A AVCLI Commands Reference
The AVCLI commands enable you to perform tasks such as creating Database Firewall monitoring points and managing audit trails.
A.1 About AVCLI Commands
Learn about AVCLI commands and their uses.
Use the AVCLI
commands to configure host connections from the
command line. You must be granted the AV_ADMIN
role before you can run
these commands. This appendix does not list all of the AVCLI
commands,
however. It only covers the commands that Oracle Audit Vault and Database Firewall
administrators need to configure target connections.
All AVCLI commands must end in a semi-colon (;).
See Also:
Using the Audit Vault Command Line Interface for general usage information about using the AVCLI
command line interface.
Setting the JAVA_HOME Environment Variable
In Oracle Audit Vault Server, you must set the JAVA_HOME
environment variable to point to JDK
installation directory.
A.2 Agent Host AVCLI Commands
The agent host AVCLI commands enable you to perform agent host-related tasks such as registering hosts.
A.2.1 About the Agent Host AVCLI Commands
The AVCLI
host commands enable you to configure the host computer on which the Audit Vault Agent will reside.
A.2.2 ACTIVATE HOST
Learn how to use the ACTIVATE HOST
AVCLI command.
The ACTIVATE
HOST
command activates the host specified by hostname
.
Syntax
ACTIVATE HOST hostname
Arguments
Argument | Description |
---|---|
|
The host name. |
Usage Notes
Once an host is activated, an activation key appears, which must be entered when an Agent process is started to complete activation process.
Example
avcli> ACTIVATE HOST sample_host.example.com;
Activates the host, sample_host.example.com
, and displays the
activation key for this host.
A.2.3 ALTER HOST
Learn how to use the ALTER HOST AVCLI command.
The ALTER
HOST
command alters a host registered with the Audit Vault
Server.
Syntax
ALTER HOST hostname SET {key=value [,key=value...]} ALTER HOST hostname SET {key=value [,LOGLEVEL=component_name:loglevel_value...]} ALTER HOST hostname DROP ATTRIBUTE {attribute name}
Arguments
Argument | Description |
---|---|
|
The name of the host. |
|
The attribute being changed. See Table A-1 for supported |
Usage Notes
This command alters the attributes associated with the named host using key/value pairs. To modify multiple attributes in a single command invocation, specify comma separated key/value pairs.
The following host name attributes are supported:
Table A-1 Host Attributes (key values)
Parameter | Description |
---|---|
|
The new host name that replaces the existing one. |
|
The new IP address that replaces the existing IP address. |
|
The log level of various code components running on this host. This option can dynamically change the log levels of various Audit Vault Server code components. The
where See Table A-2 for descriptions of Multiple components log levels can be changed by delimiting them using the | symbol. |
|
XX can be any value between 01 and 99. The value for the attribute must be a valid IP address of a node in a UNIX cluster environment or the IP address of a secondary network interface card (NIC) if the host machine where the agent is installed has multiple network cards. |
|
The value can be either Y on N. Use Y to configure the Agent auto restart service remotely, for an Agent running on a Linux/Unix/AIX/Solaris platforms. Use N to unregister. |
Note:
Ensure to understand the Agent's functionality completely before modifying the above mentioned values. They have been set to optimal value by default. Any incorrect value may degrade the performance.
The following are valid values for the LOGLEVEL
attribute:
Table A-2 LOGLEVEL Component Names
Parameter | Description |
---|---|
|
agent |
|
Audit Vault Server |
|
shared Server and Agent |
Table A-3 LOGLEVEL Values
Loglevel Value | Description |
---|---|
|
|
|
|
|
|
|
|
Examples
avcli> ALTER HOST sample_host.example.com SET ip=192.0.2.1;
Alters the host, sample_host.example.com
, and changes the associated IP address to 192.0.2.1.
avcli> ALTER HOST sample_host.example.com SET name=new_sample_host.example.com;
Alters the host, sample_host.example.com
, to new_sample_host.example.com
. Additionally, it updates the IP address by doing a lookup against new_sample_host.example.com
.
avcli> ALTER HOST sample_host.example.com SET loglevel=av.agent:info|av.common:debug;
Alters the log levels of the av.agent
and av.common
code components embedded in the Agent process running on the host, sample_host.example.com
.
A.2.4 DEACTIVATE HOST
Use the DEACTIVATE HOST
command to deactivate hosts that are
specified by the hostname parameter.
The DEACTIVATE
HOST
command deactivates the host specified by hostname
.
Syntax:
DEACTIVATE HOST hostname
Arguments
Argument | Description |
---|---|
|
The host name. |
Usage Notes
Once a host is deactivated, it may not be able to connect to the Audit Vault Server.
Example
avcli> DEACTIVATE HOST sample_host.example.com;
Deactivates the host, sample_host.example.com.
The agent process on this host may not be able to connect to the Audit Vault Server.
A.2.5 DROP HOST
Use the DROP HOST command to drop hosts that are specified by the value of the host_name parameter.
The DROP HOST
command drops the host specified by the host_name
from the Audit Vault Server and removes any associated metadata.
After dropping a host, if you want to register it again to collect audit data, you must reinstall the Audit Vault Agent on this host.
Syntax
DROP HOST hostname
Arguments
Argument | Description |
---|---|
|
The name of the host computer being dropped. See Also:
|
Usage Notes
Ensure that the agent process on this host is in the stopped state before dropping the host. The DROP
HOST
command will fail otherwise.
Example
avcli> DROP HOST sample_host;
The host, sample_host
, and any associated metadata is dropped.
Oracle AVDF 20.5 and Later
Syntax
DROP HOST hostname [FORCE]
Arguments
Argument | Description |
---|---|
|
The name of the host computer being dropped. See Also:
|
|
This is an optional parameter. Use this argument to forcefully drop the host and all the associated trails, when the hosts or trails are in stopped state or in unreachable state for more than two hours. |
A.2.6 LIST HOST
Use the LIST HOST command to see the names of registered Agent host computers.
The LIST HOST
command lists the names of the currently registered agent host computers.
Syntax
LIST HOST
Example
avcli> LIST HOST;
The various active hosts registered with the Audit Vault Server are listed.
Oracle AVDF 20.3 and later
This command lists the various active hosts registered with the Audit Vault Server.
Syntax
LIST HOST [hostname]
This command lists the various active hosts registered with the Audit Vault Server.
Argument
Argument | Description |
---|---|
host name |
The hostname parameter is optional and can be specified to list a particular active host. |
Example
list host testhost1;
Lists the details of testhost1
registered with the Audit Vault
Server.
A.2.7 REGISTER HOST
Learn about the REGISTER HOST AVCLI command.
The REGISTER HOST
command adds the host to Audit Vault Server and
identifies it as a host machine on which an Agent can be deployed.
Syntax
REGISTER HOST <host_name> WITH IP <ip_address>
Arguments
Argument | Description |
---|---|
|
The name of the host computer that you want to register. See Also:
|
|
The IP address associated with the host. If the IP address is not specified, then the IP address for the host is deduced by doing a host name lookup on the host name specified. It is possible to override this behavior to associate with a different IP address, by specifying the IP address. |
Result
The host is successfully registered with the Audit Vault Server.
If the IP address is not specified, then the host name lookup fails with the following error. Retry registering the host with an IP address.
OAV:-46594: unable to resolve host <host_name>
Usage Notes
To change the IP address associated with a host, use the ALTER HOST command.
Example
avcli> REGISTER HOST sample_host.example.net with ip 192.0.2.1;
Registers the host machine, sample_host.example.net
, and associates
it with the IP address 192.0.2.1.
A.2.8 UPLOAD AGENT LOG FILE TO SERVER FOR HOST
This command uploads Audit Vault Agent log files as a
.zip
file to the Audit Vault Server.
Syntax
UPLOAD AGENT LOG FILE TO SERVER FOR HOST <hostname>
Arguments
Argument | Description |
---|---|
hostname |
Name of the agent for which you need to download the log from the Audit Vault Server. For agentless collection of Oracle Database table trails
and Microsoft SQL Server directory trails, use |
Example
Upload agent log file to server for host myhost.mycompany.com
- Uploads the agent log files as a
.zip
file to the Audit Vault Server for themyhost.mycompany.com
host. - If the total agent log size is less than 300 MB, then all agent log files are uploaded.
- If the total agent log size is greater than 300 MB, then only the latest log file for each agent component is uploaded if the latest log file is less than 50 MB.
A.2.9 DOWNLOAD AGENT LOG FILE FROM SERVER FOR HOST
This command downloads Audit Vault Agent log files as a
.zip
file from the Audit Vault Server and saves the
.zip
file in the <AVCLI installation
path>/av/log
directory.
Note:
Oracle highly recommends that you delete the agent logs from the AVCLI log location after you upload the agent logs to the relevant service request.Syntax
DOWNLOAD AGENT LOG FILE FROM SERVER FOR HOST <hostname>
Arguments
Argument | Description |
---|---|
hostname |
Name of the agent for which you need to download the log from the Audit Vault Server. For agentless collection of Oracle Database table trails
and Microsoft SQL Server directory trails, use |
Example
download agent log file from server for host myhost.mycompany.com
- Downloads the agent log files as a
.zip
file from the Audit Vault Server for themyhost.mycompany.com
host and saves the.zip
in the<AVCLI installation path>/av/log
directory. - If the total agent log size is less than 300 MB, then all agent log files are downloaded.
- If the total agent log size is greater than 300 MB, then only the latest log file for each agent component is downloaded if the latest log file is less than 50 MB.
A.3 Database Firewall AVCLI Commands
The AVCLI
Database Firewall commands enable you to configure the Database Firewall.
A.3.1 About the Database Firewall AVCLI Commands
The AVCLI
database firewall commands enable you to perform tasks such as registering or altering a database firewall.
A.3.2 ALTER FIREWALL
Use the ALTER FIREWALL
command to alter Oracle Database Firewall
attributes.
The ALTER
FIREWALL
command alters the Database Firewall attributes.
Syntax
ALTER FIREWALL firewall_name SET attribute=value [, attribute=value]
Arguments
Argument | Description |
---|---|
|
The name of the Database Firewall. |
|
The pair (attribute and new value) for the Database Firewall. Separate multiple pairs by a space on the command line. See Table A-4 for a list of attributes. |
Usage Notes
Table A-4 lists Database Firewall attributes that you can specify for the attribute=value argument.
Table A-4 Oracle Database Firewall Attributes
Parameter | Description |
---|---|
|
The new name of the Database Firewall. |
|
The IP address of the Database Firewall. |
Example
avcli> ALTER FIREWALL sample_fw1 SET NAME=sample_newfw1;
Database Firewall name changes from sample_fw1
to sample_newfw1
.
avcli> ALTER FIREWALL sample_fw1 SET IP=192.0.2.169;
Database Firewall IP address is set to 192.0.2.169.
A.3.3 CREATE RESILIENT PAIR
Use the CREATE RESILIENT PAIR
command to create a resilient pair with
two Oracle Database Firewall installations for high availability.
The CREATE
RESILIENT
PAIR
command creates a resilient pair with two Database Firewalls for high availability.
Syntax
CREATE RESILIENT PAIR FOR FIREWALL PRIMARY primary_firewall STANDBY standby_firewall
Arguments
Argument | Descriptions |
---|---|
|
The name of the primary Database Firewall. Only this Firewall can generate syslog alerts |
|
The name of the standby Database Firewall. This argument is available starting Oracle AVDF release 20.6. |
Starting Oracle AVDF 20.6, the pairing process of the Database Firewall
instances is a background job. See the Jobs dialog in the Audit Vault
Server console to check the status of high availability pairing. Locate for the job against
the entry Create DBFW resilient pair
. After completion of the pairing
process, navigate to the Database Firewalls tab and then to
High Availability tab in left navigation menu to verify the
resilient pair.
Example
avcli> CREATE RESILIENT PAIR FOR FIREWALL PRIMARY sample_fw1 SECONDARY sample_fw2;
A resilient pair is created with primary Database Firewall
sample_fw1
and standby Database Firewall sample_fw2.
