| Oracle® Audit Vault and Database Firewall開発者ガイド リリース12.2.0 E70387-11 |
|
 前 |
 次 |
データベース表、XMLファイル、Javaベースのファイル収集プラグインなど、様々なタイプの収集プラグインのサンプルから学習します。
Oracle Audit Vaultデータベース表の収集プラグインのマッパー・ファイルとデータベース表プラグインのマニフェスト・ファイルの例を参照してください。
親トピック: サンプル・コード
データベース表の収集プラグインのマッパー・ファイルについて、どのOracle Audit Vault属性およびフィールドが必須かオプションかを学習します。
Oracle Audit Vaultデータベース表の収集プラグインのマッパー・ファイルには、特定の必須フィールドがあります。S
必須フィールド
次の属性およびフィールドは必須です。
securedTargetType
maxSecuredTargetVersion
version
TableName
Driver
EventTimeUTC
CommandClass変換
EventStatus変換
MarkerField
オプションのフィールド
Oracle Audit Vault Serverフィールドにマップするソース名は必須ではありません。ただし、データ収集の開始時に情報が提供されない場合、すべての監査レコードは無効として処理されます。
UserName
CommandClass
例C-1 データベース表の収集プラグインのXMLマッパー・ファイルのサンプル
<AVTableCollectorTemplate securedTargetType="DBSOURCE" minSecuredTargetVersion="10.2.0"
maxSecuredTargetVersion="11.0" version="1.0" >
<!--Example Template for a database Collector-->
<!-- Attributes: securedTargetType, maxSecuredTargetVersion,
and version are mandatory;
minSecuredTargetVersion attribute is optional -->
<!-- Accepted Format for min/maxSecuredTargetVersion and
version attribute value is numbers separated by
dots (For example: 12.2,10.3.2, 11.2.3.0 etc..)-->
<!-- Audit Table Information -->
<!-- Name of Audit Table: Mandatory information -->
<TableName>dummy_auditTable</TableName>
<!-- Source Connection Information -->
<ConnectionInfo>
<DataSource>oracle.jdbc.pool.OracleDataSource</DataSource>
<!--Datasource class name for current secured target type:
Mandatory information -->
</ConnectionInfo>
<!-- This Gives Mapping Information of Source Fields to various AV
Fields(core and large fields) -->
<!-- There should be no many-to-one mappings from source fields to
AV Server fields -->
<FieldMappingInfo>
<!-- Mapping of Source Fields to Core Fields of AV server -->
<!-- Source fields specified in core field mappings must be of SQL
Datatype: String OR convertible to String-->
<CoreFields>
<Map>
<!-- Mandatory: EventTime mapping information -->
<Name>EVENT_TIME</Name>
<MapTo>EventTimeUTC</MapTo>
</Map>
<Map>
<!-- If UserName core field mapping is not provided, Audit Data
Collection still starts successfully, but every audit record
will be treated as invalid -->
<Name>USER_ID</Name>
<MapTo>UserName</MapTo>
</Map>
<Map>
<Name>OS_USER_ID</Name>
<MapTo>OSUserName</MapTo>
</Map>
<Map>
<!-- If source name, the ACTION field, for CommandClass core field
mapping is not provided, Audit Data Collection still starts
successfully, but all audit records are treated as invalid -->
<Name>ACTION</Name>
<MapTo>CommandClass</MapTo>
<!-- Mandatory: value transformation from secured target field value
to command class field value. Value of "to" Attribute is from AV
Event set -->
<Transformation>
<ValueTransformation from="1" to="CREATE"/>
<ValueTransformation from="2" to="INSERT"/>
<ValueTransformation from="3" to="SELECT"/>
<ValueTransformation from="4" to="CREATE"/>
<ValueTransformation from="15" to="READ"/>
<ValueTransformation from="30" to="LOGON"/>
<ValueTransformation from="34" to="LOGOFF"/>
<ValueTransformation from="35" to="ACQUIRE"/>
</Transformation>
</Map>
<Map>
<Name>OBJ_NAME</Name>
<MapTo>TargetObject</MapTo>
</Map>
<Map>
<Name>USER_HOST</Name>
<MapTo>ClientHostName</MapTo>
</Map>
<Map>
<Name>OBJ_CREATOR</Name>
<MapTo>TargetOwner</MapTo>
</Map>
<Map>
<Name>STATUS</Name>
<MapTo>EventStatus</MapTo>
<!-- Value transformation for "STATUS" source field value.
