Audit Vault Agents retrieve audit data from audit trails, which are sources of audit data for the targets. The agents send the audit data that they collect to the Audit Vault Server.

Targets include Oracle and non-Oracle databases, operating systems, directory services, and custom targets, such as XML and JSON. For a complete list of supported targets, see the product compatibility matrix.

You configure one or more audit trails for each target. A single Audit Vault Agent can collect from multiple targets and trails.

For database targets, you can use the following audit trail types: TABLE, DIRECTORY, TRANSACTION LOG, SYSLOG, EVENT LOG, and NETWORK. Some audit trail types are available only for certain types of databases, such as Oracle Database.

You can deploy the Audit Vault Agent on a remote host that has access to the database (as shown in the example) or on the same host as the target.

The TRANSACTION LOG audit trail captures before and after values from Oracle Database, Microsoft SQL Server, and MySQL targets by collecting audit data from Oracle GoldenGate integrated extract files. In this model, you deploy the Audit Vault Agent and Oracle GoldenGate on a remote host.

For NETWORK audit trails, you install the Host Monitor Agent on the target host. The Host Monitor Agent monitors SQL traffic and sends audit data to the Database Firewall, which then sends the data to the Audit Vault Server.

For Oracle Database TABLE trails and Microsoft SQL Server DIRECTORY trails, you can also use agentless collection for up to 20 Oracle Database and Microsoft SQL Server audit trails. With agentless collection, instead of installing the Audit Vault Agent, you use the agentless collection service that comes with the Audit Vault Server instead of deploying the Audit Vault Agent on the target host machines.

For operating system targets, you can use the following audit trail types, depending on the operating system: DIRECTORY and EVENT LOG. You can deploy the Audit Vault Agent on the same host as the target (as shown in the example) or on a remote host that has access to the target. For example, you might use a remote agent when the operating system of the target host machine doesn't have sufficient memory or CPU resources for the Audit Vault Agent processes.

For directory services targets, you can use EVENT LOG trail types. You can deploy the Audit Vault Agent on the same host as the target (as shown in the example) or on a remote host that has access to the target.

For custom targets, you can use CUSTOM trail types. You can deploy the Audit Vault Agent on the same host as the target (as shown in the example) or on a remote host that has access to the target.

• Audit Vault Agents
• Audit Vault Server
• Product Compatibility Matrix
• About Deploying the Audit Vault Agent