This preface describes new features in the most recent, as well as prior, releases of Oracle Audit Vault and Database Firewall (AVDF) version 12.2.
The following are new features in this release:
A backup and restore utility for the Audit Vault Server has been integrated into the product.
Audit trails will automatically start when the Audit Vault Agent is restarted or when Oracle AVDF is upgraded.
The AVCLI command line utility can be used non-interactively by storing an administrator's credentials in the AVCLI wallet.
You can configure Oracle Database In-Memory to speed up reports.
New (full) installations of Oracle AVDF 12.2 will have all audit data encrypted using Oracle Database Transparent Data Encryption (TDE). Any upgrade performed thereafter encrypts audit data from that point onwards.
When new audit trails contain data that is older than limits set in the retention (archiving) policy, that data will be automatically archived according to the policy.
You can change the certificate for the Audit Vault Server and Database Firewall Web UIs.
You can register hosts without providing an IP address.
You can change the logging levels of system components from the Web UI.
You can unlock user accounts from the Web UI.
New reports have been added including: summary reports, IRS compliance reports, and reports that correlate database audit events with OS users that used su or sudo to execute commands.
In the Administrator's Web UI, the Hosts tab has new Host Monitor details, and added Audit Vault Agent details.
The Audit Vault Server's high availability pairing UI has been improved for usability.
Support for IBM AIX secured targets has been added.
The Oracle AVDF auditor can create an alert syslog template.
The Oracle AVDF auditor can set a schedule for retrieval of audit data and entitlements from Oracle Database.
Support for the Interface Niagara Masters Server Adapter card is now available for this release.
Included Oracle Audit Vault and Database Firewall Concepts Guide to the documentation library.
Introducing Oracle AVDF Hybrid Cloud in release 12.2.0.3.0. In the AVDF Hybrid Cloud deployment model, the Audit Vault server is deployed on-premises and monitors DBCS (Database Cloud Service), Exadata Cloud Service instances, and on-premises databases. See Oracle Audit Vault And Database Firewall Hybrid Cloud Deployment for more information.
Introducing TDE (Transparent Data Encryption) support during Audit Vault Server upgrade. Refer to Data Encryption on Upgraded Instances for more information.
Introducing support for multiple Network Interface Cards (NIC) on Oracle Audit Vault and Database Firewall. The AVDF users can now effectively separate different aspects of the Audit Vault Server network usage by enabling multiple Network Interface Cards on the AVDF appliance. See Multiple Network Interface Cards for more information.
Included new release of Oracle database 12.2 as supported secure target version. See sections UPLOAD OR DELETE WALLET FILE and Securing the Agent and Oracle Database Secure Target Connection for more information.
Introducing a new feature to schedule maintenance jobs. See Scheduling Maintenance Job for more information.
Oracle Database Collector is enhanced to support Oracle DB 12.2. See sections Oracle Database and Summary of Data Collected for Each Audit Trail Type for more information.
Included support for Oracle Database Exadata Express Cloud Service. See sections Configuring Oracle Database Exadata Express Cloud Service Secured Target Using TCPS and Configuring Oracle Database Exadata Express Cloud Service Secured Target Using TCP for more information.
Included support for Autonomous Data Warehouse Cloud. See Configuring Autonomous Data Warehouse and Autonomous Transaction Processing for complete information.
This section lists the updates and correction to the document in Oracle Audit Vault and Database Firewall (AVDF) release 12.2.
The following are the updates and correction in this document.
E41705-35 (June 2022)
Introducing support for renewing or rotating certificates for Database Firewall and Audit Vault Server. See Certificates for complete information.
Update or correction to the following topics:
E41705-34 (March 2021)
Update to requirements for using Host Monitor functionality on Windows platform. See sections Deploying the Agent and Host Monitor on Microsoft Windows Hosts and Host Monitor Requirements for complete information, prior to upgrade of Oracle AVDF.