Mandatory: EventStatus value transformation.
There are three possible values for EventStatus:
SUCCESS, FAILURE, UNKNOWN -->
<Transformation>
<ValueTransformation from="0" to="FAILURE"/>
<ValueTransformation from="1" to="SUCCESS"/>
<ValueTransformation from="2" to="UNKNOWN"/>
</Transformation>
</Map>
</CoreFields>
<!-- Mapping of Source Fields to Large Fields of AV server i.e fields
with huge content -->
<!-- Secured target fields specified in large field mappings must be
of SQL Datatype:CLOB OR SQL Datatype:String OR convertible to
String -->
<LargeFields>
<Map>
<Name>SQL_TEXT</Name>
<MapTo>CommandText</MapTo>
</Map>
<Map>
<Name>COMMAND_PARAMETER</Name>
<MapTo>CommandParam</MapTo>
</Map>
</LargeFields>
<!-- These secured target fields are collected in a single extension
field, all name-value pairs separated by standard delimiter -->
<!-- Secured target fields specified in extension field mapping must
be of SQL Datatype:String OR convertible to String -->
<ExtensionField>
<Name>DB_ID</Name>
<Name>INSTANCE</Name>
<Name>PROCESS</Name>
<Name>TERMINAL</Name>
</ExtensionField>
<!-- Mandatory: Secured target fields for MarkerField
A group of secured target fields to uniquely identify each Audit
Record -->
<!-- Secured target fields specified to be used as MarkerField mapping
must be of SQL Datatype:String OR convertible to String -->
<MarkerField>
<Name>SESSION_ID</Name>
<Name>ENTRY_ID</Name>
</MarkerField>
</FieldMappingInfo>
</AVTableCollectorTemplate>
関連トピック
親トピック: データベース表の収集プラグインの例
これは、データベース表の収集プラグインのマニフェスト・ファイルのサンプルです。
例C-2 データベース表の収集プラグインのマニフェスト・ファイルのサンプル
<?xml version="1.0"?>
<plugin xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/av/plugin plugin-manifest.xsd"
xmlns="http://xmlns.oracle.com/av/plugin"
name="HRMS-Template"
id="com.oracle.av.plugin"
version="1.0"
provider-name="Oracle Corp."
copyright="Copyright Oracle Corp. 2011">
<!-- targetVersion: Version of Oracle Audit Vault supported by this
plugin. This is represented by the "min" attribute of
<targetVersion> tag -->
<targetVersion min="11.1.0.0.0"/>
<extensionSet>
<extensionPoint type= "securedTargetType">
<!-- Tag: fileList: Lists all files that ship with the plugin -->
<fileList>
<jars></jars>
<templates>
<include file="DBSource-Mapper.xml"/>
</templates>
<bin></bin>
<config></config>
<shell></shell>
<patch></patch>
<unresolved-external>
</unresolved-external>
</fileList>
<!-- Tag: securedTargetTypeInfo: Contains secured target type and
trail information -->
<securedTargetTypeInfo name="DBSOURCE"/>
<!-- Tag: trailType: contains trail type, location , classname for
source type testSource -->
<trailInfo>
<trailType>TABLE</trailType>
<className name="oracle.av.platform.agent.collfwk.Collector.table.DatabaseTableCollector"/>
</trailInfo>
<!-- eventPatch: OPTIONAL field that indicates any event patches
that need to be applied as part of plugin deployment
The files listed here must be present in the <patch>
tag entries. The order in which the patches need to
applied can be controlled via the "order" attribute
Patches with lower "order" value will be applied
first -->
<eventPatch name="p6753288_11.1.2.0.0_GENERIC.zip" order="2"/>
</extensionPoint>
</extensionSet>
</plugin>