A.3.4 DROP FIREWALL
Use the DROP FIREWALL
command to drop a registered Oracle Database
Firewall from Oracle Audit Vault Server.
The DROP FIREWALL
command drops an already registered Database Firewall from the Audit Vault Server.
Syntax
DROP FIREWALL firewall_name
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
Example
avcli> DROP FIREWALL sample_fw;
The Database Firewall sample_fw
is dropped.
A.3.5 DROP RESILIENT PAIR
Learn to use the DROP RESILIENT PAIR
command to drop a resilient
pair that contains the specified Oracle Database Firewall.
The DROP
RESILIENT
PAIR
command drops the resilient pair that contains the specified Database Firewall.
Syntax
DROP RESILIENT PAIR HAVING FIREWALL firewall_name
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
Example
avcli> DROP RESILIENT PAIR HAVING FIREWALL sample_fw1;
The existing resilient pair that includes Database Firewall sample_fw1
is broken.
A.3.6 LIST FIREWALL
Use the LIST FIREWALL
command to list all of the Oracle Database
Firewall installations that are registered with an Oracle Audit Vault Server.
The LIST
FIREWALL
command lists all the Database Firewalls registered with the Audit Vault Server.
Syntax
LIST FIREWALL
Example
avcli> LIST FIREWALL;
A list of Oracle Database Firewalls that are registered with Oracle Audit Vault Server appears.
A.3.7 POWEROFF FIREWALL
You can use the POWEROFF FIREWALL
command to turn off the power for
a named Oracle Database Firewall that is registered with Oracle Audit Vault
Server.
The POWEROFF
FIREWALL
command powers off a named Database Firewall that is already registered with the Audit Vault Server.
Syntax
POWEROFF FIREWALL firewall_name
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
Example
avcli> POWEROFF FIREWALL sample_fw;
The Database Firewall sample_fw
switches off.
A.3.8 REBOOT FIREWALL
Use the REBOOT FIREWALL
comment to reboot a named Oracle Database
Firewall that is registered with Oracle Audit Vault Server.
The REBOOT
FIREWALL
command reboots a named Database Firewall that is already registered with the Audit Vault Server.
Syntax
REBOOT FIREWALL firewall_name
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
Example
avcli> REBOOT FIREWALL
sample_fw;
The Database Firewall sample_fw
reboots.
A.3.9 REGISTER FIREWALL
Use the REGISTER FIREWALL
command to register an Oracle
Database Firewall that has a specific IP address with Oracle Audit Vault Server.
The REGISTER
FIREWALL
command registers the Database Firewall that has the specified IP address with the Audit Vault Server.
Syntax
REGISTER FIREWALL firewall_name WITH IP ip_address
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
|
The IP address of the Database Firewall. |
Usage Notes
The Database Firewall must be installed at the given IP address location.
To specify a firewall name with a space, enclose the entire string in quotes.
Example
avcli> REGISTER FIREWALL sample_fw WITH IP 192.0.2.14;
Database Firewall sample_fw
is installed at IP address 192.0.2.14
.
A.3.10 SWAP RESILIENT PAIR
Learn how to use the SWAP RESILIENT PAIR
command to swap Oracle
Database Firewall installations that are part of a resilient pair that includes a named Oracle
Database Firewall.
The SWAP
RESILIENT
PAIR
command swaps Database Firewalls in a resilient pair that includes the named Database Firewall.
Syntax
SWAP RESILIENT PAIR HAVING FIREWALL firewall_name
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
Example
avcli> SWAP RESILIENT PAIR HAVING FIREWALL sample_fw1;
In the existing resilient pair, Database Firewall sample_fw1
, the primary firewall is swapped with the secondary firewall, or the reverse.
A.3.11 SHOW STATUS FOR FIREWALL
Learn how to use the SHOW STATUS FOR FIREWALL
command to show the
status for an Oracle Database Firewall installation.
The SHOW
STATUS
command displays the status for a particular Database Firewall.
Syntax
SHOW STATUS FOR FIREWALL firewall_name
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
Example
avcli> SHOW STATUS FOR FIREWALL sample_fw1;
The running information for Oracle Database Firewall sample_fw1
appears.
A.4 Database Firewall Monitors AVCLI Commands
The Database Firewall monitoring points related AVCLI
commands enable you to configure the Database Firewall.
A.4.1 About Database Firewall Monitors AVCLI Commands
The Database Firewall monitoring points related AVCLI
commands enable you to configure the host computer on which the Audit Vault Agent
resides.
A.4.2 ALTER DATABASE FIREWALL MONITOR
Use the ALTER DATABASE FIREWALL MONITOR
command to alter
monitoring points and their attributes.
The ALTER DATABASE FIREWALL MONITOR
command alters the monitoring
point and the related attributes.
Syntax
ALTER DATABASE FIREWALL MONITOR FOR TARGET <target name> USING FIREWALL <firewall name> SET <options>
Arguments
Argument | Description |
---|---|
|
The name of the Database Firewall which is associated with the monitoring point. |
|
The name of the target which is associated with the Database Firewall monitoring point. |
|
Every option must be in The following attributes can be included in
|
|
The address of the target which needs to be monitored by the Database Firewall. The address needs to be in the following format:
|
|
The address of the target which needs to be removed from being monitored by the Database Firewall. |
|
The new network interface card (or traffic source) for the Database Firewall monitoring point. Starting in Oracle AVDF 20.3, for
Starting in Oracle AVDF 20.10, for
|
|
The Database Firewall deployment mode. Valid modes are:
|
|
|
|
|
|
|
Arguments in Release Oracle AVDF 20.5 and Earlier
Argument | Description |
---|---|
|
The address of the database for which the native network encrypted traffic monitoring needs to be enabled. |
|
The port number of the database for which the native network encrypted traffic monitoring needs to be enabled. |
|
The name of the database for which the native network encrypted traffic monitoring needs to be enabled. |
|
The credentials used to connect to the database for which the native
network encrypted traffic monitoring option needs to be enabled. The credentials
must be specified in the format |
|
|
Arguments in Release Oracle AVDF 20.6 and Later
Argument | Description |
---|---|
|
The address of the database for which the native network encrypted traffic monitoring needs to be enabled. |
|
The port number of the database for which the native network encrypted traffic monitoring needs to be enabled. |
|
The name of the database for which the native network encrypted traffic monitoring needs to be enabled. |
|
The credentials used to connect to the database for which the native
network encrypted traffic monitoring option needs to be enabled. The credentials
must be specified in the format |
|
|
Arguments in Release Oracle AVDF 20.8 and Later
Argument | Description |
---|---|
BLOCK_UNMATCHED_OSN |
True or False enables this option. This blocks the connection with service names other than the ones that are mentioned in the target connection details. |
Usage Notes
Attributes are specified by a comma separated list of key=value/pairs. The following key values are supported:
Note:
- The
ADD_ADDRESS
andREMOVE_ADDRESS
attributes are applicable for a single target only. It is not applicable for a RAC monitoring point. - Starting in AVDF 20.10 and only for monitoring (out-of-band) mode, you can specify multiple network interfaces cards. Otherwise, only one network interface card or traffic source can be used.
Examples
avcli> ALTER DATABASE FIREWALL MONITOR FOR TARGET target1 USING FIREWALL fw1 SET MODE=monitoring_out_of_band;
avcli> ALTER DATABASE FIREWALL MONITOR FOR TARGET target1 USING FIREWALL fw1 SET database_response=true, full_error_message=true;
avcli> ALTER DATABASE FIREWALL MONITOR FOR TARGET target1 USING FIREWALL fw1 SET add_address=1.2.3.4:1234:dbfwfb;
avcli> ALTER DATABASE FIREWALL MONITOR FOR TARGET mysource USING FIREWALL myfwset network_interface_card=enp0s3 enp0s10, database_response=true, full_error_message=true;
A.4.3 CREATE DATABASE FIREWALL MONITOR
The CREATE DATABASE FIREWALL MONITOR
command
creates Database Firewall monitoring points to protect the targets.
The CREATE DATABASE FIREWALL MONITOR
command creates a Database
Firewall monitoring point with the specified name and protects the
target with monitoring only, or monitoring and blocking mode.
Syntax
CREATE DATABASE FIREWALL MONITOR FOR TARGET <target name> USING FIREWALL <firewall name> WITH MODE <mode name> NETWORK INTERFACE CARD <network interface card> [PROXY PORT <proxy port number>] [ADD ADDRESS <ip:port[:service name | SID]>] [FOR TARGET MODE RAC]
Arguments
Argument | Descriptions |
---|---|
|
The name of the target. |
|
The name of the Database Firewall. |
|
The name of the network interface card (NIC). You may specify a
bonded NIC. Only one NIC is allowed except in
Starting in Oracle AVDF 20.10, for
Starting in Oracle AVDF 20.3, for
|
|
Proxy port number required only for
|
|
The available deployment modes are:
For For |
|
Ip address for the first Database Firewall monitoring point. It is mandatory for the first Database Firewall monitoring point for the specific target and Database Firewall. It is not allowed for the subsequent monitoring points being created. Format: |
|
Ip address. |
|
The port number |
|
The service name or SID of the Oracle Database. Note: If you plan to monitor more than one OSN on a target database:
|
|
Can be set only for Oracle Databases and if proxy port is set. |
Examples
create database firewall monitor for target mysource using firewall myfw with mode Monitoring_Blocking_Proxy network interface card eth1 proxy port 1 add address 192.0.2.0:24:srcdb for target mode rac;
Creates a Database Firewall monitoring point for the Database Firewall instance
myfw
using the network interface card eth1
with port 1
and protects the target mysource
with the mode
Monitoring_Blocking_Proxy
, adds address (host=192.0.2.0, port=24
and service=srcdb
) as an Oracle RAC instance.
create database firewall monitor for target mysource using firewall myfw with mode Monitoring_Host_Monitor network interface card eth0 add address 192.0.2.1:dbfwdb
Creates a Database Firewall monitoring point and monitors the target
mysource
for the Database Firewall instance myfw
using
network interface card eth0
in mode
Monitoring_Host_Monitor
; adds address (host=192.0.2.1, port=80,
service=dbfwdb
).
create database firewall monitor for target mysource using firewall myfw with mode Monitoring_Out_Of_Band network interface card eth0
Creates a Database Firewall monitoring point and monitors the target
mysource
for the Database Firewall instance myfw
using
network interface card eth0
in the mode
Monitoring_Out_Of_Band
; assuming addresses have been added before in the
first Database Firewall monitoring point for this target and the Database Firewall pair.
create database firewall monitor for target mysource using firewall myfw with mode Monitoring_Out_Of_Band network interface card enp0s3,enp0s10,enp0s9 add address 192.0.2.0:24:srcdb
Creates
a Database Firewall monitoring point on Database Firewall myfw
using
network interface cards enp0s3, enp0s10, and enp0s9
and protects the target
mysource
in mode Monitoring_Out_Of_Band
, adds
address host = 192.0.2.0, port=24 and service = srcdb
. Specifying
multiple network interface cards in Monitoring_Out_Of_Band
mode is
available starting in Oracle AVDF 20.10.
Result
In case the command is run successfully, the following output is displayed:
The command completed successfully.
In case the command is not successfully run, then it displays error. Here are some of the possible errors that are seen in Oracle AVDF release 20.8 and later:
Error | Description |
---|---|
|
The target name specified is invalid. Check for the correct name of the target,
by running |
|
The name of the Database Firewall instance specified is invalid.