E41705-33 (September 2020)
Updates and correction to the following topics:
Host Monitor functionality on Windows platform is re-certified in 12.2.0.13.0. For using Host Monitoring on Windows platform install Npcap and update OpenSSL libraries on Windows before upgrading to 12.2.0.13.0. Complete the steps in the following sections:
network_device_name_for_hostmonitor collection attribute post installation of Npcap and OpenSSLIn case the Audit Vault Agents or Host Monitor Agents fail to upgrade automatically to recent bundle patch, then the Agents must be manually upgraded. See Audit Vault Agent or Host Monitor is not Upgraded to the Latest Bundle Patch for complete information.
Updated the following topics to clarify on archiving functionality in high availability environment:
E41705-31 (March 2020)
Database Activity Monitoring with Host monitor on Windows platform is not certified in release 12.2.0.11.0 and 12.2.0.12.0. Upgrade to these releases only when you are sure that host monitoring functionality on Windows platform is not required.
Supporting IBM DB2 audit data collection from IBM AIX on Power Systems (64-bit) starting release 12.2.0.12.0. See IBM DB2 for complete information.
Supporting audit collection from IBM DB2 (version 11.1) HADR (High Availability and Disaster Recovery) on OL 7.x starting release 12.2.0.12.0.
Supporting audit collection from Microsoft SQL Server Cluster on Windows 2012 R2 starting release 12.2.0.12.0. See section Microsoft SQL Server for mandatory collection attribute.
Included important information in section About Archiving And Retrieving Data In Oracle Audit Vault And Database Firewall.
Updates to section About Setting Transport Layer Security Levels.
Added new Target Group AVCLI Commands to add or remove targets from target group.
E41705-29 (December 2019)
Included important information for configuring CDB and PDB instances for audit collection. See following sections:
jdbc:av:db2://hostname:port and collection attribute av.collector.databasename is not required from Oracle Audit Vault and Database Firewall release 12.2.0.11.0 and onwards.E41705-28 (November 2019)
Updates and correction to the entire document.
Update to section Defining Archive Locations.
E41705-27 (October 2019)
Correction to section Configuring Oracle Audit Vault Server Syslog Destinations.
Updates and correction to the entire document.
E41705-26 (September 2019)
Caution:
Oracle Audit Vault and Database Firewall release 12.2.0.11.0 does not support Niagara cards. Do not upgrade to this release if you have Niagara cards in your system.
Host Monitor on Windows platform is not certified in release 12.2.0.11.0. Upgrade or use 12.2.0.11.0 only when you are sure that network trail monitoring functionality on Windows platform is not required. This functionality will be certified in a future release. If your installation is pertaining to any of the older releases before 12.2.0.11.0, then Host Monitor functionality on Windows platform is certified.
Oracle Audit Vault and Database Firewall supports audit collection from SAP Sybase ASE (version 16.0). It also supports Sybase password encryption starting release 12.2.0.11.0. See Sybase ASE for complete information.
Oracle Audit Vault and Database Firewall release 12.2.0.11.0 and later, enables archiving functionality in high availability environment. See Managing Archival and Retrieval in High Availability Environments for complete information.
Oracle Audit Vault and Database Firewall Hybrid Cloud can be configured with Autonomous Data Warehouse and Autonomous Transaction Processing. See Configuring Autonomous Data Warehouse and Autonomous Transaction Processing for complete information.
Oracle Audit Vault and Database Firewall supports high availability configuration for proxy deployment. Refer to the following sections for complete information:
Minor correction to section About High Availability Configurations in Oracle Audit Vault and Database Firewall.
Included workaround for Audit Trail Stopped After Relocating Windows Event Log Files.
Included workaround for Network Audit Trail Does Not Start on Unix Platforms.
Included workaround for Pending Reports In Scheduled Status.
Correction to commands in the following sections:
Included information on External Network Dependencies.
Updated the connect string for Windows authentication in Microsoft SQL Server.
Updated OpenSSL version for Windows. See Host Monitor Requirements.
