Management Agents Administration Tasks

Management Agents are deployed to collect log and metric data from different sources. In order to do that, some administration tasks may need to be performed.

Management Agents Console Overview

The Management Agents console is the user interface for the OCI Management Agent service.

To open the Management Agents console:
  • Sign in to OCI and open the navigation menu from the OCI Console.

  • Under Monitoring and Diagnostics, click Management Agent.

  • Go to the left menu and select a compartment from the Compartment dropdown list.

    The Management Agents console is displayed.

The Management Agents console left menu offers the following options:

Overview

The Overview page displays useful information about the Management Agent service and the Management Agents installed.

The Overview page is a dashboard consisting of the following charts:

  • Agents: Number of Management Agents installed.

  • Availability: Management Agent availability status. The following are the status available:

    • Active: The Management Agent service is communicating with the Management Agent.

    • Silent: The Management Agent service is not communicating with the Management Agent. The communication with the agent was established after the agent installation, but something happened and there might be a communication problem between the Management Agent service and the agent.

    • Not Available: The Management Agent installation process is running and the Management Agent service hasn't established communication with the agent yet.

  • Operating Systems: Operating systems versions of the Management Agents installed.

  • Agent Versions: Management Agents versions.

  • Service Plug-ins: Service plug-ins that have been deployed by the Management Agents.

  • Data Sent: Amount of data that is being sent to the service plug-ins.

You can click on each chart to see more details.

The following screenshot is an example of the Management Agents Overview page.

Overview page that shows information about management agents installed.

Agents

The Agents page lists all the Management Agents installed in the selected compartment.

Agents List

The Agents page shows a table listing all the Management Agents installed.

The table consists of the following columns:

  • Agent: Shows the Management Agent name.

  • Host: Shows the host name where the Management Agent is installed.

  • Availability: Shows the Management Agent status.

  • Operating System: Shows the operating system of the host where the Management Agent is installed.

  • Agent Version: Shows the version number of the installed Management Agent.

  • Plug-ins: Shows the name of the service plug-in that has been deployed by the Management Agent.

  • Created: Shows the date when the Management Agent was installed.

  • Action Item : Shows more actions available for a specific Management Agent.

You can click on a specific agent to open up the Agent Details page and see more details about it.

The following screenshot is an example of the Agents page.

Agents page that shows all management agents installed and action items menu list.

Agents Details

The Agents Details page shows detail information of a specific agent.

Agent details page that shows information about a management agent installed.

Downloads and Keys

The Downloads and Keys page displays information about the Management Agent download file and the Management Agent install keys created.

It consists of the Agent Software Download pane at the top and the Agent Install Keys pane at the bottom.

Agent Software Download

The Agent Software Download pane has a table consisting of the following columns:

  • Download: Shows the number of Management Agents installed.

  • Agent Version: Shows the Management Agents status.

  • Size (MB): Shows the Management Agents versions installed.

  • SHA-256 Checksum: Shows the information to confirm file integrity.

Agent Install Keys

The Agent Install Keys pane has a Create Key button to create an Agent Install Key. It also displays a table consisting of the following columns:

  • Key Name: Shows the Management Agent install key name.

  • Compartment: Shows the compartment name where the Management Agent install key was created.

  • Created by: Shows information about the user who created the Management Agent install key.

  • Created: Shows the date of the Management Agent install key creation.

  • Days Remaining: Shows the number of days remaining until the Management Agent install key expires.

  • Agents Installations Remaining: Shows the number of Management Agent install key installation remaining.

  • Action Item Action Item Menu: It shows more actions available for an Agent Install Keys like Copy Key to Clpboard, Download Key to File and Delete Key.

The following screenshot is an example of the Downloads and Keys page.

Downloads and Keys page that shows the Agent Install Keys at the bottom with the Create Key button.

Deploy Service Plug-ins

Management Agents allow you to deploy service plug-ins for different cloud services.

Service plug-ins can be deployed to management agents and enables them to perform tasks for those services. Any given management agent can have multiple service plug-ins.