Check for the correct name of the Database Firewall instance by running
|
|
The Database Firewall mode specified is invalid. The valid modes
are: |
|
The name of the network interface card specified is invalid. Check
for the correct name of the network interface card by running |
|
The proxy port number specified is invalid. Check for the correct proxy port number. |
|
The proxy port number is specified for
|
|
The proxy port number is not specified for
|
|
The proxy port number specified is being used by another Database Firewall monitoring point. |
|
The proxy port is specified for the |
|
The address or connection detail is not specified for the first Database Firewall monitoring point for the specific target and pair of Database Firewall instances. |
|
The address or connection detail is specified before and cannot be
changed again for the subsequent Database Firewall monitoring point for the
specific target and pair of Database Firewall instances. Check the existing
connection detail by running the |
|
Attempt to configure |
|
The address or connection detail is already specified for another target being monitored. |
A.4.4 DROP DATABASE FIREWALL MONITOR
Use the DROP DATABASE FIREWALL MONITOR
command to drop
monitoring points.
The DROP DATABASE FIREWALL MONITOR
command drops the monitoring
point.
Syntax
DROP DATABASE FIREWALL MONITOR FOR TARGET <target name> USING FIREWALL <firewall name>
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
|
The name of the target. |
Examples
avcli> DROP DATABASE FIREWALL MONITOR FOR TARGET sample_source USING FIREWALL sample_fw;
avcli> DROP DATABASE FIREWALL MONITOR FOR TARGET target1 USING FIREWALL fw1;
The monitoring point is dropped.
A.4.5 LIST DATABASE FIREWALL MONITOR
Use the LIST DATABASE FIREWALL MONITOR
command to list
all of the monitoring points associated with either the Database Firewall or the
target.
The LIST DATABASE FIREWALL MONITOR
command lists the monitoring
points associated with either the Database Firewall or the target.
Syntax
LIST DATABASE FIREWALL MONITOR FOR FIREWALL <firewall_name>
LIST DATABASE FIREWALL MONITOR FOR TARGET <target_name>
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
|
The name of the target. |
Example
avcli> LIST DATABASE FIREWALL MONITOR FOR FIREWALL sample_fw;
A list of all the monitoring points associated with the Database
Firewall sample_fw
appears.
avcli> LIST DATABASE FIREWALL MONITOR FOR TARGET sample_source;
A list all the monitoring points associated with the target
sample_source
appears.
A.4.6 START DATABASE FIREWALL MONITOR
Learn how to use the START DATABASE FIREWALL MONITOR
command to start a monitoring point that was previously suspended.
The START DATABASE FIREWALL MONITOR
command starts a monitoring
point that was previously suspended.
Syntax
START DATABASE FIREWALL MONITOR FOR TARGET <target name> USING FIREWALL <firewall name>
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
|
The name of the target. |
Examples
avcli> START DATABASE FIREWALL MONITOR FOR TARGET sample_source USING FIREWALL sample_fw;
avcli> START DATABASE FIREWALL MONITOR FOR TARGET target1 USING FIREWALL fw1;
The monitoring point is started.
A.4.7 STOP DATABASE FIREWALL MONITOR
Use the STOP DATABASE FIREWALL MONITOR
command to stop
monitoring point.
The STOP DATABASE FIREWALL MONITOR
command stops the monitoring
point of the target.
Syntax
STOP DATABASE FIREWALL MONITOR FOR TARGET <target name> USING FIREWALL <firewall name>
Arguments
Argument | Descriptions |
---|---|
|
The name of the Database Firewall. |
|
The name of the target. |
Examples
avcli> STOP DATABASE FIREWALL MONITOR FOR TARGET sample_source USING FIREWALL sample_fw;
avcli> STOP DATABASE FIREWALL MONITOR FOR TARGET target1 USING FIREWALL fw1;
The monitoring point is stopped.
A.5 Target AVCLI Commands
The AVCLI
target commands enable you to configure both database and nondatabase targets for Audit Vault Server.
The terms TARGET
and SECURED TARGET
are generally
synonymous in this release of Oracle Audit Vault and Database Firewall.
A.5.1 About the Target AVCLI Commands
The target AVCLI
commands enable you to perform tasks such
as registering or altering a target.
A.5.2 ALTER SECURED TARGET
Use the ALTER SECURED TARGET
command to modify the
attributes of targets.
The ALTER SECURED TARGET
command modifies the attributes of a target.
Syntax
ALTER SECURED TARGET secured_target_name SET attribute=value [, attribute=value]
Arguments
Argument | Description |
---|---|
|
The key/value pair for the target attributes of the target to be modified. You can modify one or more target attributes at a time using a space on the command line. See Also:
|
|
REQUIRED FOR ORACLE DATABASE ONLY: The service name or SID |
Table A-5 lists target attributes that you can specify,
Table A-5 Target Attributes
Attribute | Description |
---|---|
|
The name of the target database to be modified. The name is case-sensitive. This must not be defined already in the Audit Vault Server for another target. Special characters ( See Also: LIST SECURED TARGET to find a list of existing targets. |
|
The location of the target. Note: In case the target location was not specified during registration and if credentials are required to connect to the target, then the credentials must be specified along with the target location. |
|
The new username used to connect to the target. Audit Vault Server prompts for the new password. Credentials in |
|
The description for this target database instance |
|
The maximum number of monitoring point threads for the target. The valid range is between 1 and 16 (inclusive). The default value is 1. |
General Usage Examples
avcli> ALTER SECURED TARGET sample_source SET name=sample_source2;
The target name of sample_source
changed to sample_source2
.
avcli> ALTER SECURED TARGET sample_source SET credentials=scott;
The credentials used to connect to the target, sample_source,
are changed.
avcli> ALTER SECURED TARGET sample_source SET description='This is a new description';
Number of monitoring point threads is set for target,
sample_source
.
avcli> ALTER SECURED TARGET sample_source SET maximum_enforcement_point_threads=14;
The description for the target, sample_source
, is changed.
avcli> ALTER SECURED TARGET sample_source set maximum_enforcement_point_threads = 10;
Sets the maximum number of monitoring point threads for target
sample_source
to 10.
Oracle Example:
avcli> ALTER SECURED TARGET secured target sample_source set location=jdbc:oracle:thin:@//new_sample_host:1521:sample_db;
The location of the target, sample_source
, changes.
A.5.3 DROP SECURED TARGET
Learn how to use the DROP SECURED TARGET
command to remove the
registration of a specified target from Oracle Audit Vault Server.
The DROP SECURED TARGET
command removes the registration of the specified target from Audit Vault Server.
Syntax
DROP SECURED TARGET secured_target_name
Arguments
Argument | Description |
---|---|
|
The name of the target. To find all registered targets, see "LIST SECURED TARGET". |
Usage Notes
Ensure that all trails associated with this target are in stopped state before dropping the target. Otherwise, the DROP
SECURED
TARGET
command fails. See HELP
STOP
COLLECTION
for an explanation of how to stop active trails.
Dropping a target stops the Audit Vault Server from monitoring it. Any audit data collected earlier continues to be available in the Audit Vault Server repository.
Examples
avcli> DROP SECURED TARGET sample_source;
Drops the sample_source
target.
A.5.4 LIST ATTRIBUTE FOR SECURED TARGET
Use the LIST ATTRIBUTE FOR SECURED TARGET
command to list the
attributes of targets.
The LIST ATTRIBUTE FOR SECURED TARGET
command lists the attributes of a given target.
Syntax
LIST ATTRIBUTE FOR SECURED TARGET secured target name;
Arguments
Argument | Description |
---|---|
|
The name of the target. To find all registered targets, see "LIST SECURED TARGET". |
A.5.5 LIST METRICS
Use the LIST METRICS
command to list the metrics of a given target,
such as various trails.
The LIST METRICS
command lists the metrics of a given target, such as various trails.
Syntax
LIST METRICS FOR SECURED TARGET secured_target_name
Arguments
Argument | Description |
---|---|
|
The name of the target To find all registered targets, see "LIST SECURED TARGET". |
Usage Notes
The LIST METRICS
command has the same usage for all target types.
Examples
avcli> LIST METRICS FOR SECURED TARGET sample_source;
Metrics available for the target, sample_source
, are listed.
A.5.6 LIST SECURED TARGET
Use the LIST SECURED TARGET
command to list various
active targets that are registered with Audit Vault Server.
The LIST SECURED TARGET
command lists the active targets registered
with the Audit Vault Server.
Syntax
LIST SECURED TARGET;
Lists the active target names registered with Audit Vault Server.
A.5.7 LIST SECURED TARGET TYPE
Use the LIST SECURED TARGET TYPE
command to list various
target types that are registered with Audit Vault Server.
The LIST SECURED TARGET TYPE
command lists various target types
currently registered in the Audit Vault Server.
Syntax
LIST SECURED TARGET TYPE
Example
avcli> list secured target type;
Lists various target type names currently registered with the Audit Vault Server.
A.5.8 REGISTER SECURED TARGET
Use the REGISTER SECURED TARGET
command to register
targets to be monitored by Audit Vault Server.
The REGISTER SECURED TARGET
command registers a target to be
monitored by Audit Vault Server.
Syntax
REGISTER SECURED TARGET secured_target_name OF SECURED TARGET TYPE "secured_target_type" [AT location] [AUTHENTICATED BY username] [DEPLOYMENT MODE deployment mode]
Arguments
Argument | Description |
---|---|
|
Name of target. Must be unique. Special characters ( |
|
A valid target type, for example See Also: LIST SECURED TARGET TYPE to find a list of supported target types. |
|
The target database connection information. See Also: This is optional. It can be added later. The location is an opaque string that specifies how to connect to the target, typically a JDBC connect string. The syntax that you use depends on the target type. See the database-specific Usage Notes below. If location is not provided, certain features such as entitlement retrieval, audit settings management, SPA retrieval, and audit trail collection are disabled if applicable to this target type. |
|
Optional. Credentials to connect to the target. After you enter the See the database specific usage notes in the following sections. |
|
Optional. Deployment mode of target. This argument is available starting with release Oracle AVDF 20.7. For Oracle Database having Active Data Guard with Unified
Auditing, specify the |
General Examples
avcli> HELP REGISTER SECURED TARGET;
Displays detailed help for the REGISTER
SECURED
TARGET
command.
Oracle Database Usage Notes and Examples
-
Authentication credentials must be specified along with the target location if credentials are required to connect to the target.
-
For the
location
argument, enter the host name, port number, and service ID (SID), separated by a colon. Use the following syntax:AT host:port:service
-
JDBC connect string format for different target types are specified below. For example:
Oracle Database:
jdbc:oracle:thin:@//<host>:<port>/<service name | SID>
Sybase ASE and Sybase SQL Anywhere:
jdbc:av:sybase://<host>:<port>
Note:
Sybase SQL Anywhere was deprecated in Oracle AVDF release 20.7 and is desupported in 20.8.Microsoft SQL Server:jdbc:av:sqlserver://<host>:<port>
Note:
Microsoft SQL Server 2012 was deprecated in Oracle AVDF 20.12, and it will be desupported in one of the future releases.
IBM DB2 DBARS and IBM DB2 LUW:
jdbc:av:db2://<host>:<port>/<database name>
MySQL:
jdbc:av:mysql://<host>:<port>/mysql
-
If you are unsure of this connection information, then run the
lsnrctl status
listener_name
command on the computer where you installed the target database. -
For the
AUTHENTICATED BY
command, enter the user name, and Audit Vault Server prompts you for the password.AUTHENTICATED BY <username>/<password>
is accepted from file input through.av
file. This user account must exist in the target database.To find this user, query the
SESSION_PRIVS
andSESSION_ROLES
data dictionary views. -
For Oracle Database having Active Data Guard with Unified Auditing, specify the
DEPLOYMENT MODE
asADG
.
Oracle Database Examples
avcli> REGISTER SECURED TARGET sample_source OF SECURED TARGET TYPE "Oracle Database" AT jdbc:oracle:thin:@//anymachinename:1521/example.com AUTHENTICATED BY system DEPLOYMENT MODE ADG;
Registers an Oracle target, sample_source
, of target type
Oracle Database
, reachable using connect string
jdbc:oracle:thin:@//anymachinename: 1521/example.com
using
credentials system
and deployment mode ADG.