親トピック: データベース表の収集プラグインの例
この項の項目は次のとおりです。
次の属性およびフィールドは必須です。
securedTargetType
maxSecuredTargetVersion
version
HeaderInfo
RecordInfo
EventTimeUTC
CommandClass変換
EventStatus変換
MarkerField
次のAudit Vault Serverフィールドにマップするソース名は必須ではありませんが、情報が指定されずにデータ収集が開始されると、すべての監査レコードが無効とみなされます。
UserName
CommandClass
関連項目:
フィールドおよびイベントのリストは、「Audit Vault Serverフィールド」を参照してください。
例C-3 XMLファイルの収集プラグインのマッパー・ファイルのサンプル
<AVXMLCollectorTemplate securedTargetType="XMLSOURCE"
maxSecuredTargetVersion="11.0"
version="1.0">
<!--Example Template for XML template collector-->
<!-- Attributes: "securedTargetType", "maxSecuredTargetVersion" and
"version" are mandatory attributes, "minSecuredTargetVersion"
attribute is optional -->
<!-- Accepted Format for min/maxSecuredTargetVersion and version
attribute value is numbers separated by dots (For example:
12.2,10.3.2, 11.2.3.0 etc..)-->
<!-- Header Information like XML Header start tag -->
<HeaderInfo>
<!-- Mandatory: HeaderInfo-->
<!-- Value in this tag gives Root tag of the XML audit file-->
<StartTag>Audit</StartTag>
</HeaderInfo>
<!-- Record Information like Record Start tag and conformation to hold
original record -->
<RecordInfo>
<!-- Mandatory: RecordInfo -->
<!-- Provides starting tag of audit record in XML audit file -->
<StartTag>AuditRecord</StartTag>
</RecordInfo>
<!-- Gives Mapping Information of Source Fields to various AV Fields
(core and large fields) -->
<!-- Not Allowed: many-to-one mapping from source field to
AV Server fields -->
<FieldMappingInfo>
<!-- Mapping of Source Fields to Core Fields of AV server
Source fields specified in core field mappings must be of SQL
Datatype: String OR convertible to String -->
<CoreFields>
<Map>
<Name>EVENT_TIME</Name>
<MapTo>EventTimeUTC</MapTo>
<TimestampPattern>yyyy-MM-dd HH:mm:ss.SSS</TimestampPattern>
</Map>
<Map>
<!-- If UserName core field mapping is not provided, Audit Data
Collection still starts successfully, but every audit record
will be treated as invalid -->
<Name>USER_ID</Name>
<MapTo>UserName</MapTo>
</Map>
<Map>
<Name>OS_USER_ID</Name>
<MapTo>OSUserName</MapTo>
</Map>
<Map>
<!-- If source name, the ACTION field, for CommandClass
core field mapping is not provided, Audit Data Collection
still starts successfully, but all audit records are treated
as invalid -->
<Name>ACTION</Name>
<MapTo>CommandClass</MapTo>
<!-- Mandatory: value transformations from source to Action
field value. Value of "to" Attribute is from AV Event set -->
<Transformation>
<ValueTransformation from="1" to="CREATE"/>
<ValueTransformation from="2" to="INSERT"/>
<ValueTransformation from="3" to="SELECT"/>
<ValueTransformation from="4" to="CREATE"/>
<ValueTransformation from="15" to="READ"/>
<ValueTransformation from="30" to="LOGON"/>
<ValueTransformation from="34" to="LOGOFF"/>
<ValueTransformation from="35" to="ACQUIRE"/>
</Transformation>
</Map>
<Map>
<Name> OBJ_NAME</Name>
<MapTo>TargetObject</MapTo>
</Map>
<Map>
<Name>USER_HOST</Name>
<MapTo>ClientHostName</MapTo>
</Map>
<Map>
<Name>OBJ_CREATOR</Name>
<MapTo>TargetOwner</MapTo>
</Map>
<Map>
<Name>STATUS</Name>
<MapTo>EventStatus</MapTo>
<!-- Specifying value transformation for Status source field value.
Mandatory: EventStatus value transformation.