Note

If there's any service plug-in update available, it will get updated automatically.

You can deploy a service plug-ins using any of the following methods:

Deploy a Plug-in Using the Agents Page

To deploy a plug-in using the Agents page, do the following:

  1. From the left menu, click on Agents to open up the Agents page.

  2. From the Agents list, click on the desired agent where you want to deploy the plug-in to.

    The Agent detail page is displayed.

    Agent details page that shows information about a management agent installed.

  3. Click Deploy Plug-ins.

    The Deploy Plug-ins window is displayed.

  4. Select the plug-in and click Update.

    The selected plug-in will be deployed on the desired agent.

Deploy a Plug-in During the Management Agent Installation

You can also deploy a plug-in during the Management Agent installation process.

  1. Follow the instructions to download the agent software and create an agent install key as described in Download the Agent Software and Create an Agent Install Key.

  2. Download the agent install key file.

    Go to the Agent Install Keys page and from the action menu, select Download Key to File option.

    The Download Key to File option allows you to download a response file template. For details, Download Agent Install Key.

  3. Edit the response file template using a text editor and create a custom response file.

    Follow the instructions to create a response file using the download a response file template option as described in Option 1: Download a response file template to create a response file.

    The response file template contains agents parameters including the service plug-in parameter which you can update based on your requirements. If you want to install a specific service plug-in as part of the agent installation process, you can customize the Service.plugin.<plugin_name>.download parameter. For details on agent parameters, see Review Agents Parameters.

  4. Install the Management Agent as described in Install Management Agent to complete the installation.

Control Management Agents

One of the administration tasks is to control the status of the Management Agents. You can start, stop and verify the status of the Management Agents.

Start Agents

To start the agent service on Linux, do the following:
  1. Login as a user with sudo permissions.

  2. Run the following command:

    For Oracle Linux 6: sudo /sbin/initctl start mgmt_agent

    For Oracle Linux 7: sudo systemctl start mgmt_agent

To start the agent service on Windows, do the following:
  1. Login as an Administrator user and open a Command Prompt window.

  2. Run the following command: net start mgmt_agent

Stop Agents

To stop the agent service on Linux, do the following:
  1. Login as a user with sudo permissions.

  2. Run the following command:

    For Oracle Linux 6: sudo /sbin/initctl stop mgmt_agent

    For Oracle Linux 7: sudo systemctl stop mgmt_agent

To stop the agent service on Windows, do the following:
  1. Login as an Administrator user and open a Command Prompt window.

  2. Run the following command: net stop mgmt_agent

Verify Agents

To verify the agent status on Linux, do the following:

  1. Login as a user with sudo permissions.

  2. Run the following command:

    For Oracle Linux 6: sudo /sbin/initctl status mgmt_agent

    For Oracle Linux 7: sudo systemctl status mgmt_agent

    For more details, check the log file: /opt/oracle/mgmt_agent/agent_inst/log/mgmt_agent.log.

To verify the agent service on Windows, do the following:
  1. Login as an Administrator user and open a Command Prompt window.

  2. Run the following command: sc query mgmt_agent

    For more details, check the log file: C:\Oracle\mgmt_agent\agent_inst\log\mgmt_agent.log.

Manage Agent Install Keys

Create an Agent Install Key

You need to create an agent install key before performing the Management Agent installation.

An agent install key is issued against your identity domain and validates the authenticity of the installation. Ensure you have it created before starting the Management Agent installation process.

To create a key:

  1. On the Management Agents home page, click Download and Keys from the left menu to view the Agent Install Keys pane.

    The Agent Install Keys pane is displayed at the bottom of the page.

  2. On the Agent Install Keys pane, click Create Key to create a key.

    Downloads and Keys page that shows the Agent Install Keys at the bottom with the Create Key button.

  3. Enter the required details in the Create Key window.

    1. In the Key Name field, specify a name to identify the key.

    2. In the Compartment field, select the compartment from the drop-down list. This is the compartment where the agent resource will be created.

    3. In the Maximum Installs field, specify a number that indicates the maximum number of installs that can be associated with the key. Default value is 1000.