SQL Server Example With DB
avcli > REGISTER SECURED TARGET sample_mssqldb OF SECURED TARGET
TYPE "Microsoft SQL Server" AT jdbc:av:sqlserver://hostname:port authenticated by
<user>;
SQL Server Example with Windows Authentication
avcli > REGISTER SECURED TARGET sample_mssqldb OF SECURED TARGET TYPE "Microsoft SQL Server" AT “jdbc:av:sqlserver://<Host Name>:<Port>;authenticationMethod=ntlmjava;domain=<domain name>” authenticated by <windows user>;
IBM DB2 Example
avcli> REGISTER SECURED TARGET sample_db2db OF SECURED TARGET TYPE "IBM DB2 LUW" AT jdbc:av:db2://host:port authenticated by sa;
Registers a DB2 target, sample_db2db
, of target type
"IBM DB2 LUW"
, reachable using connect string
jdbc:av:db2://
host:port
using credentials
authenticated by sa
.
A.5.9 UPLOAD OR DELETE WALLET FILE
Use the UPLOAD OR DELETE WALLET FILE
to upload or delete target
wallet files.
This command is used to upload and delete a target wallet file.
Syntax
ALTER SECURED TARGET <Secured target name> SET
WALLET_FILE=<Path of the wallet file>
ALTER SECURED TARGET <Secured target name> DROP ATTRIBUTE
WALLET_FILE
Arguments
Argument | Description |
---|---|
|
Name of the target. |
|
Name of wallet attribute (Key). |
|
Path to wallet file (Value). |
Examples
alter secured target mysource set wallet_file=/dir1/dir2/wallet.sso;
Uploads the target wallet file to the specified location of the Audit Vault Server using a TCPS connection.
alter secured target mysource drop attribute wallet_file;
Deletes the target wallet from the location using a TCPS connection.
A.6 Target Group AVCLI Commands
The AVCLI
target group commands enable you to alter a target
group.
Table A-6 AVCLI Target Group Commands
Command | Description |
---|---|
Adds a specific target to a target group. |
|
Deletes a specific target from a target group. |
A.6.1 ADD TARGET
Use this command to add a specific target to a target group.
Syntax
ALTER TARGETGROUP <target group name> ADD TARGET <target name>
HELP ALTER TARGETGROUP
Arguments
Argument | Description |
---|---|
|
To seek help on available options. |
|
The name of the specific target that needs to be added. |
|
The name of the specific target group. |
Example
alter targetgroup tg1 add target t1
A.6.2 ALTER TARGET GROUP
Use the ALTER TARGET GROUP
command to modify the
specified target group.
To add or delete targets from the specified target group. To modify the description of the target group.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
ALTER TARGET GROUP <target group name> ADD TARGET <target name>
To add a target to an existing target group.
ALTER TARGET GROUP <target group name> DELETE TARGET <target name>
To remove the target from an existing target group.
ALTER TARGET GROUP <target group name> MODIFY DESCRIPTION <description>
To modify the description of an existing target group.
HELP ALTER TARGET GROUP
To seek help on available options.
Arguments
Argument | Description |
---|---|
|
The name of the specified target group that needs to be modified. |
target name |
The name of the specified target that needs to be added or deleted from the target group. |
description |
The new description of the specified target group. |
Examples
alter target group tg1 add target t1;
This command adds target t1
to the target group
tg1
.
alter target group tg1 delete target t1;
This command deletes target t1
from the target group
tg1
.
alter target group tg1 modify description 'new description';
The description of the specified target group is modified to the specified one.
A.6.3 CREATE TARGET GROUP
Use the CREATE TARGET GROUP
command to create a target
group with the specified name.
To create a target group with the given name. A target group can be created only by a super administrator or superauditor.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
CREATE TARGET GROUP <target group name>
Creates a target group with the specified name.
CREATE TARGET GROUP <target group name> DESCRIPTION <description>
Optionally add a description while creating the new target group.
Arguments
Argument | Description |
---|---|
|
The name of the target group being created. Special characters ( |
Examples
CREATE TARGET GROUP test22
A new target group with the name test22
is created.
create target group my_group2 description 'new group for new reports';
Creates a target group my_group2
with description
new group for new reports
.
A.6.4 DELETE TARGET
Use this command to delete a specific target from a target group.
Syntax
ALTER TARGETGROUP <target group name> DELETE TARGET <target
name>
HELP ALTER TARGETGROUP
Arguments
Argument | Description |
---|---|
|
To seek help on available options. |
|
The name of the specific target that needs to be deleted. |
|
The name of the specific target group. |
Example
alter targetgroup tg1 delete target t1
A.6.5 DROP TARGET GROUP
Use the DROP TARGET GROUP
command to remove the
registration of the specified target group from Audit Vault Server.
To drop the specified target group from Audit Vault Server.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
DROP TARGET GROUP <target group name>
Arguments
Argument | Description |
---|---|
|
The name of the specified target group being dropped. |
Example
DROP TARGET GROUP test22
The target group with the name test22
is dropped.
A.6.6 LIST TARGET GROUPS
Use the LIST TARGET GROUPS
command to view a list of all
target groups for a user.
To view a list of all target groups for a user.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
LIST TARGET GROUPS
This command lists all the target groups for the current user.
Example
list target groups;
Lists all the target groups.
A.6.7 LIST TARGETS OF TARGET GROUP
Use the LIST TARGETS OF TARGET GROUP
command to view a
list of active targets in a specific target group.
To view a list of active targets in a specific target group.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
LIST TARGETS OF TARGET GROUP <target group name>
This command lists various active targets in a specific target group. The output contains the name, location, and description for each target.
Arguments
Argument | Description |
---|---|
|
The name of the target group for which the active targets are being listed. |
Example
list targets of target group tg1;
Lists various active targets of the target group tg1
.
A.7 Audit Trail Collection AVCLI Commands
The audit trail collection AVCLI commands enable you to perform tasks such as starting and stopping audit trail collections.
A.7.1 About Oracle Audit Trail AVCLI Commands
The AVCLI
target audit trial collection commands enable you to manage the audit trail collections for the targets.
A.7.2 DROP TRAIL FOR SECURED TARGET
This command drops a trail that no longer needs to be monitored.
Note:
An audit trail must be in a STOPPED state in order for it to be dropped. A trail that has previously collected audit data associated with it cannot be dropped.Syntax
DROP TRAIL FOR SECURED TARGET secured_target_name USING HOST hostname FROM location [WITH CONNECTION <connection_name>]
Arguments
Argument | Description |
---|---|
|
The name of the target whose audit trail you want to drop. |
|
The name of the host where the target agent resides. For agentless collection of Oracle Database table trails
and Microsoft SQL Server directory trails, use |
|
The
|
|
Optional. Connection name. Applicable for Oracle AVDF release 20.7 and later. For Oracle Database having Active Data Guard with
Unified Auditing, the trails can connect to the
current primary database using failover connection
string. Or trails can connect to individual
databases in Active Data Guard using connection
name, specified using The The The connection name can be either
|
See Also:
-
LIST SECURED TARGET to find all registered targets.
-
LIST HOST to find a list of configured agent hosts.
-
LIST ATTRIBUTE FOR SECURED TARGET for detailed information about a target.
Examples
avcli> DROP TRAIL FOR SECURED TARGET sample_source USING HOST foo FROM DIRECTORY /opt/audit_trail;
The audit trail from the directory /opt/audit_trail
for
target sample_source
is dropped.
avcli> DROP TRAIL FOR SECURED TARGET sample_source USING HOST foo FROM TABLE sys.aud$;
The audit trail from table trail sys.aud$
for target
sample_source
is dropped.
avcli> DROP TRAIL FOR SECURED TARGET sample_source USING HOST foo FROM SYSLOG DEFAULT /usr/syslog/syslog*;
Syslog trail /usr/syslog/syslog*
for target
sample_source
is dropped.
avcli> DROP TRAIL FOR SECURED TARGET sample_source USING HOST foo FROM TRANSACTION LOG /extract;
The transaction log trail from the directory /extract for target
sample_source
is dropped.
avcli> DROP TRAIL FOR SECURED TARGET mysource USING HOST foo FROM TABLE unified_audit_trail WITH CONNECTION failover_connection;
Deletes table trail unified_audit_trail
for
target mysource
using failover connection specified during
target registration. This is applicable only for Oracle Database having
Active Data Guard with Unified Auditing starting with Oracle AVDF release
20.7.
avcli> DROP TRAIL FOR SECURED TARGET mysource USING HOST foo FROM TABLE unified_audit_trail WITH CONNECTION av.target.connection.<name>;
Deletes table trail unified_audit_trail
for
target mysource
using connection name in the format
av.target.connection.<name>
specified during
target registration. This is applicable only for Oracle Database having
Active Data Guard with Unified Auditing starting with Oracle AVDF release
20.7.
A.7.3 LIST TRAIL FOR SECURED TARGET
Use the LIST TRAIL FOR SECURED TARGET
command to list audit trails
that have been started with the START COLLECTION
command or stopped with
the STOP COLLECTION
command,
The LIST TRAIL FOR SECURED TARGET
command lists the available audit trails that have been started with the START COLLECTION
command or stopped with the STOP COLLECTION
command.
Syntax
LIST TRAIL FOR SECURED TARGET secured_target_name
Arguments
Argument | Description |
---|---|
|
The name of the target. To find a list of existing targets, see "LIST SECURED TARGET". |
Usage Notes
LIST TRAIL FOR SECURED TARGET
does not list audit trails have been
created but not yet started or stopped.
Examples
avcli> LIST TRAIL FOR SECURED TARGET
sample_source;
The trails available for the target sample_souce
are listed.
A.7.4 START COLLECTION FOR SECURED TARGET
This command starts the collection of specified audit trail data from a given target, optionally using the specified collection plug-in.
Note:
If the audit trail does not already exist, then it is created and started.Syntax
START COLLECTION FOR SECURED TARGET secured_target_name USING HOST host FROM location [USING PLUGIN plugin id] [WITH CONNECTION <connection_name>]
Arguments
Argument | Description |
---|---|
secured_target_name |
The name of the target whose audit trail collection you want to begin. |
|
The name of the host where the target agent resides. For agentless collection of Oracle Database table trails
and Microsoft SQL Server directory trails, use |
|
The
|
|
The collection plug-in id being used. Required if there is more than one possible plug-in. Optional if there is only one plug-in. |
|
Optional. Connection name. For Oracle Database having Active Data Guard with Unified Auditing,
the trails can connect to the current primary database using
failover connection string. Or trails can connect to individual
databases in Active Data Guard using the connection name specified
using The The The The connection name can be either
|
See Also:
-
LIST SECURED TARGET to find all registered targets.
-
LIST HOST to find a list of configured agent hosts.
-
LIST ATTRIBUTE FOR SECURED TARGET for detailed information about a target.
-
LIST PLUGIN FOR SECURED TARGET TYPE to find a list of existing plug-ins for the type.
General Usage Notes
To start the trail, the agent process which manages the trail should also be in running state. If the collection process connects to the target, the target must up and running. When multiple plug-ins can process audit data from a target, use the optional USING
PLUGIN
directive to disambiguate the collection process.
A trail starts in the START_REQUESTED
state and transitions to a starting state, followed by a running state. If there is no outstanding audit data to process from the given trail, the collection process switches to an idle state. The current state can be viewed using the LIST
TRAIL
command.
If a trail must be authenticated, the Audit Vault Server uses the credentials provided in the AUTHENTICATED BY
argument of the REGISTER SECURED TARGET
command.
After you run the START COLLECTION
command, the Audit Vault Server begins to collect audit data from the configured targets. If you want to stop the collection, then run the STOP COLLECTION
command.
Windows Systems Usage Notes
On Windows systems, enter directory and file name locations in either double-quoted strings or as a nonquoted string using forward slashes. For example:
... FROM DIRECTORY "c:\app\oracle\product\11.1\av"; ... FROM DIRECTORY c:/app/oracle/product/11.1/av;
General Examples
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM directory /opt/audit_trail;
Audit data collection from trail /opt/audit_trail
for target
sample_source
starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM TABLE sys.aud$;
Audit data collection from table trail sys.aud$
for target
sample_source
starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM syslog /usr/syslog/syslog*;
Collecting syslog trail /usr/syslog/syslog*
for target
sample_source
starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM event log application;
Collecting application event log trail for target
sample_source
starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM transaction log /extract;
Audit data collection from trail /extract for target
sample_source
.