E41705-25 (June 2019)
The JAVA_HOME environment variable must be set to point to the JDK installation directory. On Windows, add %JAVA_HOME%\bin to the PATH environment variable. See section Downloading the AVCLI Command Line Utility and Setting JAVA_HOME.
E41705-24 (March 2019)
Included important information on the backup functionality which does not backup archived files as they may be located on a remote file system. See sections Defining Archive Locations and About the Backup and Restore Utility for complete information.
Included important information on configuring Host Monitor only. See Create an Enforcement Point for the Host Monitor for complete information.
Included workaround for an issue on Host Monitor. See The Audit Vault Logs Display A Message To Install Npcap And OpenSSL for complete information.
Included important information regarding disk space for the restore operation. See section How Much Space Do I Need for Backup Files? for complete information.
Included supported link types for Host Monitor. See About Host Monitoring for complete information.
Included details that a certificate must contain in section Changing the UI (Console) Certificate for Oracle Audit Vault Server.
Included commands to disable or enable the failover through AVCLI. See section Disabling or Enabling Failover of the Audit Vault Server for complete information.
Minor update to section About Deploying the Audit Vault Agent.
Minor correction to section Step 1: Configure the Backup Utility.
Included important note on changing the IP addresses of Audit Vault Servers in case of high availability configuration. See section Setting or Changing the Audit Vault Server Network Configuration.
Included workaround for an issue. See section Host Monitor Agent Fails to Start for complete information.
E41705-22 (October 2018)
If any Agent is using Java 1.6, then upgrade the Java version to 1.8.
Install the Mandatory Pre-upgrade Patch before upgrading to Oracle Audit Vault and Database Firewall release 12.2.0.9.0. See Oracle Audit Vault and Database Firewall Readme for release 12.2.0 BP9 for complete information.
Added support for setting TLS levels across all components of Oracle Audit Vault and Database Firewall. See About Setting Transport Layer Security Levels for complete information.
Added an important note on scheduling concurrent long running reports at the same time. See section Scheduled PDF or XLS Reports Result in a Hung State for complete information.
F5 BIG-IP ASM integration is deprecated in release 12.2.0.7.0, and will be desupported in 19.1.0.0.0. This functionality is only supported on F5 BIG-IP ASM version 10.2.1.
12.2.0.8.0 and is desupported in 12.2.0.9.0. Use the syslog integration feature instead.See the following sections for updated list of supported systems and components:
Added important information in section Retrieving Oracle Audit Vault and Database Firewall Audit Data.
Added important information in section Ports for Services Provided by the Database Firewall.
Added important information in section REGISTER REMOTE FILESYSTEM.
Added important information in section Configure and Download the Diagnostics Report File.
Added important information on backup in section Backing Up the Audit Vault Server.
Added best practice note in section MySQL.
Minor update to section Configuring Physical Network Separation For Database Firewall.
Minor update to section Oracle Database.
Minor update to section Configuring Physical Network Separation For Database Firewall.
Minor update to section Managing Database Firewall Network Encryption.
Fiber Channel based storage with multipath is not supported in Oracle Audit Vault and Database Firewall. Updated this document accordingly.
Included Database Firewall Messages.
The syntax of the following commands will be changed in Oracle Audit Vault and Database Firewall release 19.1.0.0.0:
E41705-21 (June 2018)
Added important information in section Failure While Adding Disks.
Minor update to sections Defining Archive Locations and REGISTER REMOTE FILESYSTEM.
E41705-20 (June 2018)
Enhanced audit collection by supporting:
Autonomous Data Warehouse Cloud. See Configuring Autonomous Data Warehouse and Autonomous Transaction Processing for complete information.
MySQL version 5.7.21. See MySQL for complete information.
Introduced an option to restore backup to a new system with a new IP address and not retain the old IP address by default. See Restoring a Backup to a New System with a New or Different IP Address for complete information.
Introduced an option to manually add the NAT IP address of the Audit Vault Server into the Audit Vault Agent. See Adding Network Address Translation IP Addresses to Audit Vault Agent for complete information.