    4. In the Valid for field, specify a number that indicates the period the key is valid for. Default value is 1 Week.

    5. Click Create.

    Create Key dialog box.

    A new key is created.

The Agent Install Keys pane offers different options available to manage the keys. During a later step, the Download Key to File option is useful to download a file that can be used as a response file template as described in Configure a Response File .

For more information about managing the agent install keys, see Manage Agent Install Keys.

Copy Agent Install Key

You can copy an agent install key to clipboard from the Agent Install Keys pane.

  1. On the Management Agents home page, click Download and Keys from the left menu to view the Agent Install Keys pane.

    The Agent Install Keys pane is displayed.

  2. From the list of agent install keys, select the key that you want to copy to clipboard.
  3. On the right side of the selected key, click the action menu Action Menu and select Copy Key to Clipboard.

    Agent Install Keys list that shows the Copy Key to Clipboard option from the action menu list.

    The key is copied to clipboard.

The Copy Key to Clipboard option is useful to copy and paste the value of the key when creating the response file during the agent configuration process. For more details, see Create a Response File.

Download Agent Install Key

You can download an agent install key from the Agent Install Keys pane.

  1. On the Management Agents home page, click Download and Keys from the left menu to view the Agent Install Keys pane.

    The Agent Install Keys pane is displayed listing all the existing keys.

  2. From the list of agent install keys, select the key that you want to download.
  3. On the right side of the selected key, click the action menu Action Menu and select Download Key to File.

    Agent Install Keys list that shows the Download Key to File option from action menu list.

    A file is downloaded.

The Download Key to File option is useful to download a file with the agent parameters that can be used as a response file during the agent installation process. For more details, see Create a Response File.

Delete Agent Install Key

You can delete an agent install key from the Agent Install Keys pane.

  1. On the Management Agents home page, click Download and Keys from the left menu to open the Agent Install Keys pane.

    The Agent Install Keys pane is displayed listing all the existing keys.

  2. From the list of agent install keys, select the key that you want to delete.

  3. On the right side of the selected key, click on the action menu Action Menu and select Delete Key.

    Agent Install Keys list that shows the Delete Key option from the action menu list.

  4. Click on Delete Key.
  5. Press Delete to confirm the operation.

The Delete Key option is useful when you suspect that any unauthorized user has obtained the value of an agent install key.

Upgrade Management Agents

To upgrade an agent on Linux, do the following:
  • Download the latest version of the RPM file containing the agent software download file. See Download the Agent Software.
  • To upgrade the agent, run the rpm command with the upgrade option: rpm -U.
    sudo rpm -U <rpm_file_name.rpm>
To upgrade an agent on Windows, do the following:
  • Login as an Administrator user and open a command prompt window.
  • Download the latest version of the ZIP file containing the agent software download file. See Download the Agent Software.
  • Navigate to the directory where you have downloaded the management agent software ZIP file and unzip it to any preferred location.
  • To upgrade the agent, run the installer.bat script with the -u option: installer.bat -u.
    The output will look similar to the following:
    C:\Users\test_agent>installer.bat -u 
    Checking pre-requisites
    
         Checking if C:\Oracle\mgmt_agent\200821.0751 directory exists 
         Checking available disk space for agent install
         Checking Java version
                  Java version: 1.8.0_261 found at C:\Program Files\Java\jdk1.8.0_261
    
    Executing Upgrade
            Unpacking software zip
            Copying files to destination dir(C:\Oracle\mgmt_agent)
            Initializing software from template
            Creating mgmt_agent service
    
    Agent Upgrade  successful

Remove Management Agents

When removing a management agent associated with a host, the management agent is unregistered from Management Agents Cloud Service and it’s removed.

You can remove an agent from a host for the following reasons:
  • An agent deployed on the target host is no longer necessary.
  • You no longer need to collect data, performance metrics or logs from a specific target host.
  • You modified your deployment topology.

This topic explains how to remove Management Agents.

Remove Agents from User Interface

To remove agents from the user interface, do the following:
  1. Select the agent from the Agents list and click on the Action Menu.