Collecting transaction log data from trail location
/extract
for target sample_source
starts.
avcli> START COLLECTION FOR SECURED TARGET sample_source USING HOST foo FROM TABLE sys.aud$ USING PLUGIN com.sample_plugin;
Audit data collection from table trail sys.aud$
for the target
sample_source
, using the com.sample_plugin
, plug-in
starts.
avcli> START COLLECTION FOR SECURED TARGET mysource USING HOST foo FROM TABLE unified_audit_trail WITH CONNECTION failover_connection;
Starts collecting audit data from table trail
unified_audit_trail
for target mysource
using
failover connection specified during target registration. This is applicable only
for Oracle Database having Active Data Guard with Unified Auditing starting with
Oracle AVDF release 20.7.
avcli> START COLLECTION FOR SECURED TARGET mysource USING HOST foo FROM TABLE unified_audit_trail WITH CONNECTION av.target.connection.<name>;
Starts collecting audit data from table trail
unified_audit_trail
for target mysource
using
connection name in the format av.target.connection.<name>
specified during target registration. This is applicable only for Oracle database
having Active Data Guard with Unified Auditing starting with Oracle AVDF release
20.7.
Oracle Database Target Usage Notes
Audit Trail Settings
For the operating system type of audit trail, use the following settings:
Type of Audit Trail | trail_type Setting | audit_trail Setting |
---|---|---|
Operating system directory |
|
|
Syslog file |
|
|
Windows event log |
|
N/A |
SQL Server Target Usage Notes
Audit Trail Settings
You can write the SQL Server audit trail to the Windows event log, C2 trace files, or server side trace files. The FROM
trail_type
audit_trail
arguments are as follows:
Type of Audit Trail | trail_type Setting | audit_trail Setting |
---|---|---|
Windows event log |
|
N/A |
C2 trace file |
|
|
Server-side trace files |
|
|
|
|
|
Best Practice:
The user must have admin privileges to access the security event log collector system. The user has an option to choose the following properties as the maximum event log size.
Event Log Properties | To Accomplish |
---|---|
Overwrite event as needed |
To delete the oldest event first. It automatically clears events. |
Do not overwrite events |
To avoid overwriting of existing events. In this case the user has to manually clear the event log. |
Sybase ASE Target Usage Notes and Examples
For the Sybase ASE audit trail, set the trail_type
audit_trail
setting to TABLE SYSAUDITS
.
Sybase ASE Example
avcli> START COLLECTION FOR SECURED TARGET hr_syb_db USING HOST sybserver FROM TABLE SYSAUDITS;
MySQL Usage Notes
The trail location
is the path to the directory where
converted XML files are created by running the MySQL XML transformation utility.
IBM DB2 Usage Notes and Examples
For the IBM DB2 audit trail, set the trail_type
audit_trail
setting to DIRECTORY
directory_location
.
IBM DB2 Example
avcli> START COLLECTION FOR SECURED TARGET hr_db2_db USING HOST db2server FROM DIRECTORY "d:\temp\trace";
Oracle Solaris Target Usage Notes
For an Oracle Solaris target, the trail location
used in
this command must be in the format:
hostname
:
path_to_trail
where hostname
matches the host name in the audit log names,
which look like this:
timestamp1
.
timestamp2
.
hostname
Windows Target Usage Notes
For a Windows target, the event log audit trail type collects data from the Windows Security Event Log. The trail location
used in this command must be security
.
Best Practice:
The user must have admin privileges to access the security event log collector system. The user has an option to choose the following properties as the maximum event log size.
Event Log Properties | To Accomplish |
---|---|
Overwrite event as needed |
To delete the oldest event first. It automatically clears events. |
Do not overwrite events |
To avoid overwriting of existing events. In this case the user has to manually clear the event log. |
Active Directory Target Usage Notes
For Active Directory target, the event log audit trail type collects data from the security and directory service. The trail location used in this command must be security or directory service.
Best Practice:
Event Log Properties When Maximum Event Log Size Is Reached | To Accomplish |
---|---|
Overwrite event as needed |
It is recommended to select To delete the oldest event first. It automatically clears events. |
Do not overwrite events |
To avoid overwriting of existing events. In this case the user has to manually clear the event log. |
A.7.5 Create Audit Trail for a Secured Target
Learn how to create and start an audit trail.
To create a new audit trail, use the command syntax mentioned in START COLLECTION FOR SECURED TARGET. In case the audit trail does not already exist, then it is created and started.
A.7.6 STOP COLLECTION FOR SECURED TARGET
This command stops audit trail collection.
Syntax
STOP COLLECTION FOR SECURED TARGET secured_target_name
USING HOST hostname FROM location
[USING PLUGIN plugin_id]] [WITH CONNECTION <connection_name>]
Arguments
Argument | Description |
---|---|
|
The name of the target for the trail collection you want to stop. |
|
The name of the host where the target agent resides. For agentless collection of Oracle Database table trails
and Microsoft SQL Server directory trails, use |
|
The
|
|
The collection plug-in id being used. Required if there is more than one possible plug-in. Optional if there is only one plug-in. |
|
Optional. Connection name. For Oracle Database having Active Data Guard with Unified Auditing,
the trails can connect to the current primary database using
failover connection string. Or trails can connect to individual
databases in Active Data Guard using connection name, specified
using The The The The connection name can be either
|
See Also:
-
LIST SECURED TARGET to find a list of all registered targets.
-
LIST HOST to find a list of configured agent hosts.
-
LIST ATTRIBUTE FOR SECURED TARGET for detailed information about a target.
-
LIST PLUGIN FOR SECURED TARGET TYPE to find a list of existing plug-ins for the type.
-
LIST TRAIL FOR SECURED TARGET to view the current state of target.
General Usage Notes
Since the command is sent to the trail directly, the agent process does not need to be in running state. When multiple plug-ins process audit data from a target, use the optional USING
PLUGIN
directive to disambiguate the process.
A trail will be in a STOP_REQUESTED
state when stopped and transitions to a stopping state, followed by a stopped state.
Windows Systems Usage Notes
On Windows systems, enter directory and file name locations in either double-quoted strings or as a nonquoted string using forward slashes. For example:
... FROM DIRECTORY "c:\app\oracle\product\11.1\av"; ... FROM DIRECTORY c:/app/oracle/product/11.1/av;
General Examples
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM directory /opt/audit_trail;
Audit data collection from trail /opt/audit_trail
for target
sample_source
stops.
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM TABLE sys.aud$;
Audit data collection from table trail sys.aud$
for target
sample_source
stops.
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM syslog /usr/syslog/syslog*;
Collecting syslog trail /usr/syslog/syslog*
for target
sample_source
stops.
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM event log application;
Collecting application event log trail for target
sample_source
stops
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM transaction log /extract;
Collecting transaction log data from trail location /extract for target
sample_source
stops
avcli> STOP COLLECTION FOR SECURED TARGET sample_source USING HOST sample_host FROM TABLE sys.aud$ USING PLUGIN com.sample_plugin;
Audit data collection from table sys.aud$
for the target,
sample_source
, using the com.sample_plugin
, plug-in
stops
avcli> STOP COLLECTION FOR SECURED TARGET mysource USING HOST foo FROM TABLE unified_audit_trail WITH CONNECTION failover_connection;
Stops collecting audit data from table trail
unified_audit_trail
for target mysource
using
failover connection specified during target registration. This is applicable only
for Oracle Database having Active Data Guard with Unified Auditing starting with
Oracle AVDF release 20.7.
avcli> STOP COLLECTION FOR SECURED TARGET mysource USING HOST foo FROM TABLE unified_audit_trail WITH CONNECTION av.target.connection.<name>;
Stops collecting audit data from table trail
unified_audit_trail
for target mysource
using
connection name in the format av.target.connection.<name>
specified during target registration. This is applicable only for Oracle Database
having Active Data Guard with Unified Auditing starting with Oracle AVDF release
20.7.
Oracle Database Usage Notes and Examples
Audit Trail Settings
For the operating system type of audit trail, use the following settings:
Oracle Database Examples
Operating system directory example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM DIRECTORY $ORACLE_HOME/logs;
Operating system syslog file example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM SYSLOG /etc/syslog.conf;
Operating system Windows event log example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM EVENTLOG;
Database audit trail example:
avcli> START COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM TABLE sys.aud$;
TRANSACTION LOG example:
avcli> START COLLECTION FOR SECURED TARGET hr_sql_db USING HOST hrdb.example.com FROM TRANSACTION LOG /extract;
SQL Server Usage Notes and Example
The SQL Server audit trail can be in the Windows event log, C2 trace files, or server side trace files. The FROM
trail_type
audit_trail
arguments are as follows:
Type of Audit Trail | trail_type Setting | audit_trail Setting |
---|---|---|
Windows event log |
|
n/a |
C2 trace file |
|
|
Server-side trace files |
|
|
SQL Server Examples
Windows event log example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST mssqlserver FROM EVENTLOG;
C2 trace example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST mssqlserver FROM DIRECTORY "c:\SQLAuditFile*.trc";
Server-side trace example:
avcli> STOP COLLECTION FOR SECURED TARGET hr_sql_db USING HOST mssqlserver FROM DIRECTORY "c:\SQLAuditFile*.trc";
Sybase ASE Usage Notes and Example
For the Sybase ASE audit trail, set the trail_type
audit_trail
setting to TABLE SYSAUDITS
.
Sybase ASE Example
avcli> STOP COLLECTION FOR SECURED TARGET hr_syb_db USING HOST sybserver FROM TABLE SYSAUDITS;
MySQL Usage Notes
The trail location
is the path to the directory where
converted XML files are created by running the MySQL XML transformation utility.
IBM DB2 Usage Notes and Example
For the IBM DB2 audit trail, set the trail_type
audit_trail
setting to DIRECTORY
directory_location
.
IBM DB2 Example
avcli> STOP COLLECTION FOR SECURED TARGET hr_db2_db USING HOST db2server FROM DIRECTORY "d:\temp\trace";
Oracle Solaris Usage Notes
For Oracle Solaris, the trail location must be in the format:
hostname
:
path_to_trail
where hostname
matches the host name in the audit log names, which look like this:
timestamp1
.
timestamp2
.
hostname
Windows Target Usage Notes
For a Windows target, the event log audit trail type collects data from the Windows Security Event Log. The trail location
used in this command must be security
.
A.7.7 MOVE COLLECTION FOR SECURED TARGET
Starting in Oracle AVDF 20.11, this command moves the audit collection for the specified trail from one audit agent to another.
Syntax
MOVE COLLECTION FOR SECURED TARGET <secured target name> ON <location> [WITH CONNECTION <connection name>] FROM AGENT <current agent> TO AGENT <another agent>
The <location> can be either: DIRECTORY <directory name/mask>
or TABLE <table name>
.
Usage Notes
- The audit collection for the specified trail can be moved from current agent to
another agent only if the trail is in
STOPPED
state. - Move the audit collection command is only supported for Oracle table trails and Microsoft SQL Server - sqlaudit and XEL directory trails.
- For Oracle Database having Active Data Guard(ADG) with Unified Auditing, the
trails can connect to current primary database using failover connection string
or trails can connect to individual databases in ADG using connection name,
specified using
WITH CONNECTION
directive. - The
WITH CONNECTION
directive should only be used for Oracle database having Active Data Guard with Unified Auditing.- The
WITH CONNECTION
directive should not be used for non-Active Data Guard databases. - The
WITH CONNECTION
directive should not be used for Active Data Guard databases with Traditional Auditing.