There are three possible values for EventStatus:
SUCCESS, FAILURE, UNKNOWN -->
<Transformation>
<ValueTransformation from="0" to="FAILURE"/>
<ValueTransformation from="1" to="SUCCESS"/>
<ValueTransformation from="2" to="UNKNOWN"/>
</Transformation>
</Map>
</CoreFields>
<!-- Mapping of Source Fields to Large Fields of AV server i.e fields
with huge content -->
<!-- Source fields specified in large field mappings must be of SQL
Datatype:CLOB OR SQL Datatype:String OR convertible to String -->
<LargeFields>
<Map>
<Name>SQL_TEXT</Name>
<MapTo>CommandText</MapTo>
</Map>
<Map>
<Name>COMMAND_PARAMETER</Name>
<MapTo>CommandParam</MapTo>
</Map>
</LargeFields>
<!-- These Source fields will be collected in a single extension
field, all name-value pairs are separated by standard delimiter -->
<!-- Source fields specified in extension field mapping must be of
SQL Datatype:String OR convertible to String -->
<ExtensionField>
<Name>DB_ID</Name>
<Name>INSTANCE</Name>
<Name>PROCESS</Name>
<Name>TERMINAL</Name>
</ExtensionField>
<!-- This is group of source fields for uniquely identifying each
Audit Record Marker -->
<!-- Source fields specified to be used as Marker field mapping must
be of SQL Datatype:String OR convertible to String -->
<!-- Mandatory: Source fields for MarkerField -->
<MarkerField>
<Name>SESSION_ID</Name>
<Name>ENTRY_ID</Name>
</MarkerField>
</FieldMappingInfo>
</AVXMLCollectorTemplate>
親トピック: XMLファイル収集プラグインの例
これは、XMLファイルの収集プラグインのマニフェスト・ファイルのサンプルです。
例C-4 XMLファイルの収集プラグインのマニフェスト・ファイルのサンプル
<?xml version="1.0"?>
<plugin xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/av/plugin plugin-manifest.xsd"
xmlns="http://xmlns.oracle.com/av/plugin"
name="Oracle-XML-Template"
id="com.oracle.av.plugin"
version="1.0"
provider-name="Oracle Corp."
copyright="Copyright Oracle Corp. 2011">
<!-- targetVersion: Version of Oracle Audit Vault supported by
this plugin. This is represented by the "min" attribute of
targetVersion> tag -->
<targetVersion min="11.1.0.0.0"/>
<extensionSet>
<extensionPoint type= "securedTargetType">
<!-- fileList: Lists *all* the files that ship with the plugin -->
<fileList>
<jars></jars>
<templates>
<include file="XMLSource-Mapper.xml"/>
</templates>
<bin></bin>
<config></config>
<shell></shell>
<patch></patch>
<unresolved-external></unresolved-external>
</fileList>
<!-- securedTargetTypeInfo: Contains source type and trail information
-->
<securedTargetTypeInfo name="oracle"/>
<!-- trailType: contains trail type, location , classname for
source type testSource -->
<trailInfo>
<trailType>DIRECTORY</trailType>
<className name="oracle.av.platform.agent.collfwk.ezcollector.xml.XMLFileCollector"/>
</trailInfo>
<!-- eventPatch: OPTIONAL field that indicates any event patches
that need to be applied as part of plugin deployment-->
The files listed here must be present in the <patch>-->
tag entries. The order in which the patches need to -->
applied can be controlled via the "order" attribute -->
Patches with lower "order" value will be applied -->
first -->
<eventPatch name="p6753288_11.1.2.0.0_GENERIC.zip" order="2"/>
</extensionPoint>
</extensionSet>
</plugin>
親トピック: XMLファイル収集プラグインの例
この項の項目は次のとおりです。
これは、Javaベースの収集プラグインの例の一覧です。これは、「Javaベースの収集プラグインの作成方法」の説明の最終結果です。
例C-5 SampleEventCollectorFactory.java
package oracle.av.plugin.sample.collector;
import oracle.av.platform.agent.collfwk.AuditEventCollector;
import oracle.av.platform.agent.collfwk.AuditEventCollectorException;
import oracle.av.platform.agent.collfwk.AuditEventCollectorFactory;
import oracle.av.platform.agent.collfwk.CollectorContext;
public class SampleEventCollectorFactory implements AuditEventCollectorFactory {
public AuditEventCollector createAuditCollection(
CollectorContext collectorContext) throws AuditEventCollectorException {
// It simply creates and returns an instance of SampleEventCollector
