Go to main content
1/20
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Oracle Audit Vault and Database Firewall Release 12.2.0 Changes
Revision History
1
Introduction to Oracle Audit Vault and Database Firewall
1.1
What Is Oracle Audit Vault and Database Firewall?
1.1.1
How Oracle Audit Vault Server and Agent Work
1.2
What Are Audit Collection Plug-ins?
1.2.1
Types of Audit Collection Plug-ins
1.2.1.1
Determining Which Audit Collection Plug-in Type to Create
1.2.1.2
Java-Based Collection Plug-ins
1.3
Oracle Audit Vault Events and Fields
1.3.1
Core Fields
1.3.1.1
CommandClass and Target Types
1.3.2
Other Audit Vault Fields
1.3.2.1
Large Fields
1.3.2.2
Extension Field
1.3.2.3
Marker Field
1.3.3
Storing Audit Records in Audit Vault
1.4
The Collection Process
1.4.1
Flow of Collection: User
1.4.2
Flow of Control Inside the Audit Collection Plug-in
1.4.3
Collection Concepts
1.4.3.1
Collection Thread
1.4.3.2
Collection Phase
1.4.3.3
Mapping
1.4.3.4
Checkpoint of a Trail
1.4.3.5
Recovery Phase Of Data Collection
1.4.3.6
Audit Trail Clean-Up
1.5
General Procedure for Writing Audit Collection Plug-ins
2
Setting Up Your Development Environment
2.1
Before You Set Up the Development Environment
2.2
Setting Up the Development Environment
2.3
Audit Collection Plug-in Directory Structure
2.3.1
General Directory Structure
2.3.2
Audit Collection Plug-In Directory Structure
2.3.3
Java-Based Collection Plug-in Directory Structure
2.3.4
Staging a plugin-manifest.xml File
3
Audit Collection Plug-ins
3.1
About Audit Collection Plug-ins
3.2
About Mapper Files
3.3
Database Table Collection Plug-ins
3.3.1
Requirements for Database Table Collection Plug-ins
3.3.2
Example Audit Trail for a Database Table Collection Plug-in
3.3.3
Creating a Database Table Mapper File
3.4
XML File Collection Plug-ins
3.4.1
Requirements for XML File Collection Plug-ins
3.4.2
Example Audit Trail for an XML File Collection Plug-in
3.4.3
Creating the XML File Audit Collection Mapper File
3.4.4
XML Transformation for Non-Standard Audit Records
3.4.4.1
Additional Requirement for XML Transformation Using XSL
3.4.4.2
Changes Required to Transform Non-Standard Audit Records
3.4.4.3
Sample Non-Standard XML Audit Data Record
3.4.4.4
Creating an XSL File for Transformation
3.5
Secured Target Collection Attributes
3.6
Preprocessing Audit Data
4
Java-Based Audit Trail Collection Plug-ins
4.1
About Java-Based Collection Plug-ins
4.2
JDK Requirement for Using the Java-Based Collection Plug-in
4.3
Flow of Control Inside the Java-Based Collection Plug-in
4.4
Useful Classes and Interfaces in the Collection Framework
4.5
How to Create a Java-Based Collection Plug-in
4.5.1
About Creating a Java-Based Collection Plug-in
4.5.2
Using the AuditEventCollectorFactory to Get the AuditEventCollector Object
4.5.3
Using the CollectorContext Class When Creating a Java-Based Collection Plug-in
4.5.3.1
Basic Source Attributes
4.5.3.2
Basic Trail Attributes
4.5.3.3
Utility Instances
4.5.3.4
Additional Source or Trail Attributes
4.5.4
Initializing the Java-Based Collection Plug-in
4.5.5
Connecting, Fetching Events, and Setting Checkpoints
4.5.6
Transforming Source Event Values to Audit Vault Event Values
4.5.6.1
Event Time to UTC
4.5.6.2
Source Event Name to Audit Vault Event Name
4.5.6.3
Source Event Id to Source Event Name
4.5.6.4
Mapping Source Event Name or Id to Target Type
4.5.6.5
Source Event Status to Audit Vault Event Status
4.5.7
Retrieving Other Audit Field Values
4.5.8
Changing Audit Vault and Database Firewall Attributes at Run Time
4.5.9
Changing Custom Attributes at Run Time
4.5.10
Creating Extension Fields
4.5.11
Handling Large Audit Fields
4.5.12
Creating Markers to Uniquely Identify Records
4.5.13
Closing the Java-Based Collection Plug-in
4.5.14
Using Exceptions in Collection Plug-ins
4.6
Java-Based Collection Plug-in Utility APIs
4.6.1
About Connection to Database Sources Using ConnectionManager API
4.6.2
Example of Using the ConnectionManager API to Connect to Database Sources
4.6.3
Using the Windows Event Log Access API
4.6.4
Using Windows EventMetaData API
4.6.5
Using the AVLogger API to Log Messages
4.6.6
Using the Oracle XML Developer's Kit to Parse XML Files
4.7
Using an Audit Trail Cleanup with Java-Based Collection Plug-ins
4.8
Java-Based Collection Plug-in Security Considerations
5
Packaging Audit Collection Plug-ins
5.1
Flow of Packaging
5.2
External Dependencies
5.3
Creating New Versions of Your Audit Collection Plug-ins
5.4
Description of Plug-in Manifest File
5.5
avpack Tool
6
Testing Audit Collection Plug-ins
6.1
Requirements for Testing Audit Collection Plug-ins
6.2
Typical Audit Collection Plug-in Testing Processes
6.3
Deploying an Oracle Audit Vault Agent
6.4
Redeploying the Oracle Audit Vault Agent
A
Audit Vault Server Fields
A.1
Oracle Audit Vault and Database Firewall Fields
A.1.1
Core Fields
A.1.2
Large Fields
A.1.3
Marker Field
A.1.4
Extension Field
A.2
Actions and Target Types
A.2.1
Actions
A.2.2
Target Types
B
Schemas
B.1
Sample Schema for a plugin-manifest.xml file
B.2
Database Table Collection Plug-in Mapper File
B.3
Schema For XML File Collection Plug-in Mapper File
C
Example Code
C.1
Database Table Collection Plug-in Example
C.1.1
Database Table Collection Plug-in Mapper File
C.1.2
Database Table Collection Plug-in Manifest File
C.2
XML File Collection Plug-in Example
C.2.1
XML File Collection Plug-in Mapper File
C.2.2
XML File Collection Plug-in Manifest file
C.3
Java-Based Collection Plug-in Example
C.3.1
Java Collection Plug-in Code
C.3.2
Java Based Collection Plug-in Manifest File
D
Bundled JDBC Drivers
D.1
About Bundled JDBC Drivers
D.1.1
Connecting URLs
D.1.2
DataSource Class
Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.