- The
- The connection name can be either
failover_connection
or it can be audit collection attribute name in the formatav.target.connection.<name>
specified during target creation. - The
FROM AGENT
directive is used to specify the current agent on which the audit collection is currently configured. TheTO AGENT
directive is used to specify the agent to which the audit collection needs to be moved. - The audit collections present on an agent can be viewed using the
LIST COLLECTION FOR AGENT
command.
Examples
/opt/audit_trail
for
secured target mysource
from agent1
to
agent2
.MOVE COLLECTION FOR SECURED TARGET mysource ON DIRECTORY /opt/audit_trail FROM AGENT agent1 TO AGENT agent2
trail sys.aud$
for secured target
mysource
from agent1
to
agent2
.MOVE COLLECTION FOR SECURED TARGET mysource ON TABLE sys.aud$ FROM AGENT agent1 TO AGENT agent2
unified_audit_trail
for secured
target mysource
using failover connection from
agent1
to agent2
. This is applicable only for
Oracle database having Active Data Guard with Unified Auditing. Failover connection
string is specified during Active Data Guard target
registration.MOVE COLLECTION FOR SECURED TARGET mysource ON TABLE unified_audit_trail WITH CONNECTION failover_connection FROM AGENT agent1 TO AGENT agent2
unified_audit_trail
for secured
target mysource
using connection
av.target.connection.<name>
from agent1
to
agent2
. This is applicable only for Oracle database having
Active Data Guard with Unified Auditing. Connection
av.target.connection.<name>
is specified using audit
collection attribute during target
registration.MOVE COLLECTION FOR SECURED TARGET mysource ON TABLE unified_audit_trail WITH CONNECTION av.target.connection.<name> FROM AGENT agent1 TO AGENT agent2
Related Topics
A.8 SMTP Connection AVCLI Commands
The AVCLI
SMTP commands enable you to manage SMTP email notifications for Audit Vault Server reports and alert.
A.8.1 About the SMTP Connection AVCLI Commands
The AVCLI
SMTP connection commands enable you to perform tasks such as registering and modifying SMTP connections.
A.8.2 ALTER SMTP SERVER
Use the ALTER SMTP SERVER
command to modify SMTP server configurations
and states.
The ALTER SMTP SERVER
command modifies the SMTP server
configuration and state.
Syntax
ALTER_SMTP SERVER AT host:[port] | [SENDER ID sender_id]| [SENDER EMAIL sender_email] | [AUTHENTICATED BY username]
Arguments
Argument | Description |
---|---|
|
The name, and optionally, the outgoing port number of the SMTP server. The |
|
The user ID of the person responsible for sending the email (that is, the email address that appears after |
|
The email address of the person whose ID you entered for the |
|
Optional. The authentication credentials for the recipient user. If the SMTP server runs in authenticated mode and needs a valid user name to connect
to send emails, use the |
Usage Notes
-
After you complete the SMTP server configuration, it is enabled and ready to use.
-
If the SMTP server is a secure server, then run the
ALTER SYSTEM SMTP SECURE MODE ON
command after you runREGISTER SMTP SERVER
. -
To test the configuration, run the
TEST SMTP SERVER
command. -
If you omit an argument, then Audit Vault Server uses the previously configured setting.
Example
avcli> ALTER SMTP SERVER AT new_sample_host:465;
The host and port configuration information of the SMTP server is changed.
avcli> ALTER SMTP SERVER SENDER ID new-do-not-reply;
The sender ID configuration information of the SMTP server is changed.
avcli> ALTER SMTP SERVER AT new_sample_host:465 sender id new-do-not-reply;
The host and port as well as the sender ID of the SMTP server is changed.
A.8.3 ALTER SMTP SERVER DISABLE
Use the ALTER SMTP SERVER DISABLE COMMAND
to disable SMTP server
configurations.
The ALTER SMTP SERVER DISABLE
command disables the SMTP server configuration.
Syntax
ALTER SMTP SERVER DISABLE
Usage Notes
-
After you disable the configuration, Audit Vault Server preserves the most recent configuration. So, when you re-enable the configuration, this configuration is made active again.
-
To find details about the most recent service configuration, see "LIST ATTRIBUTE OF SMTP SERVER".
-
This command may be useful when the SMTP Server is down for system maintenance.
Example
avcli> ALTER SMTP SERVER DISABLE; SMTP integration is disabled.
Disables the integration between the Audit Vault and SMT Server.
A.8.4 ALTER SMTP SERVER ENABLE
Use the ALTER SMTP SERVER ENABLE
command to enable SMTP server
configurations for servers that you have registered with the REGISTER SMTP
SERVER
command or that you modified with the ALTER SMTP SERVER
command.
The ALTER SMTP SERVER ENABLE
command enables SMTP server configurations for servers registered with the REGISTER SMTP SERVER
command or modified with the ALTER SMTP SERVER
command.
Syntax
ALTER SMTP SERVER ENABLE
Usage Notes
-
When you enable the configuration, Audit Vault Server uses the configuration that was in place when you last disabled the SMTP configuration.
-
To find details about the most recent service configuration, see "LIST ATTRIBUTE OF SMTP SERVER".
Example
avcli> ALTER SMTP SERVER ENABLE; SMTP integration is enabled.
Enables the integration between the Audit Vault and SMTP server.
A.8.5 ALTER SMTP SERVER SECURE MODE OFF
Use the ALTER SMTP SERVER SECURE MODE OFF
command to disable the
secure mode in secure SMTP servers.
The ALTER SMTP SERVER SECURE MODE OFF
command disables secure mode in an existing secure SMTP server.
Syntax
ALTER SMTP SERVER SECURE MODE OFF
Usage Notes
Run this command after you run either the REGISTER SMTP SERVER or ALTER SMTP SERVER command.
Example
avcli> ALTER SMTP SERVER SECURE MODE OFF; Updated SMTP server configuration to not use secure protocol.
Sets the SMTP Server registered with Oracle Audit Server to non-secure mode.
A.8.6 ALTER SMTP SERVER SECURE MODE ON
Use the ALTER SMTP SERVER SECURE MODE ON
command to enable SMTP
server configurations and specify the secure protocol mode that is in use.
The ALTER SMTP SERVER SECURE MODE ON
command enables the SMTP server configuration and specifies the secure protocol mode used.
Syntax
ALTER SMTP SERVER SECURE MODE ON PROTOCOL [SSL | TLS ] [TRUSTSTORE location]
Arguments
Argument | Description |
---|---|
|
Optional: One of the following types of protocol:
|
|
The path to the truststore file used to validate the server certificates. Optional. |
Usage Notes
Run this command after you run either the REGISTER SMTP SERVER
or ALTER SMTP SERVER
command.
Only run this command if the SMTP server that you are configuring is a secure server.
See Also:
Examples
avcli> ALTER SMTP SERVER SECURE MODE ON PROTOCOL ssl TRUSTSTORE /sample_tstore;
This command acknowledges that the SMTP Server registered with Oracle Audit Vault Server is in secure mode, that is, supports SSL or TLS, and uses the file /sample_tstore
to validate the certificate obtained from the SMTP Server during connects.
avcli> ALTER SMTP SERVER SECURE MODE ON PROTOCOL tls TRUSTSTORE /sample_tstore;
This example sets TLS protocol instead of SSL.
A.8.7 DROP SMTP SERVER
Use the DROP SMTP SERVER
command to unregister the SMTP server that
is registered with Oracle Audit Vault Server and remove associated configuration
metadata.
The DROP SMTP SERVER
command unregisters the SMTP Server registered with the Audit Vault Server and removes any associated configuration metadata.
Syntax
DROP SMTP SERVER
Example
avcli> DROP SMTP SERVER; SMTP server unregistered successfully.
The SMTP Server is unregistered and any associated configuration metadata is removed.
A.8.8 LIST ATTRIBUTE OF SMTP SERVER
Use the LIST ATTRIBUTE OF SMTP SERVER
command to dislay the current
SMTP configuration details the Oracle Audit Vault Server uses.
The LIST ATTRIBUTE OF SMTP SERVER
command displays the current SMTP configuration details used by Audit Vault Server.
Syntax
LIST ATTRIBUTE OF SMTP SERVER
Usage Notes
To reconfigure the SMTP service connection, run the ALTER SMTP SERVER
("ALTER SMTP SERVER") command.
Example
avcli> LIST ATTRIBUTE OF SMTP SERVER;
The configuration data/attributes for the SMTP server appear.
A.8.9 REGISTER SMTP SERVER
Use the REGISTER SMTP SERVER
command to register SMTP
server configurations with Audit Vault Server.
The REGISTER SMTP SERVER
command registers the SMTP server
configuration with the Audit Vault Server.
Syntax
REGISTER SMTP SERVER AT host:[port] SENDER ID sender_id SENDER EMAIL sender_email [AUTHENTICATED BY username]
Arguments
Argument | Description |
---|---|
|
The name, and optionally, the outgoing port number of the SMTP server. The |
|
The user ID of the person responsible for sending the email (that is, the email address that appears after |
|
The email address of the person whose ID you entered for the |
|
Optional. The authentication credentials for the recipient user. If the SMTP server runs in authenticated mode and needs a valid username and
password to connect to send emails, use the Audit Vault Server prompts for the password. |
Usage Notes
-
Right after you create the SMTP server configuration, it is enabled and ready to use.
-
If the SMTP server is a secure server, then run the
ALTER SYSTEM SMTP SECURE MODE ON
command after you runREGISTER SMTP SERVER
. -
To test the configuration, run the
TEST SMTP SERVER
command. -
This command associates the
sender id
andsender email
with this configuration data so that all generated emails are sent with thissender id
andsender email
.
Examples
avcli> REGISTER SMTP SERVER AT sample_mail.example.com sender id "do-not-reply";
For an SMTP server running in non-authentication mode at sample_mail.example.com
, all email is generated and sent from the address: do-not-reply<donotreply@example.com>
.
avcli> REGISTER SMTP SERVER AT sample_mail.example.com:455 SENDER ID av-alerts SENDER EMAIL avalerts@example.com AUTHENTICATED BY smtpuser
For an SMTP server running in authentication mode at
sample_mail.example.com
, port 455
; all email is
generated and sent from the address: av-alerts<avalerts@example.com>
.
The credentials smtpuser
connect to this server to send emails. The
password has to be entered in the next step by following the prompt.
A.8.10 TEST SMTP SERVER
Use the TEST SMTP SERVER
command to test the SMTP integration with
Oracle Audit Vault Server by sending a test email.
The TEST SMTP SERVER
command tests SMTP integration with the Audit Vault Server by sending a test email.
Syntax
TEST SMTP SERVER SEND EMAIL TO email_address
Arguments
Argument | Description |
---|---|
|
Recipient of the test email notification |
Usage Notes
-
If the test fails, then check the configuration by running the
LIST ATTRIBUTE OF SMTP SERVER
command. -
You can recreate the configuration by running the
ALTER_SMTP SERVER
command. -
If there are no errors, a test email appears in the mail box of the user specified by the
e-mail address
argument. -
You can provide a list of comma-separated email addresses to this command.
-
A SMTP Server must first be registered with the Audit Vault Server before this command can be used.
Example
avcli> TEST SMTP SERVER SEND EMAIL TO me@example.com;
To test the SMTP integration, a test email is sent to the email address, me@example.com
.
avcli> TEST SMTP SERVER SEND EMAIL TO abc@example1.com,xyz@example2.com;
To test the SMTP integration, a test email is sent to the email address list, abc@example1.com,xyz@example2.com
.
A.9 Security Assessment AVCLI Commands
Use the security assessment AVCLI commands to collect security assessment data for Oracle Database targets. Run these commands as an auditor user.
Related Topics
A.9.1 RETRIEVE SECURITY ASSESSMENT FROM TARGET
Use the RETRIEVE SECURITY ASSESSMENT FROM TARGET
command to submit security assessment jobs for Oracle Database targets.
Syntax
RETRIEVE SECURITY ASSESSMENT FROM TARGET target_name
Arguments
Argument | Description |
---|---|
target_name | Name of the Oracle Database target for which want to run the security assessment job. |
Example
The following command retrieves security assessment data for the Oracle Database
target named t1
.