Updated the connect string for Microsoft SQL Server (SQL Server Authentication) in section Secured Target Locations (Connect Strings).
Audit data collection for Oracle Database 12 c Release 2 (12.2) as secured targets is supported on Oracle Audit Vault and Database Firewall release 12.2.0.4.0 and onwards. Updated section Oracle Database.
Reinstated option to automatically start the Audit Vault Agent as a service on Windows. This functionality was previously removed in release 12.2.0.7.0. It is now restored in release 12.2.0.8.0. See Registering and Unregistering the Audit Vault Agent as a Windows Service for complete information.
Minor updates and correction to ports in sections Ports for External Network Access by the Audit Vault Server, Ports for Internal TCP Communication, and Ports for Services Provided by Oracle Audit Vault Server.
Added steps to change the IP address of the Database Firewall Server. See Changing IP Address For A Single Instance Of Database Firewall Server for complete steps.
Added some best practices for setting event log properties in section START COLLECTION FOR SECURED TARGET.
Added an important note on assigning roles to the source user for running the REDO collector with Database Vault. See section About the Recommended Settings for Collection from REDO Logs for more information.
Added an important limitation in section About the Recommended Settings for Collection from REDO Logs.
Added guidelines for Configuring Audit Trail Collection For CDB And PDB.
Minor update and correction to the following sections:
Micro Focus Security ArcSight SIEM (previously known as HP ArcSight SIEM) is deprecated in 12.2.0.8.0, and will be desupported in 12.2.0.9.0. It is advisable to use the syslog integration feature instead.
In-line bridge mode is deprecated in 12.2.0.8.0, and will be desupported in 19.1.0.0.0. It is advisable to use proxy mode as an alternative.
E41705-19 (February 2018)
Included an important note in section Configure and Download the Diagnostics Report File.
F5 is deprecated in release 12.2.0.7.0, and will be desupported in 19.1.0.0.0.
E41705-18 (December 2017)
Introduced new AVCLI commands. See AVCLI User Commands for complete information.
Included support for the following versions of Red Hat Enterprise Linux operating system as secured target for audit collection. See Out-of-the Box Plug-ins at a Glance and Linux for more information.
RHEL 6.7
RHEL 6.8
RHEL 6.9
RHEL 7.1
RHEL 7.2
RHEL 7.3
Included support for the following new versions of MySQL with both old and new audit formats. See Out-of-the Box Plug-ins at a Glance, MySQL, and Converting Audit Record Format For Collection for more information.
5.5.34 to 5.5.57
5.6.13 to 5.6.37
5.7.0 to 5.7.19
Included support for AIX 7.2 version as secured target for audit collection. See Out-of-the Box Plug-ins at a Glance and IBM AIX for more information.
Included support of version 12 of SUSE Linux Enterprise Server operating system for Audit Vault Agent and Host Monitor. Updated section Out-of-the Box Plug-ins at a Glance.
Included support for Microsoft Windows Server (x86-64) 2016 and Active Directory 2016 versions. Updated sections Microsoft Windows, Microsoft Active Directory, and Out-of-the Box Plug-ins at a Glance.
Starting release 12.2.0.7.0 the Audit Vault Agent cannot be registered as a Windows service. You can only unregister the service that was previously registered. See Unregistering the Audit Vault Agent as a Windows Service for complete information.
The user may encounter data overflow issue in the Audit Vault GUI. See Data Overflow Issues in the Oracle Audit Vault UI for detailed information on this problem and for the workaround.
Included workaround for issue on audit trail stuck in Starting status. See section Oracle Audit Vault Agent is Unreachable and the Transaction Log Audit Trail is Frozen in Starting Status for complete information.
Included workaround for issue on generating the agent.jar file. See Unable to Install the Agent or Generate the agent.jar File for detailed information.
Minor updates to section Configure and Download the Diagnostics Report File.
Minor correction to supported trail types in section Summary of Data Collected for Each Audit Trail Type.