return new SampleEventCollector();
}
}
例C-6 SampleEventCollector.java
package oracle.av.plugin.sample.collector;
import java.io.Reader;
import java.sql.Clob;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.HashMap;
import java.util.Map;
import oracle.av.platform.agent.collfwk.AuditEventCollector;
import oracle.av.platform.agent.collfwk.AuditEventCollectorException;
import oracle.av.platform.agent.collfwk.AuditService;
import oracle.av.platform.agent.collfwk.CollectorContext;
import oracle.av.platform.agent.collfwk.SetAttributeException;
import oracle.av.platform.common.ErrorCodes;
import oracle.av.platform.common.dao.ConnectionManager;
import oracle.av.platform.common.dao.ConnectionManagerImpl;
import oracle.av.platform.common.exception.AuditException;
import oracle.av.platform.common.util.AVLogger;
/**
* This collector collects events from AUD table and sends them to Collection
* Framework. It connects to the Source database during initialization and uses
* the same connection till close() is called. It maintains one ResultSet
* containing events. Once the ResultSet gets exhausted, the Collector sets a
* checkpoint and creates another ResultSet.
*
* @author myellu
*
*/
public class SampleEventCollector extends AuditEventCollector {
// The delay used when querying events.
private static final long DELAY = 5 * 1000;
private static final Map<Integer, String> eventNameMap =
new HashMap<Integer, String>();
static {
eventNameMap.put(1, "CREATE");
eventNameMap.put(2, "INSERT");
eventNameMap.put(3, "SELECT");
eventNameMap.put(4, "CREATE");
eventNameMap.put(15, "ALTER");
eventNameMap.put(30, "AUDIT");
eventNameMap.put(34, "CREATE");
eventNameMap.put(35, "ALTER");
eventNameMap.put(51, "CREATE");
eventNameMap.put(52, "CREATE");
}
// This map contains mapping from the source event ids to Audit Vault target
// types.
private static final Map<Integer, String> targetTypeMap = new HashMap<Integer,
String>();
static {
targetTypeMap.put(1, "TABLE");
targetTypeMap.put(2, "TABLE");
targetTypeMap.put(3, "TABLE");
targetTypeMap.put(4, "CLUSTER");
targetTypeMap.put(15, "TABLE");
targetTypeMap.put(30, "OBJECT");
targetTypeMap.put(34, "DATABASE");
targetTypeMap.put(35, "DATABASE");
targetTypeMap.put(51, "USER");
targetTypeMap.put(52, "ROLE");
}
// This map contains mapping from the source event ids to Source Event Names.
// This is necessary since source event ids do not describe the Source Event.
private static final Map<Integer, String> sourceEventMap = new HashMap<Integer,
String>();
static {
targetTypeMap.put(1, "OBJECT:CREATED:TABLE");
targetTypeMap.put(2, "INSERT INTO TABLE");
targetTypeMap.put(3, "SELECT FROM TABLE");
targetTypeMap.put(4, "OBJECT:CREATED:TABLE");
targetTypeMap.put(15, "OBJECT:ALTERED:TABLE");
targetTypeMap.put(30, "AUDIT OBJECT");
targetTypeMap.put(34, "OBJECT:CREATED:DATABASE");
targetTypeMap.put(35, "OBJECT:ALTERED:DATABASE");
targetTypeMap.put(51, "OBJECT:CREATED:USER");
targetTypeMap.put(52, "OBJECT:CREATED:ROLE");
}
// holds a connection to the Source database.
private ConnectionManager m_connectionManager;
// Connection to the Source.
private Connection m_connection;
// PreparedStatement used to get ResultSet.
private PreparedStatement m_preparedStatement;
// holds the ResultSet containing records.
private ResultSet m_resultSet;
// AuditService will be used to set checkpoint.
private AuditService m_auditService;
// previous checkpoint set.
private Timestamp m_previousCheckpoint;
// next checkpoint to be set.
private Timestamp m_nextCheckpoint;
private AVLogger m_logger;
// The CollectorContext received from the Collection Framework.
private CollectorContext m_collectorContext;
private long m_timeZoneOffset;
/**
* It connects to the database using the credentials and Connection String
* from the CollectorContext.
