collection plug-in AVCLI commands.
Table A-21 AVCLI Collection Plug-In Commands
| Command | Description |
|---|---|
|
Deploys a plug-in into Audit Vault Server home from a given archive file |
|
|
Lists all the plug-ins in an Audit Vault Server installation |
|
|
Undeploys a plug-in from an Audit Vault Server home |
The DEPLOY PLUGIN command deploys a plug-in into the Audit Vault Server home from a given archive file.
Syntax
DEPLOY PLUGIN plugin archiveArguments
| Argument | Description |
|---|---|
|
|
The plug-in archive. Archive files have an |
Usage Notes
No action is required after this command.
The DEPLOY PLUGIN command updates the agent archive with the contents of this plug-in for future Agent deployments.
When a newer version of the plug-in is available, use the DEPLOY PLUGIN command to update the plug-in artifacts. Multiple plug-ins can support a single secured target type.
Example
avcli> DEPLOY PLUGIN /opt/avplugins/sample_plugin.zip;
Deploys the plug-in at /opt/avplugins/sample_plugin.zip into the Audit Vault Server and updates the agent archive by adding the plug-in to its contents.
The LIST PLUGIN FOR SECURED TARGET TYPE command lists all the plug-ins that support a particular secured target type.
Syntax
LIST PLUGIN FOR SECURED TARGET TYPE secured target type nameArguments
| Argument | Description |
|---|---|
|
|
The name of the secured target type |
Usage Notes
To find a list of available secured target types, see "LIST SECURED TARGET TYPE".
Examples
avcli> LIST PLUGINS FOR SECURED TARGET TYPE "Oracle Database";
The plug-ins that support the secured target type "Oracle Database" are listed.
The UNDEPLOY PLUGIN command deletes a plug-in from an Audit Vault Server home.
Syntax
UNDEPLOY PLUGIN plugin_idArguments
| Argument | Description |
|---|---|
|
|
The |
Usage Notes
UNDEPLOY PLUGIN attempts to identify dependent plug-ins or packages prior to deleting the plug-in.
This command undeploys a plug-in specified by the plug-in ID from the Audit Vault Server. It also updates the agent archive removing this plug-in, so that it is not deployed in future agent deployments.
Examples
avcli> UNDEPLOY PLUGIN com.abc.sample_plugin;
The plug-in, com.abc.sample_plugin, is undeployed from Oracle Audit Vault Server and the agent archive is updated by removing the plug-in.
Table A-22 lists the general usage AVCLI commands.
Table A-22 AVCLI HELP and EXIT Commands
| Command | Description |
|---|---|
|
Connects the current user in |
|
|
Stores administrator credentials in the AVCLI wallet, or overwrites previously stored credentials. |
|
|
Displays the currently logged in AVCLI user |
|
|
Clears the systems's diagnostic logs |
|
|
Lists all |
|
|
Displays help information for all of the commands in the |
|
|
Displays the version number for |
|
|
Exits |
The CONNECT command enables you to connect as a different user in AVCLI.
Syntax
CONNECT [username]
Usage Notes
If you have logged into to AVCLI without specifying a username and password, then you must use the CONNECT command to connect as a valid user.
For additional ways to connect to AVCLI, see "Using the Audit Vault Command-Line Interface".
Example 1
avcli> CONNECT psmith;
Enter password: password
Connected.Example 2
avcli> CONNECT; Enter user name: username Enter password: password Connected.
Use the STORE CREDENTIALS command to store administrator credentials in AVCLI wallet, or to overwrite previously stored credentials.
The STORE CREDENTIALS command lets you store credentials for one Oracle Audit Vault and Database Firewall administrator in the Oracle AVCLI wallet, or update existing credentials in the wallet.
Syntax
STORE CREDENTIALS [FOR USER username]
Example 1
avcli> STORE CREDENTIALS FOR USER admin1; Enter password: password Re-enter password: password
Example 2
avcli> STORE CREDENTIALS; Enter user name: admin1 Enter password: password Re-enter password: password
The SHOW USER command displays the currently logged in AVCLI user.
Syntax
SHOW USER
Example
avcli> SHOW USER;
The HELP command lists all available AVCLI commands and their categories.
Syntax
HELP
Example
avcli> HELP;
The -HELP command displays version number and help information about the AVCLI commands. Run the -HELP command from outside of AVCLI.
Syntax
avcli -h avcli -H avcli -help avcli -HELP
Example
avcli -help:
[oracle@slc02vjp ~]$ avcli -help
AVCLI : Release 12.2.0.0.0 - Production on Thu Nov 8 00:53:54 UTC 2012
Copyright (c) 1996, 2015 Oracle. All Rights Reserved.
Usage 1: avcli -{h|H} | -{v|V}
-{h|H} Displays the AVCLI version and the usage help
-{v|V} Displays the AVCLI version.
Usage 2: avcli [ [<option>] [<logon>] [<start>] ]
<option> is: [-{l|L} <log level>]
-{l|L} <log level> Sets the log level to the level specified.