E41705-16 (September 2017)
Correction to Resetting Oracle Database Firewall.
E41705-15 (August 2017)
Included workaround for Failures Due to Dropping Users.
In case the auto upgrade of the Agent fails due to a connection issue to the Audit Vault Database, it continues to attempt and initiate the auto upgrade process. See Failure of Agent Automatic Upgrades for more information.
Included support for collection from DB2 version 11.1. See Out-of-the Box Plug-ins at a Glance and IBM DB2 for complete information.
Included important instruction in Oracle Audit Vault And Database Firewall Hybrid Cloud Deployment And Pre-requisites.
Update to Configuring Fiber Channel-Based Storage for Audit Vault Server.
Update to Oracle Audit Vault And Database Firewall Hybrid Cloud Deployment.
Correction to the steps in Managing A Resilient Audit Vault Server Pair.
Improved backup and restore process. The user can configure and specify multiple physical disk locations to backup simultaneously. See Step 1: Configure the Backup Utility for complete information.
The user can enable, configure, and modify the way diagnostic report is generated. See Configure and Download the Diagnostics Report File for complete information.
Included important information to Resetting Oracle Database Firewall and to Restore Enforcement Points.
Included important information in Step 2: Back Up the Audit Vault Server and Some Services May Not Start After Backup.
Included support for the following versions of Oracle Linux operating system as secured targets for audit collection. See Out-of-the Box Plug-ins at a Glance and Linux for complete information.
OL 6.8
OL 6.9
OL 7.3
Included support for Red Hat Enterprise Linux operating system (version 7.0) as secured target for audit collection.
The user can configure audit trail collection for Oracle Real Application Clusters (Oracle RAC). See the following sections for details:
E41705-14 (June 2017)
Minor update in Step 4: Configuring Server Network.
Included workaround for failure of Audit Vault agent installation after performing pairing or separation (un-pairing) of Audit Vault server. See Audit Vault Agent Installation Fails After HA Pairing Or Separation for more information.
Included important information on having the same path while performing backup and restore operation. See section About the Backup and Restore Utility for more information.
Included information on rules that must be adhered while archiving and restoring tablespaces. See sections Configuring Archive Locations and Retention Policies and Error in Restoring Files.
Included workaround for DB2 collector failures. See sections DB2 Collector Fails Due to Source Version NULL Errors and DB2 Collector Fails Due To Connection or Permission Issue From Database for more information.
Correction to the procedure in section Enabling SSH On A Secondary Network Interface Card For Audit Vault Server.
Included workaround for ORA-12660 error. See ORA-12660 Error While Registering Secured Target for more information. Also updated section Step 4: Configuring Server Network.
Including support for Policy Name and Client Program fields in alerts.
Updated Oracle Linux versions supported in sections Out-of-the Box Plug-ins at a Glance and Linux.
The SYS.AUD$ and SYS.FGA_LOG$ tables have an additional column RLS$INFO. See sections Oracle Audit Vault And Database Firewall Hybrid Cloud Deployment And Pre-requisites and Summary of Data Collected for Each Audit Trail Type for more information.
Introducing customizable set of cipher levels. See section About Setting Transport Layer Security Levels for more information on creating a custom file that defines the cipher levels and to apply the file.
Introduced agentctl stop -force command to forcibly stop the Agent in console mode. See Stopping and Starting the Agent on Windows Hosts for more information.
Introducing Fiber channel based storage. The user can configure this storage during installation. See Configuring Fiber Channel-Based Storage for Audit Vault Server for more information.
Included pointer for Integrating Oracle Audit Vault and Database Firewall with Oracle Key Vault.
Updated prerequisites to start Data Encryption process. See Data Encryption on Upgraded Instances for more information.
The AVDF upgrade script provides additional information about the upgrade before prompting the user for confirmation to start.
Execute high availability pairing prior to archiving of ILM. Else, it may result in an error. See section Failure During High Availability Pairing in Oracle Audit Vault Server for more information.