RETRIEVE SECURITY ASSESSMENT FROM TARGET t1
Related Topics
A.10 Security Management AVCLI Commands
The AVCLI security management commands enable you to manage various administrator and super administrator privileges.
A.10.1 About the Security Management AVCLI Commands
The security management AVCLI
commands enable you to
perform tasks such as registering and modifying SMTP connections.
A.10.2 ALTER DATA ENCRYPTION
Use the ALTER DATA ENCRYPTION
command to change Transparent Data
Encryption (TDE) configuration to rekey or to reset the repository encryption
password.
The ALTER DATA ENCRYPTION
command enables super administrators to
change the Transparent Data Encryption (TDE) configuration in an Oracle Audit Vault
Server repository. A super administrator can use this command to rekey the master
encryption key, or to reset the repository encryption (wallet) password.
Syntax
ALTER DATA ENCRYPTION
REKEY
ALTER DATA ENCRYPTION CHANGE WALLET PASSWORD
Examples
avcli>
ALTER DATA ENCRYPTION
REKEY
;
This command rekeys the master encryption key for the Audit Vault Server repository.
avcli> ALTER DATA ENCRYPTION CHANGE WALLET PASSWORD;
This commands gives prompts to change the repository encryption (wallet) password.
A.10.3 ALTER USER
Use the ALTER USER
command to unlock user accounts.
The ALTER USER
command unlocks a user account. Only super
administrators can run this command.
Syntax:
ALTER USER username ACCOUNT UNLOCK
Example:
avcli> ALTER USER scott ACCOUNT UNLOCK;
The account for user scott
is unlocked.
Note:
To unlock super administrator or super auditor, follow these steps:
- Connect to the Audit Vault Server as root user.
- Switch user to dvaccountmgr:
su dvaccountmgr
- Run
sqlplus /
. - Run the command:
ALTER USER <super administrator/auditor username> ACCOUNT UNLOCK
A.10.4 GRANT ACCESS
Use the GRANT ACCESS
command to grant access to target names or
target group names for specified users.
The GRANT
ACCESS
command grants access to a target name or target group name to a specified user.
Syntax
GRANT ACCESS ON SECURED TARGET secured_target_name TO username GRANT ACCESS ON SECURED TARGET GROUP secured_target_group name TO username
Arguments
Argument | Description |
---|---|
|
The specified user. |
|
The name of the target. |
|
The name of the target group. |
Example
avcli> GRANT ACCESS ON SECURED TARGET sample_source TO scott;
User scott
granted access to target sample_source
.
avcli> GRANT ACCESS ON SECURED TARGET GROUP hr_db_group TO hr;
User hr
granted access to group of targets specified by the group hr_db_group
.
A.10.5 GRANT ADMIN
Use the GRANT ADMIN command to grant administrator privileges to specified users.
The GRANT
ADMIN
command grants administrator privileges to specified user.
Syntax
GRANT ADMIN TO username
Arguments
Argument | Description |
---|---|
|
The specified user. |
Example
avcli> GRANT ADMIN TO scott;
Administrator privileges granted to user scott
.
A.10.6 GRANT AUDITOR
Use the GRANT AUDITOR command to grant auditor privileges to the specified user.
The GRANT AUDITOR
command grants auditor privileges to the
specified user.
Note:
This command is available starting Oracle AVDF release 20.4.Syntax
GRANT AUDITOR TO <username>
Arguments
Argument | Description |
---|---|
|
The specified user. |
Example
avcli> GRANT AUDITOR TO scott;
Auditor privileges granted to user scott
.
A.10.7 GRANT SUPERADMIN
Use the GRANT SUPERADMIN
command to grant super administrator
privileges to users who are specified by username.
The GRANT SUPERADMIN
command grants super administrator privileges to the user specified by username
.
Syntax
GRANT SUPERADMIN TO username
Arguments
Argument | Description |
---|---|
|
The specified user. |
Usage Notes
This user automatically receives regular administrator rights as well.
Example
avcli> GRANT SUPERADMIN TO scott;
Super administrator (and administrator) privileges granted to user scott
.
A.10.8 GRANT SUPERAUDITOR
Use the GRANT SUPERAUDITOR
command to grant super
auditor privileges to a specific user.
The GRANT SUPERAUDITOR
command grants super auditor privileges to
the specified user.
Note:
This command is available starting Oracle AVDF release 20.4.Syntax
GRANT SUPERAUDITOR TO <username>
Arguments
Argument | Description |
---|---|
|
The specified user. |
Usage Notes
This user automatically receives regular auditor rights as well.
Example
avcli> GRANT SUPERAUDITOR TO scott;
Super auditor (and auditor) privileges granted to user scott
.
A.10.9 REVOKE ACCESS
Use the REVOKE ACCESS command to revoke access to targets or target group names for specified users.
The REVOKE
ACCESS
command revokes access to a target or target group name from a specified user.
Syntax
REVOKE ACCESS ON SECURED TARGET secured_target_name
FROM username
REVOKE ACCESS ON SECURED TARGET GROUP secured_target_group_name FROM username
Arguments
Argument | Description |
---|---|
|
The specified user. |
|
The name of the target. |
|
The name of the target group. |
Example
avcli> REVOKE ACCESS ON SECURED TARGET sample_source FROM scott;
Access to target sample_source
revoked from user scott
.
avcli> REVOKE ACCESS ON SECURED TARGET GROUP hr_db_group FROM hr;
Access to a group of targets specified by the group hr_db_group
revoked from user hr
.
A.10.10 REVOKE ADMIN
Use the REVOKE ADMIN command to revoke administrator privileges from specified users.
The REVOKE
ADMIN
command revokes administrator privileges from specified user.
Syntax:
REVOKE ADMIN FROM username
Arguments
Argument | Description |
---|---|
|
The specified user. |
Example:
avcli> REVOKE ADMIN FROM scott;
Administrator privileges revoked from user scott
.
A.10.11 REVOKE AUDITOR
Use the REVOKE AUDITOR command to revoke auditor privileges from specified users.
The REVOKE AUDITOR
command revokes auditor privileges from specified
user.
Note:
This command is available starting Oracle AVDF release 20.4.Syntax:
REVOKE AUDITOR FROM <username>
Arguments
Argument | Description |
---|---|
|
The specified user. |
Example
avcli> REVOKE AUDITOR FROM scott;
Auditor privileges revoked from user scott
.
A.10.12 REVOKE SUPERADMIN
Use the REVOKE SUPERADMIN
command to revoke super administrator
privileges from users who are specified by username.
The REVOKE
SUPERADMIN
command revokes super administrator privileges from users specified by username
.
Syntax:
REVOKE SUPERADMIN FROM username
Arguments
Argument | Description |
---|---|
|
The specified user. |
Usage Notes
The user continues to retain regular administrator rights.
Example:
avcli> REVOKE SUPERADMIN FROM scott;
Super administrator privileges are revoked from user scott
.
A.10.13 REVOKE SUPERAUDITOR
Use the REVOKE SUPERAUDITOR
command to revoke super
auditor privileges from a specific user.
The REVOKE SUPERAUDITOR
command revokes super auditor privileges
from a specific user.
Note:
This command is available starting Oracle AVDF release 20.4.Syntax
REVOKE SUPERAUDITOR FROM <username>
Arguments
Argument | Description |
---|---|
|
The specified user. |
Usage Notes
The user continues to retain regular auditor rights.
Example
avcli> REVOKE SUPERAUDITOR FROM scott;
Super auditor privileges are revoked from user scott
. User
scott
continues to be a normal auditor.
A.10.14 SHOW DATA ENCRYPTION STATUS
Use the SHOW DATA ENCRYPTION STATUS
command to show whether data
encryption is enabled for Oracle Audit Vault Server repositories.
The SHOW DATA ENCRYPTION STATUS
command shows whether encryption is
enabled or disabled. Encryption is automatically enabled on new installations.
Syntax
SHOW DATA ENCRYPTION STATUS
Example
avcli> SHOW DATA ENCRYPTION STATUS;
This command shows the encryption status (enabled or disabled).
A.11 SAN Storage AVCLI Commands
You can manage SAN servers with SAN storage AVCLI commands.
A.11.1 About the SAN Storage AVCLI Commands
The AVCLI
SAN storage commands enable you to perform tasks such as registering and altering SAN servers.
A.11.2 ALTER DISKGROUP
Use the ALTER DISK GROUP
command to alter a diskgroup by adding or
dropping disks.
The ALTER DISKGROUP
command alters a disk group by adding or
dropping disks from the group.
Syntax:
ALTER DISKGROUP SYSTEMDATA|EVENTDATA|RECOVERY ADD DISK disk_name [ON SECONDARY] ALTER DISKGROUP SYSTEMDATA|EVENTDATA|RECOVERY DROP DISK disk_name [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
Argument | Description |
---|---|
|
Name of the disk to add or drop. When adding a disk, the disk must be available in the system, and not previously added to a disk group. To display all disks available in the system, use the command "LIST DISK". |
Examples:
avcli> ALTER DISKGROUP SYSTEMDATA ADD DISK disk1;
Adds disk1
to the SYSTEMDATA
disk group.
avcli> ALTER DISKGROUP RECOVERY DROP DISK disk2;
Drops disk2
from the RECOVERY
disk group.
A.11.3 ALTER SAN SERVER
Use the ALTER SAN SERVER
command to alter SAN servers
that are registered with Audit Vault Server by logging into or logging out of a target that
is available on the SAN server.
The ALTER SAN SERVER
command alters a SAN server registered with
the Audit Vault Server by logging in or logging out of a target available on the SAN
server.
Syntax
ALTER SAN SERVER server_name LOGIN target_name ADDRESS address [PORT port][AUTHENTICATED BY username] [ON SECONDARY]
ALTER SAN SERVER server_name LOGOUT target_name ADDRESS address [PORT port][AUTHENTICATED BY username] [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
Argument | Description |
---|---|
|
Name of the SAN server registered with the Audit Vault Server. |
|
Name of the target on the SAN server. To get a list of targets, use the command "LIST TARGET FOR SAN SERVER". |
|
IP address or hostname of the target on the SAN server |
|
Optional. Default is 3260. |
|
If needed, credential used to log in to the target. The user name and password is accepted from file input through
|
Example
avcli> ALTER SAN SERVER testServer1 LOGIN target1 ADDRESS sample_target.example.com AUTHENTICATED BY username1;
Alter the SAN server testServer1
by logging into
target1
at address sample_target.example.com
using credentials username1
. The default port number 3260 will be
used.
avcli> ALTER SAN SERVER testServer2 LOGOUT target2 ADDRESS sample_target.example.com;
Alter the SAN server testServer2
by logging out of target2
at address sample_target.example.com
.
A.11.4 DROP SAN SERVER
Use the DROP SAN SERVER
command to drop SAN servers that are
registered with Oracle Audit Vault Server.
The DROP SAN SERVER
command removes a SAN server registered with the
Audit Vault Server.
Syntax:
DROP SAN SERVER server_name [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
Argument | Description |
---|---|
|
Name of the SAN server registered with the Audit Vault Server. |
Example:
avcli> DROP SAN SERVER testServer1;
Removes SAN server testServer1
from the Audit Vault Server.
A.11.5 LIST DISK
Use the LIST DISK
commant to see details of disks that
are available on your system.
The LIST DISK
command displays details of all disks available in
the system, or disks in a specific disk group.
Syntax:
LIST DISK [FOR DISKGROUP SYSTEMDATA|EVENTDATA|RECOVERY] [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Examples:
avcli> LIST DISK;
Displays the details of all disks in the system.
avcli> LIST DISK FOR DISKGROUP SYSTEMDATA;
Displays the details of the SYSTEMDATA
disk group.
A.11.6 LIST DISKGROUP
Use the LIST DISKGROUP
command to see the details of all
disk groups in your system.