*
* @throws AuditEventCollectorException
*/
private void connectToSource() throws AuditEventCollectorException {
m_logger.logDebugMethodEntered();
// Get connection information from collector context.
String user = m_collectorContext.getSecuredTargetUser();
String password = new String(m_collectorContext.getSecuredTargetPassword());
String connectionString = m_collectorContext.getSecuredTargetLocation();
// Create a ConnectionManager object.
try {
m_connectionManager = new ConnectionManagerImpl(connectionString,
user, password.toCharArray());
m_connection = m_connectionManager.getConnection();
} catch (AuditException ex) {
throw new AuditEventCollectorException(
ErrorCodes.FAILED_CONNECT_TO_SOURCE,
new Object[] { connectionString }, ex);
}
m_logger.logDebugMethodExited();
}
/**
* converts the timone offset specified in String to a number of
* milliseconds.
*
*/
private long getTimeZoneOffsetInMs(String offset) {
if (offset == null)
return 0;
long timeZoneOffset;
/** process offset to get value in milliseconds */
int hour = Integer.parseInt(offset.substring(1, 3));
int min = Integer.parseInt(offset.substring(4, 6));
timeZoneOffset = (hour * 60 * 60 + min * 60) * 1000;
if (offset.charAt(0) == '-')
timeZoneOffset *= -1;
return timeZoneOffset;
}
/**
* Initializes the Collector with the values from CollectorContext. It also
* connects to the database.
*/
public void initializeCollector(CollectorContext collectorContext)
throws AuditEventCollectorException {
m_collectorContext = collectorContext;
m_auditService = m_collectorContext.getAuditService();
m_previousCheckpoint = m_collectorContext.getCheckpoint();
m_logger = m_collectorContext.getLogger();
// Get the timone offset for the Source.
String offset = m_collectorContext.getAttribute("TimeZoneOffset");
if (offset != null) {
m_timeZoneOffset = getTimeZoneOffsetInMs(offset);
}
connectToSource();
fetchEvents();
}
/**
* Queries the Source to get audit events that occurred from previous
* checkpoint to the current time. Apart from during the initialization, this
* method should be called only when ResultSet is exhausted. There are two
* reasons for this. <br>
* 1. This method will set the checkpoint. Checkpoint should only be set when
* the ResultSet is exhausted as the results with in the ResultSet can be in
* random order.<br>
* 2. This method will create a new ResultSet. Hence the contents of the old
* ResultSet will be inaccessible after this function is called.
*
* @throws AuditEventCollectorException
*/
private void fetchEvents() throws AuditEventCollectorException {
m_logger.logDebugMethodEntered();
if (m_nextCheckpoint != null) {
m_auditService.setCheckpoint(m_nextCheckpoint);
m_previousCheckpoint = m_nextCheckpoint;
}
// It is not good to hold on to the Connection for long. As this is the
// only place we can release the connection, we release and reacquire the
// connection.
try {
if (m_connection != null) {
m_connectionManager.releaseConnection(m_connection);
}
} catch (AuditException ex) {
throw new AuditEventCollectorException(
ErrorCodes.FAILED_TO_RELEASE_CONNECTION_TO_DB, null, ex);
}
try {
m_connection = m_connectionManager.getConnection();
} catch (AuditException ex) {
throw new AuditEventCollectorException(
ErrorCodes.FAILED_TO_GET_CONNECTION_TO_DB, null, ex);
}
// Now we need to aim for the next checkpoint. We will query for all
// events from previous checkpoint to the next checkpoint. So we want to
// make sure that all the events with event time lesser than the next
// checkpoint are already available in the table. However, the events
// might take a small amount of time before they are present in the table.