Supported log levels: INFO, WARNING, ERROR, DEBUG
<logon> is: -{u|U} <username>
Specifies the database account username for the database
connection
<start> is: -{f|F} <filename>.<ext>
Runs the specified AVCLI script from the local file system
(filename.ext). Valid AVCLI script files should have
their file extension as '.av' (e.g. sample_script.av)
The -VERSION command displays the version number for AVCLI. Run the -VERSION command from outside of AVCLI.
Syntax
avcli -v avcli -V avcli -version avcli -VERSION
Example
avcli -v; AVCLI : Release 12.2.0.0.0 - Production on Tue Apr 26 14:25:31 PDT 2011 Copyright (c) 2014, Oracle. All Rights Reserved.
You can use the AVCLI user commands to create user, assign necessary roles, reset password, and delete the user.
Table A-23 AVCLI User Commands
| Command | Description |
|---|---|
|
To create a user with auditor role. Only a superauditor can create a user with auditor role. |
|
|
To reset the password for existing auditor or superauditor user. Only a superauditor can reset password for auditor or superauditor user. |
|
|
To drop or delete an existing auditor or superauditor user. Only a superauditor can drop an auditor or superauditor user. |
|
|
To create a user with admin role. Only a superadmin can create a user with admin role. |
|
|
To reset the password for existing admin or superadmin user. Only a superadmin can reset password for admin or superadmin user. |
|
|
To drop or delete an existing admin or superadmin user. Only a superadmin can drop an admin or superadmin user. |
Use the CREATE AUDITOR command to create users with the auditor role. Only superauditors can create users with the auditor role.
The CREATE AUDITOR command creates a user with the auditor role. A superauditor can create a user with auditor role.
Syntax
CREATE AUDITOR user name
Arguments
| Argument | Description |
|---|---|
|
user name |
The name of the user being created with auditor role. The user name cannot be null, start with any reserved user name, or the same as any of the existing user role. It must be alphanumeric only and can contain underscore (_), dollar sign ($), and pound sign (#). |
|
password |
The command prompts a password before creating a user with auditor role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Example
create auditor myauditor
This command creates a user myauditor with auditor role. The user password is taken from the prompt.
Use the ALTER AUDITOR command to reset the password for existing auditors or superauditor users. Only a superauditor can reset the password for auditors or superauditor users.
The ALTER AUDITOR command resets the password of the user with auditor role. A superauditor can modify the password of the user with auditor role.
Syntax
ALTER AUDITOR <user name>
Arguments
| Argument | Description |
|---|---|
|
user name |
The existing user with auditor role who requires a password reset. |
|
password |
The command prompts a password for modifying the password of the user with auditor role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Example
alter auditor myauditor
This command resets the password of the existing user myauditor. The password for myauditor is taken from the prompt.
Use the DROP AUDITOR command to drop or delete auditors or superauditor users. Only superauditors can drop an auditor or superauditor user.
The DROP AUDITOR command drops or deletes a user with auditor role. A superauditor can drop a user with auditor role.
Syntax
DROP AUDITOR user name
Arguments
| Argument | Description |
|---|---|
|
user name |
The existing user with auditor role who needs to be dropped or deleted. |
Example
drop auditor myauditor
This command drops the existing user myauditor. The command performs a cleanup, expire the password, lock the account, terminate any existing sessions for the user, and drop the user completely from the database.
Use the CREATE ADMIN command to create users with the admin role. Only a superadmin can create a user with admin role.
The CREATE ADMIN command creates a user with admin role. A superadmin can create a user with admin role.
Syntax
CREATE ADMIN user name
Arguments
| Argument | Description |
|---|---|
|
user name |
The name of the user being created with admin role. The user name cannot be null, start with any reserved user name, or be the same as any of the existing user role. It must be alphanumeric only and can contain underscore (_), dollar sign ($), and pound sign (#). |
|
password |
The command prompts a password before creating a user with admin role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Example
create admin myadmin
This command creates a user myadmin with admin role. The user password is taken from the prompt.
Use the ALTER ADMIN command to reset the password for an admin or superadmin user. Only a superadmin can reset the password for an admin or superadmin user.
The ALTER ADMIN command resets the password of the user with admin role. A superadmin can modify the password of the user with admin role.
Syntax
ALTER ADMIN <user name>
Arguments
| Argument | Description |
|---|---|
|
user name |
The existing user with admin role who requires a password reset. |
|
password |
The command prompts a password for modifying the password of the user with admin role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Example
alter admin myadmin
This command resets the password of the existing user myadmin. The password for myadmin is taken from the prompt.
Use the DROP ADMIN command to drop or delete admin or superadmin users. Only a superadmin can drop an admin or superadmin user.
The DROP ADMIN command drops or deletes a user with admin role. A superadmin can drop a user with admin role.
Syntax
DROP ADMIN user name
Arguments
| Argument | Description |
|---|---|
|
user name |
The existing user with admin role who needs to be dropped or deleted. |
Example
drop admin myadmin
This command drops the existing user myadmin. The command performs a cleanup, expire the password, lock the account, terminate any existing sessions for the user, and drop the user completely from the database.