Included important information on updating the Audit Vault Agents. See sections Updating Audit Vault Agents and Host Monitor Agents After Pairing Audit Vault Servers and About Pairing Audit Vault Servers for more information.
Included steps to change IP address of an active host. See section Changing IP Address Of An Active And Registered Host for more information.
Introducing audit_trail_id_idx index to resolve audit trail performance issues. See Audit Trail Performance Issues Occur After Audit Vault Server Upgrade for more information on having sufficient disk space while performing Audit Vault Server upgrade if there is huge amount of event data.
Update to section Configuring an Interface Masters Niagara Server Adapter Card.
Windows host monitor is compatible with recent version of WinPcap. See Host Monitor Requirements for more information.
The REDO collector can populate Client_ID in the Data Modification Before-After Values Report or the event log report. See section Populating Client ID In Reports for REDO Collector for more information.
Correction to the steps for Switching Roles in a Resilient Pair of Database Firewalls.
Included important information for Configuring A Resilient Database Firewall Pair.
Update to Oracle Audit Vault And Database Firewall Hybrid Cloud Deployment.
MSSQL Server secured target can be used with Windows authentication along with SQL Server authentication. See the following sections for information:
E41705-13 (December 2016)
Included new releases of Oracle Linux OL 7.1 version 2.4.1 and Oracle Linux OL 7.2 version 2.4.1 as supported secured target type. See sections Out-of-the Box Plug-ins at a Glance and Linux for details.
Included host monitoring support for Oracle Linux releases OL 6.0, OL 6.1 to 6.5, and OL 6.6. See section Out-of-the Box Plug-ins at a Glance for details.
Update to prerequisites for deploying AVDF Hybrid Cloud in the section Oracle Audit Vault And Database Firewall Hybrid Cloud Deployment And Pre-requisites. Included Stored Procedure Auditing in the table as it is not supported for TCPS connection.
Update to ARCHIVELOG mode in Monitoring Server Archive Log Disk Space Use.
Updated the Audit Vault error messages. See Message Code Dictionary for more information.
Minor correction to the procedure in Step 3: Validate the Backup.
Included an important note to be followed before performing the upgrade task, if there is a Niagara card in the system. See section Configuring an Interface Masters Niagara Server Adapter Card for more information.
Included an important task that must be completed post upgrading to release 12.2.0.4.0 from 12.2.0.3.0. See Data Encryption on Upgraded Instances for more information.
Included openssl-devel as a required package for Linux machines. See Host Monitor Requirements for more information.
Update to the procedure Updating Audit Vault Agents and Host Monitor Agents After Pairing Audit Vault Servers.
Included workaround for connection error. See A Client Is Unable To Connect To The AVS Using SSH With A Secondary Network Interface Card for more information.
Included workaround for archive or retrieve job submission error. See First Archive Or Retrieve Job After Upgrade for more information.
Introducing support for retrieval of data from multiple targets. See the following sections:
E41705-12 (August 2016)
Update to Database STIG rules implemented in Oracle Audit Vault and Database Firewall release 12.2.0.3.0. See Current Implementation of Database STIG Rules for more information.
Update to Operating System STIG rules implemented in Oracle Audit Vault and Database Firewall release 12.2.0.3.0. See Current Implementation of Operating System STIG Rules for more information.
Included an important pre-requisite for performing restore task. See Out of Memory Error Message During Restore and How Much Space Do I Need for Backup Files? for more information.
Included workaround for JAVA.IO.IOEXCEPTION error. Refer to JAVA.IO.IOEXCEPTION Error for more information.
Included workaround for Failed to start ASM instance error. Refer to Failed to Start ASM Instance Error for more information.
Correction and update to the supported Trail locations for Secured Targets. Refer to Audit Trail Locations for more information.
Included workaround for failure while adding a new disk. Refer to Failure While Adding Disks for more information.
Included information on STIG recommendations. See About Security Technical Implementation Guides for more information.
Ensure the new system has sufficient disk space before performing restore. See How Much Space Do I Need for Backup Files? for more information.