// Hence the next checkpoint we aim will be current time minus delta time.
m_nextCheckpoint = new Timestamp(System.currentTimeMillis() - DELAY);
String query = null;
try {
if (m_previousCheckpoint == null) {
query = "select * from AUD where EVENT_TIME <= ?";
m_preparedStatement = m_connection.prepareStatement(query);
m_preparedStatement.setTimestamp(1, m_nextCheckpoint);
} else {
query = "select * from AUD where EVENT_TIME > ? and EVENT_TIME <= ?";
m_preparedStatement = m_connection.prepareStatement(query);
m_preparedStatement.setTimestamp(1, m_previousCheckpoint);
m_preparedStatement.setTimestamp(2, m_nextCheckpoint);
}
m_resultSet = m_preparedStatement.executeQuery();
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE,
new Object[] { query }, ex);
}
m_logger.logDebugMethodExited();
}
/**
* If the result set is not exhausted this will return true. If it has
* exhausted, it will query to get the events till the current time. If it
* could get any events, it will return true, false otherwise.
*/
public boolean hasNext() throws AuditEventCollectorException {
boolean hasMore;
try {
if(m_resultSet == null) {
fetchEvents();
return m_resultSet.next();
}
hasMore = m_resultSet.next();
if (!hasMore) {
fetchEvents();
hasMore = m_resultSet.next();
}
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
return hasMore;
}
// All the getter methods make use of the ResultSet get methods and return
// the value appropriately.
public String getUserName() throws AuditEventCollectorException {
try {
return m_resultSet.getString("USER_ID");
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getOSUserName() throws AuditEventCollectorException {
try {
return m_resultSet.getString("OS_USER_ID");
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getCommandClass() throws AuditEventCollectorException {
try {
int eventId = m_resultSet.getInt("ACTION");
return eventNameMap.get(eventId);
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getEventName() throws AuditEventCollectorException {
try {
int eventId = m_resultSet.getInt("ACTION");
return sourceEventMap.get(eventId);
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public EventStatus getEventStatus() throws AuditEventCollectorException {
try {
int status = m_resultSet.getInt("STATUS");
if (status == 1) {
return EventStatus.SUCCESS;
} else if (status == 0) {
return EventStatus.FAILURE;
} else {
return EventStatus.UNKNOWN;
}
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public Timestamp getEventTimeUTC() throws AuditEventCollectorException {
try {
Timestamp eventTime = m_resultSet.getTimestamp("EVENT_TIME");
// As the method name suggests, the timestamp must be returned only in
// UTC timone.
return new Timestamp(eventTime.getTime() - m_timeZoneOffset);
} catch (SQLException ex) {
throw new AuditEventCollectorException( ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getErrorMessage() throws AuditEventCollectorException {
// There is no corresponding field for ErrorMessage. Hence we
// return NULL always.
return null;
}
public String getErrorId() throws AuditEventCollectorException {
// There is no corresponding field for ErrorId. Hence we
// return NULL always.
return null;
}
public String getTargetObject() throws AuditEventCollectorException {
try {
return m_resultSet.getString("OBJ_NAME");
} catch (SQLException ex) {
throw new AuditEventCollectorException( ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getTargetType() throws AuditEventCollectorException {
try {
int eventId = m_resultSet.getInt("ACTION");
return targetTypeMap.get(eventId);
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getTargetOwner() throws AuditEventCollectorException {
try {
return m_resultSet.getString("OBJ_CREATOR");
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getClientHostName() throws AuditEventCollectorException {
try {
return m_resultSet.getString("USER_HOST");
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getClientIP() throws AuditEventCollectorException {
// There is no corresponding field for IP address. Hence we
// return NULL always.
return null;
}
public String getExtension() throws AuditEventCollectorException {
try {
StringBuilder sb = new StringBuilder();
// Here we will put those fields which are not sent in other getter
// methods.
sb.append("DB_ID=" + m_resultSet.getString("DB_ID") + ";");
sb.append("INSTANCE=" + m_resultSet.getString("INSTANCE") + ";");
sb.append("PROCESS=" + m_resultSet.getString("PROCESS"));
return sb.toString();
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public Reader getCommandText() throws AuditEventCollectorException {
try {
// Clobs and the Readers contained in the Clobs are alive only
// as long as the Connection to the Source is alive. So if the Source
// Connection is closed, Collection Framework will fail when it tries
// to send the events to AV Server. If there is any need to close and
// recreate a connection that should be done immediately after setting
// the checkpoint. Setting the checkpoint causes the Collection
// Framework to flush all the events it is holding. So immediately
// after setting the checkpoint, we are sure that the Framework is not
// holding any events.