    Figure 4-1 Delete Agent

    Agents list page that shows the Delete Agent option from action menu list.
  2. Click on Delete Agent.

  3. Press Delete to confirm the selection.

The agent will get removed from Management Agent user interface, but the agent software won't get deleted from the target host. Users require to connect to the host and manually remove the agent software from the host. For Linux, use the rpm command with -e option.

Remove Agents from Command Line Interface

When removing an agent from the command line interface, the agent, including the agent software will get removed from the host.

For Linux, execute the rpm command with the -e option.
sudo rpm -e <rpm_name>
For Windows, open a Command Prompt window, navigate to the agent install base directory and execute the uninstaller.bat script. The output will look similar to the following:
C:\Oracle>mgmt_agent\uninstaller.bat
Removing agent from Management Agent Cloud Service
Attempting to remove the agent from Management Agent Cloud service, please do not interrupt...
Agent was removed from Management Agent Cloud service successfully.
Removing agent service from the host
Agent service was removed from the host successfully
Removing agent directories

Ensure that all others command prompt windows are closed or they are not pointing to the agent home directory before running the uninstaller.bat script.

Management Agent Source Credentials

This section describes how to manage source credentials which may be needed for some sources when a Management Agent needs to collect data.

After deploying plug-ins on a Management Agent, you may need to configure source credentials to allow the agent to collect data from different sources.

Each source of data manages credentials in a different way. Configuring source credentials is specific to the type of plug-in or service that it was deployed on the agent. Refer to the plug-in or service documentation for more information.

Credential Types

The agent's credential store can store credentials that are known and understood by the agent (For example, Oracle Database credentials) and also, credentials which are only understood by the specific service. The agent validates built-in credential types, but it also accept other free-form types without any validation.

Free-Form Credentials

A user can define a credential of any type, containing one or more sensitive properties. Since they are free-form, they cannot be classified.

For example:

SSHKeyCreds

SSH RSA key credential where SSH key credentials are needed by the agent.

This is an example of how the credentials might look. SSHUserName, SSHPrivateKey and SSHPublicKey are case-sensitive properties.

{"source":"<DATA_SOURCE_NAME>", 
"name":"OSCreds", 
"type":"SSHKeyCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"SSHUserName","value":"<USER_NAME>"},               
{"name":"SSHPrivateKey","value":"<RSA_PRIVATE_KEY>"},
{"name":"SSHPublicKey","value":"<PUBLIC KEY>"]}

For example:

{"source":"host.myvm.example.com", 
"name":"OSCreds", 
"type":"SSHKeyCreds", 
"description":"SSH keys for a twoods user", 
"properties":[
{"name":"SSHUserName","value":"twoods"},               
{"name":"SSHPrivateKey","value":"-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQCKWjoLfOKsjglGQcKwB0zm1o/OabClELjcOOTS1FJh6pzvrDeL\nn3IfIW9VUiyfGNkjnj4cuO0mVctaQgGVtT6H+4fL8HKjWqPg9S+uc0WBKBzaLi9H\nAoGACZctlORIVkvWSr9+PnOTGiFfgKCE9TxOhD2RZyf+ufjofhjDFPOtlojbzd9P\nZovzaWurxJPxJIon+Y6/y1/wAKUFisOlY2XJl76NKXm/00OGSfocQ3WsxapEsWwR\nalRL0l5FhXVpTV5OH3M4Dy5ksIcDqiV6r\nMejuJ++3AHlflzzoITtmS3RDlpSsd27ZH9vzV9HgFQU3volRgOZqnVm/oGXWwjl7\n-----END RSA PRIVATE KEY-----"},
{"name":"SSHPublicKey","value":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKWjoLfOKsjglGQcKwB0zm1o/O\nabClELjcOOTS1FJh6pzvrDeLn3IfIW9VUiyfQAcfTWRwb0JtzMcRONQIDAQAB\n-----END PUBLIC KEY-----"]}
Built-in Credentials

The agent has several built-in credential types. Any service plug-in can deliver credentials to the agent of one of the following types:
Credential Type for Proxies

ProxyCreds

This credential is used for authenticating network proxies.

