The Audit Vault Server comprises a hardened Oracle Linux operating system, an Oracle Database that serves as the data repository, and the agentless collection service. It also includes the Oracle Audit Vault and Database Firewall (Oracle AVDF) console (UI) and AVCLI command-line interface that auditors and administrators use to configure and monitor Oracle AVDF and registered targets. The targets include databases, operating systems, directory services, and custom targets. 

The data repository includes the following data:

• Audit data that the Audit Vault Agents or agentless collection service collect from the targets.
  
• Network events that the Database Firewalls capture from the database targets.
• Policies and configuration data for the Database Firewall and audit targets.
  
• Reports and alerts, including activity, compliance, summary, and security assessment reports.
• Audit Vault Service configuration data, including system and network settings, security, user management, and storage. Some of this data is also stored with the operation system.

You can configure data retention policies and archive locations to automatically archive historical data to low-cost storage and retrieve it as needed. Oracle AVDF support automatic archival on Network File Systems (NFS), which is the method that Oracle recommends for transferring data to an archive location. You can also use Secure Copy (SCP) or Windows File Sharing (SMB) to transfer data to an archive location.

Oracle recommends that you regularly back up the Audit Vault Server to an NFS location. You can also back up to a local disk. The backup includes audit data, network events, and policies and configuration data. The backup doesn't include archived data because you can retrieve that data from the archive location.

• Archive Locations and Retention Policies
• Audit Vault Agents
• Audit Vault Server
• Backup and Restore
• Database Firewall
• Oracle AVDF Components