Clob clob = m_resultSet.getClob("SQL_TEXT");
return clob.getCharacterStream();
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public Reader getCommandParam() throws AuditEventCollectorException {
try {
Clob clob = m_resultSet.getClob("SQL_BIND");
return clob.getCharacterStream();
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public String getMarker() throws AuditEventCollectorException {
// ENTRY_ID will identify an audit event uniquely with in a session. Hence
// ENTRY_ID along with SESSION_ID will uniquely identify an audit event
// across sessions.
try {
return m_resultSet.getString("SESSION_ID") + ":"
+ m_resultSet.getString("ENTRY_ID");
} catch (SQLException ex) {
throw new AuditEventCollectorException(
ErrorCodes.ERROR_GETTING_DATA_FROM_SOURCE, null, ex);
}
}
public void setAttribute(String name, String value)
throws SetAttributeException {
if (name.equalsIgnoreCase("TimeZoneOffset")) {
m_timeZoneOffset = getTimeZoneOffsetInMs(value);
} else {
throw new SetAttributeException(ErrorCodes.INVALID_ATTRIBUTE_NAME,
new Object[] { name, value }, null);
}
}
public void close() {
try {
if (m_resultSet != null) {
m_resultSet.close();
m_resultSet = null;
}
if (m_connectionManager != null) {
m_connectionManager.destroy();
m_connectionManager = null;
}
m_previousCheckpoint = null;
m_nextCheckpoint = null;
m_logger = null;
} catch (SQLException ex) {
m_logger.logError("SampleEventCollector", "close",
"SQLException occurred. ", ex);
} catch (AuditException ex) {
m_logger.logError("SampleEventCollector", "close",
"AuditException occurred. ", ex);
}
}
}
親トピック: Javaベースの収集プラグインの例
これは、Javaベースの収集のマニフェスト・ファイルのサンプルです。
例C-7 Javaベースのマニフェスト・ファイル
<?xml version="1.0"?>
<plugin xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/av/plugin plugin-manifest.xsd"
xmlns="http://xmlns.oracle.com/av/plugin"
name="Sample Plugin"
id="com.oracle.av.plugin.sample"
version="12.1.0.0.0"
provider-name="Oracle Corp."
copyright="Copyright Oracle Corp. 2011">
<!-- targetVersion: Version of Oracle Audit Vault supported by
this plugin. This is represented by the "min" attribute of
targetVersion> tag -->
<targetVersion min="12.1.0.0.0"/>
<extensionSet>
<extensionPoint type= "securedTargetType">
<!-- fileList: Lists *all* the files that ship with the plugin -->
<fileList>
<jars>
<include file="samplecollector.jar"/>
<!-- All your collector Java jar binaries go here -->
</jars>
<templates>
<bin>
<!-- All your collector native binaries go here -->
</bin>
<config>
<!-- Any configuration information (such as .properites files)
go here -->
</config>
<shell>
<!-- Any shell scripts that your collector relies on go here -->
</shell>
<patch>
<!-- Oracle provided patches go here -->
</patch>
<unresolved-external>
<!-- Any files belonging to the unresolved-external category here -->
</unresolved-external>
</fileList>
<!-- securedTargetTypeInfo: Contains source type and trail information
-->
<securedTargetTypeInfo name="Sample"/>
<!-- trailType: contains trail type, location , classname for
source type testSource -->
<trailInfo>
<trailType>TABLE</trailType>
<className name="oracle.av.plugin.sample.collector.SampleEventCollectorFactory" />
</trailInfo >
</extensionPoint>
</extensionSet>
</plugin>
親トピック: Javaベースの収集プラグインの例