Prerequisites: The agent should be configured with a proxy using the following two properties:
  • ProxyHost. For example: ProxyHost=myproxy.example.com
  • ProxyPort. For example: ProxyPort=80
The below properties are case-sensitive:
  • ProxyUser: the user name for authentication with the proxy.
  • ProxyPassword: the password used to authenticate the user.
  • ProxyRealm: the realm value. This is useful for NTLM proxies on Windows.
{"source":"<DATA_SOURCE_NAME>", 
"name":"ManagementAgent-Proxy", 
"type":"ProxyCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"ProxyUser","value":"<USER_NAME>"},               
{"name":"ProxyPassword","value":"<USER_PASSWORD>"}]}

For example:

{"source":"agent.ocid1.managementagent.oc1.iad.amaabb", 
"name":"ManagementAgent-Proxy", 
"type":"ProxyCreds", 
"description":"Proxy Credentials", 
"properties":[
{"name":"ProxyUser","value":"joe"},               
{"name":"ProxyPassword","value":"welcome_1"}]}
Note

This credential is used by the agent for communicating with Oracle Cloud Infrastructure services. Changing its format or removing the credential can have an adverse effect on the agent's ability to communicate back to Oracle Cloud Infrastructure services.

Credential Type for Databases

DBCreds

This credential is used for authenticating to an Oracle database using TCP protocol.

The below properties are case-sensitive:
  • DBUserName: the database user name.
  • DBPassword: the database user's password.
  • DBRole: the database user's role. It can be: SYSDBA, SYSOPER, NORMAL. If it's not specified, NORMAL will be used.
{"source":"<DATA_SOURCE_NAME>", 
"name":"SQLCreds", 
"type":"DBCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"DBUserName","value":"<DB_USER_NAME>"},               
{"name":"DBPassword","value":"<DB_USER_PASSWORD>"},               
{"name":"DBRole","value":"<DB_ROLE>"}]}

For example:

{"source":"auditvault_db.myhost", 
"name":"SQLCreds", 
"type":"DBCreds", 
"description":"This is a credential that can be used for operations on DATASAFE databases.", 
"properties":[
{"name":"DBUserName","value":"sys"},               
{"name":"DBPassword","value":"sys"},               
{"name":"DBRole","value":"SYSDBA"}]}

DBANOCreds

This credential is used for authenticating to an Oracle database using TCP protocol.

The below properties are case-sensitive:
  • DBUserName: the database user name.
  • DBPassword: the database user's password.
  • DBRole: the database user's role. It can be: SYSDBA, SYSOPER, NORMAL. If it's not specified, NORMAL will be used.
  • DBEncryptionTypes: the parenthesized, comma-separated list of encryption algorithms.
  • DBEncryptionLevel: the level of encryption specified by the client. It can be: REJECTED, ACCEPTED, REQUESTED, REQUIRED. If it's not specified, ANO services' default will be used.
  • DBChecksumTypes: the parenthesized, comma-separated list of checksum algorithms.
  • DBChecksumLevel: the level of integrity specified by the client (REJECTED, ACCEPTED, REQUESTED, REQUIRED). If it's not specified, ANO services' default will be used.
{"source":"<DATA_SOURCE_NAME>", 
"name":"SQLCreds", 
"type":"DBANOCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"DBUserName","value":"<DB_USER_NAME>"},               
{"name":"DBPassword","value":"<DB_USER_PASSWORD>"},               
{"name":"DBRole","value":"<DB_ROLE>"},               
{"name":"DBEncryptionTypes","value":"<DB_ENCRYPTION_TYPE>"},               
{"name":"DBEncryptionLevel","value":"<DB_ENCRYPTION_LEVEL>"},               
{"name":"DBChecksumTypes","value":"<DB_CHECKSUM_TYPE>"},               
{"name":"DBChecksumLevel","value":"<DB_CHECKSUM_LEVEL>"}]}

For example:

{"source":"auditvault_db.myhost", 
"name":"SQLCreds", 
"type":"DBANOCreds", 
"description":"This is a credential that can be used for operations on DATASAFE databases.", 
"properties":[
{"name":"DBUserName","value":"sys"},               
{"name":"DBPassword","value":"sys"},               
{"name":"DBRole","value":"SYSDBA"},               
{"name":"DBEncryptionTypes","value":"(AES256,AES192,AES128,3DES168,3DES112)"},               
{"name":"DBEncryptionLevel","value":"REQUIRED"},               
{"name":"DBChecksumTypes","value":"(SHA2)"},               
{"name":"DBChecksumLevel","value":"REQUESTED"}]}

DBTCPSCreds

This credential is used for authenticating using TCPS.

The below properties are case-sensitive:
  • DBUserName: the database user name.
  • DBPassword: the database user's password.
  • DBRole: the database user's role. It can be: SYSDBA, SYSOPER, NORMAL. If it's not specified, NORMAL will be used.
  • ssl_trustStoreType: the type of the trust store.
  • ssl_trustStoreLocation: the location on the file system of the trust store wallet. It must be accessible to the agent user.
  • ssl_trustStorePassword: the password for the trust store wallet.
  • ssl_keyStoreType: the type of the key store.
  • ssl_keyStoreLocation: the location on the file system of the key store wallet. It must be accessible to the agent user.
  • ssl_keyStorePassword: the password for the key store wallet.
  • ssl_server_cert_dn: the domain name of the server cert.
{"source":"<DATA_SOURCE_NAME>", 
"name":"SQLCreds", 
"type":"DBTCPSCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"DBUserName","value":"<DB_USER_NAME>"},               
{"name":"DBPassword","value":"<DB_USER_PASSWORD>"},               
{"name":"ssl_trustStoreType","value":"<STORE_TYPE>"},               
{"name":"ssl_trustStoreLocation","value":"<STORE_LOCATION>"},               
{"name":"ssl_trustStorePassword","value":"<STORE_PASSWORD>"},               
{"name":"ssl_keyStoreType","value":"<KEY_STORE_TYPE>"},               
{"name":"ssl_keyStoreLocation","value":"<KEY_STORE_LOCATION>"},               
{"name":"ssl_keyStorePassword","value":"<KEY_STORE_PASSWORD>"},               
{"name":"ssl_server_cert_dn","value":"<SERVER_CERT_DN>"}]}

For example:

{"source":"auditvault_db.myhost_pdb1_regress", 
"name":"SQLCreds", 
"type":"DBTCPSCreds", 
"description":"This is a TCPS credential that can be used for operations on DATASAFE databases.", 
"properties":[
{"name":"DBUserName","value":"C#AUDIT"},               
{"name":"DBPassword","value":"welcome_1"},               
{"name":"ssl_trustStoreType","value":"JKS"},               
{"name":"ssl_trustStoreLocation","value":"/home/jks_wallets/ewalletT.jks"},               
{"name":"ssl_trustStorePassword","value":"welcome_1"},               
{"name":"ssl_keyStoreType","value":"JKS"},               
{"name":"ssl_keyStoreLocation","value":"/home/jks_wallets/ewalletK.jks"},               
{"name":"ssl_keyStorePassword","value":"welcome_1"},               
{"name":"ssl_server_cert_dn","value":"CN=myvm.example.com"}]}

Add or Update Credentials

To add credentials or updates an existing one, use the credential_mgmt.sh script with the upsertCredentials operation.

credential_mgmt.sh script is located under /opt/oracle/mgmt_agent/agent_inst/bin directory.

Syntax

$credential_mgmt.sh -o upsertCredentials -s [service-name]
  1. Create a JSON file with the credential information.

    The below example is a credential type format for a datasafe_db source named orcl123:

    {"source":"datasafe_db.orcl123", 
    "name":"audit_cred", 
    "description":"This is the audit credential for orcl123 Oracle RDBMS system.", 
    "properties":[ 
    {"name":"username","value":"CLEAR[scott]"}, 
    {"name":"password","value":"CLEAR[tiger]"}]
    }

    You can save the file as my_credentials.json.

  2. Add credentials using a JSON file.

    $credential_mgmt.sh -o upsertCredentials -s [service-name]

    For example, you can run the following for DataSafe service using my_credentials.json file:

    cat my_credentials.json | sudo -u mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/credential_mgmt.sh -o upsertCredentials -s datasafe
  3. Delete JSON file created in step 1.

    The credential JSON file contains sensitive information. Customers are responsible for deleting the credential JSON file after completing the add or update credential operation.

Delete Credentials

To delete credentials, use the credential_mgmt.sh script with the deleteCredentials operation.

credential_mgmt.sh script is located under /opt/oracle/mgmt_agent/agent_inst/bin directory.

Syntax

$credential_mgmt.sh -o deleteCredentials -s [service-name]
  1. Create a JSON file using the following format:

    {"source":"datasafe_db.orcl123"
     "name":"audit_cred"} 

    For example, you can save the file as my_credentials.json.

  2. Delete credentials using a JSON file.

    $credential_mgmt.sh -o deleteCredentials -s [service-name]

    For example, you can run the following for DataSafe service using my_credentials.json file:

    $cat my_credentials.json | sudo -u mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/credential_mgmt.sh -o deleteCredentials -s datasafe
  3. Delete JSON file created in step 1.

    The credential JSON file contains sensitive information. Customers are responsible for deleting the credential JSON file after completing the delete credential operation.

Add or Update Credential Alias

To add a credential alias or update an existing one, use the credential_mgmt.sh script with the aliasCredentials operation.

credential_mgmt.sh script is located under /opt/oracle/mgmt_agent/agent_inst/bin directory.

Syntax

$credential_mgmt.sh -o aliasCredentials -s [service-name]
  1. Create a JSON file using the following format:

    {"alias":
     {"source":"datasafe_db.orcl123",
      "name":"audit_cred"},
     "credential":
      {"source":"datasafe_db.host.1521.orcl123"
       "name":"datasafe_cred"}}
    

    For example, you can save the file as my_credentials.json.

  2. Add a credential alias using a JSON file.

    $credential_mgmt.sh -o aliasCredentials -s [service-name]

    For example, you can run the following for DataSafe service using my_credentials.json file:

    $cat my_credentials.json | sudo -u mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/credential_mgmt.sh -o aliasCredentials -s datasafe
  3. Delete JSON file created in step 1.

    The credential JSON file contains sensitive information. Customers are responsible for deleting the credential JSON file after completing the add or update credential alias operation.

Delete Credential Alias

To delete a credential alias, use the credential_mgmt.sh script with the unaliasCredentials operation.

credential_mgmt.sh script is located under /opt/oracle/mgmt_agent/agent_inst/bin directory.

Syntax

credential_mgmt.sh -o unaliasCredentials -s [service-name]
  1. Create a JSON file using the following format:

    {"source":"datasafe_db.orcl123"
     "name":"audit_cred"}

    For example, you can save the file as my_credentials.json.

  2. Delete a credential alias using a JSON file.

    credential_mgmt.sh -o unaliasCredentials -s [service-name]

    For example, you can run the following for DataSafe service using my_credentials.json file:

    cat my_credentials.json | sudo -u mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/credential_mgmt.sh -o unaliasCredentials -s datasafe
  3. Delete JSON file created in step 1.

    The credential JSON file contains sensitive information. Customers are responsible for deleting the credential JSON file after completing the delete credential alias operation.

Management Agent Audit Logs

The Management Agent service support logging by the Audit service which automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events.

Management Agents Auditing

The Management Agent service supports the management-agent keyword from the Audit service.

You can use the OCI Console to view the logs events for the Management Agents service.
  • Open the navigation menu. Under Governance and Administration, go to Governance and click Audit.

    The Audit service is displayed.

To search for the Management Agents logs events, select the desired compartment and enter management-agent under the KEYWORDS field.

For more information about Audit service, see Overview of Audit in the Oracle Cloud Infrastructure documentation.