The LIST DISKGROUP
command displays details of a disk group in the
Audit Vault Server.
Syntax:
LIST DISKGROUP [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Example:
avcli> LIST DISKGROUP;
Displays details for all disk groups in the system, for example, name, total space, and free space. To see details of disk in a specific disk group, use the command "LIST DISK".
A.11.7 LIST SAN SERVER
Use the LIST SAN SERVER
command to display the details
of SAN servers that are registered with Oracle Audit Vault Server.
The LIST SAN SERVER
command displays details of SAN servers
registered with Oracle Audit Vault Server.
Syntax:
LIST SAN SERVER [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Example:
avcli> LIST SAN SERVER;
Displays details of SAN servers registered in the system, for example, storage name, storage type, etc.
A.11.8 LIST TARGET FOR SAN SERVER
Use the LIST TARGET FOR SAN SERVER
command to alter SAN servers that
are registered with Oracle Audit Vault Server by logging into or logging out of a target
that is available on the SAN server
The LIST TARGET FOR SAN SERVER
command displays details of the
targets available on a specified SAN server.
Syntax:
LIST TARGET FOR SAN SERVER server_name [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
Argument | Description |
---|---|
|
Name of the SAN server registered with the Audit Vault Server. |
Example:
avcli> LIST TARGET FOR SAN SERVER testServer1;
Displays the details of targets available on SAN server testServer1
.
A.11.9 REGISTER SAN SERVER
Use the REGISTER SAN SERVER
to register SAN servers of
a specified storage type with Audit Vault Server.
The REGISTER SAN SERVER
command registers a SAN server with the
Audit Vault Server.
Syntax
REGISTER SAN SERVER SAN_server_name OF TYPE storage_type ADDRESS address [PORT port] [METHOD discovery_method] [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Arguments
Argument | Description |
---|---|
|
Name of the SAN server. Must be unique. |
|
Storage type. Currently, only |
|
IP address SAN server |
|
Optional. Port number. Default is 3260. |
|
Optional. Method used to discover targets. Possible values are: SENDTARGETS [AUTHENTICATED BY <username>] ISNS
Default is |
Examples
avcli> REGISTER SAN SERVER testServer1 OF TYPE iSCSI ADDRESS 192.0.2.1;
Registers a SAN server testServer1
of storage type iSCSI
at address 192.0.2.1
. The default port number 3260
and the default discovery method sendtargets
will be used.
avcli> REGISTER SAN SERVER testServer2 Of Type iSCSI ADDRESS 192.0.2.1 METHOD sendtargets AUTHENTICATED BY username2;
Registers a SAN server testServer2
of storage type
iSCSI
at address 192.0.2.1
using the discover
method sendtargets
with credentials username2
.
A.11.10 SHOW iSCSI INITIATOR DETAILS FOR SERVER
Use the SHOW iSCSI INITIATOR DETAILS FOR SERVER
command to see the
iSCSI initiator details for Oracle Audit Vault Server.
The SHOW ISCSI INITIATOR DETAILS FOR SERVER
command displays iSCSI
initiator details for Oracle Audit Vault Server. These initiator details are used in
the SAN server configuration to allow it to connect to the Audit Vault Server.
Syntax:
SHOW ISCSI INITIATOR DETAILS FOR SERVER [ON SECONDARY]
Use the [ON SECONDARY]
option in a high availability configuration to apply this command to secondary Audit Vault Server.
Example:
avcli> SHOW ISCSI INITIATOR DETAILS FOR SERVER;
Displays the iSCSI initiator details for the Audit Vault Server.
A.12 Remote File System AVCLI Commands
Use the remote file system AVCLI commands to mange remote file systems. These commands support registering and managing connections to NFS file systems that are used as archive locations.
A.12.1 About the Remote File System AVCLI Commands
Use the remote file system AVCLI
commands to configure
remote file systems to work with Oracle Audit Vault and Database Firewall.
A.12.2 ALTER REMOTE FILESYSTEM
Use the ALTER REMOTE FILESYSTEM
command to alter remote file systems
that are registered with Oracle Audit Vault Server.
The ALTER REMOTE FILESYSTEM
command alters a remote filesystem
registered with Oracle Audit Vault Server.
Syntax:
ALTER REMOTE FILESYSTEM filesystem_name SET {key=value [,key=value...]} ALTER REMOTE FILESYSTEM filesystem_name MOUNT ALTER REMOTE FILESYSTEM filesystem_name UNMOUNT [FORCE]
Arguments
Argument | Description |
---|---|
|
Name of the remote filesystem |
|
For an NFS remote filesystem, the |
Examples:
avcli> ALTER REMOTE FILESYSTEM sample_filesystem SET NAME=newfilesystem;
Changes the name of the remote filesystem sample_filesystem
to newfilesystem
.
avcli> ALTER REMOTE FILESYSTEM sample_filesystem MOUNT;
Mounts the remote filesystem sample_filesystem
.
avcli> ALTER REMOTE FILESYSTEM sample_filesystem UNMOUNT;
Unmounts remote filesystem sample_filesystem
.
avcli> ALTER REMOTE FILESYSTEM sample_filesystem UNMOUNT FORCE;
Unmounts remote filesystem sample_filesystem
and forces this operation.
A.12.3 DROP REMOTE FILESYSTEM
Use the DROP REMOTE FILESYSTEM
command to drop remote file sytems
that are registered with Oracle Audit Vault Server.
The DROP REMOTE FILESYSTEM
command drops a remote filesystem
registered with the Audit Vault Server.
Syntax:
DROP REMOTE FILESYSTEM file_system_name
Arguments
Argument | Description |
---|---|
|
Name of the remote filesystem. |
Examples:
avcli> DROP REMOTE FILESYSTEM filesystem1;
Drops the remote filesystem filesystem1
.
A.12.4 LIST EXPORT
Use the LIST EXPORT
command to display the list of exports that are
available on an NFS server.
The LIST EXPORT
command displays the list of exports available on a
NFS server.
Syntax:
LIST EXPORT OF TYPE NFS ON HOST address
Arguments
Argument | Description |
---|---|
|
Hostname or IP address of the NFS server. |
Example:
avcli> LIST EXPORT OF TYPE NFS ON HOST example_server.example.com;
Lists the exports available on the NFS server example_server.example.com.
A.12.5 LIST REMOTE FILESYSTEM
Use the LIST REMOTE FILESYSTEM
command to list all of the remote
file systems that are registered with Oracle Audit Vault Server.
The LIST REMOTE FILESYSTEM
command lists all of the remote file
systems that are registered with Oracle Audit Vault Server.
Syntax:
LIST REMOTE FILESYSTEM
Example:
avcli> LIST REMOTE FILESYSTEM;
Lists all remote filesystems registered with Oracle Audit Vault Server.
A.12.6 REGISTER REMOTE FILESYSTEM
Use the REGISTER REMOTE FILESYSTEM
command to register remote file
systems with Oracle Audit Vault Server.
The REGISTER REMOTE FILESYSTEM
command registers a remote file system
with the Audit Vault Server. This command currently supports registering an NFS
file system. After registering a remote file system, an administrator can select it
when specifying an archive location.
Syntax:
REGISTER REMOTE FILESYSTEM filesystem_name OF TYPE NFS ON HOST NFS_server_address USING EXPORT export [MOUNT]
Arguments
Argument | Description |
---|---|
|
A unique name for the remote file system. Special characters (&<>"/;,*|=% and --) cannot be used for remote file system names. |
|
Host name or IP address of the NFS server |
|
Name of the export directory on the NFS server. This directory must be created in Note: Special characters (such as $, #, and !) are not allowed in export directory names. |
Note:
-
Log in as Oracle user
503
to register the remote file system. Use the same user name on the NFS Server and the Audit Vault Server. -
If this is any different, then edit the
/etc/passwd/
file in the NFS Server and change the USER ID of Oracle user to503
.
Examples:
avcli> REGISTER REMOTE FILESYSTEM sample_Filesystem OF TYPE NFS ON HOST example_host.example.com USING EXPORT /export/home1;
Registers a remote NFS file system named sample_Filesystem
on the host example_host.example.com
using the export directory /export/home1
. This will mount the registered remote file system.
avcli> REGISTER REMOTE FILESYSTEM sample_Filesystem OF TYPE NFS ON HOST example_host.example.com USING EXPORT /export/home1 MOUNT;
Registers a remote NFS file system named sample_Filesystem
on the host example_host.example.com
using the export directory /export/home1
. This will also mount the registered remote file system.
A.12.7 SHOW STATUS OF REMOTE FILESYSTEM
Use the SHOW STATUS OF REMOTE FILESYSTEM
command to show
the status of remote file systems that are registered with Oracle Audit Vault
Server.
The SHOW STATUS OF REMOTE FILESYSTEM
command shows the status of a
specified remote file system.
Syntax:
SHOW STATUS OF REMOTE FILESYSTEM filesystem_name
Arguments
Argument | Description |
---|---|
|
Name of the remote filesystem |
Examples:
avcli> SHOW STATUS OF REMOTE FILESYSTEM filesystem1;
Shows the status of remote filesystem filesystem1
.
A.13 Server Management AVCLI Commands
The server management AVCLI commands enable you to manage the server, such as checking certificates and downloading log files.
A.13.1 About the Server Management AVCLI Commands
The AVCLI
server management commands manage aspects of
Oracle Audit Vault and Database Firewall such as altering the system set.
A.13.2 ALTER SYSTEM SET
Use the ALTER SYSTEM SET
command to modify system configuration
data.
The ALTER
SYSTEM
command modifies system configuration data.
Syntax:
ALTER SYSTEM SET {attribute=value [,attribute=value...]}
Arguments
Argument | Description |
---|---|
|
System attributes as key/value pairs. See Table A-7. |
Usage Notes
Typically, system configuration data affects all components system-wide.
Multiple component log levels can be changed by delimiting them using the | symbol.
Modify system configuration data by altering the attributes associated with the data using key=value pairs and multiple attributes by specifying comma-separated pairs.
Log files are in the $Oracle_Home
/av/log
directory in the Audit Vault Server.
The following attributes
are supported:
Table A-7 System Attributes
Parameter | Description |
---|---|
|
The log level of components running on this host. The
See Table A-8 for component names and log level values. Multiple components' log levels can be changed by delimiting them using the |
|
Sets the system heartbeat interval to a numerical value in seconds. |
|
The interval in seconds before the system will try to restart failed audit trails. Default: 1800 |
|
The number of times the system attempts to start failed audit trails. Oracle AVDF release 20.1 to 20.6: 5 times (default) Oracle AVDF release 20.7 and onwards: 20 times (default) |
Table A-8 shows valid values for component_name
and loglevel_value
for the LOGLEVEL
attribute:
Table A-8 Logging component names and values
Logging component name | Values |
---|---|
|
Alert |
|
Agent |
|
Archive and Retrieve |
|
Data Warehouse |
|
Database Firewall |
|
Web Concole UI |
|
Java Server Process |
|
Notification |
|
Plug-in Management |
|
Policy Management |
|
Report Generation |
|
SAN Storage |
|
Transaction Log Trail |
|
All components. Valid only with |
Table A-9 Logging level and values
Parameter | Description |
---|---|
|
The |
|
The |
|
The |
|
The Be aware that |
Examples
avcli> ALTER SYSTEM SET SYS.HEARTBEAT_INTERVAL=10;
The SYS.HEARTBEAT_INTERVAL
system configuration setting changes to 10 seconds.
avcli> ALTER SYSTEM SET LOGLEVEL=JfwkLog:DEBUG|PfwkLog:INFO;
The log levels of the JfwkLog
and PfwkLog
components running on the system change.
avcli> ALTER SYSTEM SET SYS.AUTOSTART_INTERVAL=900;
The system will restart failed audit trails after 900 seconds.
See Also:
Downloading Detailed Diagnostics Reports for Oracle Audit Vault Server for information about generating a diagnostics report that captures Audit Vault Server appliance information.
A.13.3 DOWNLOAD LOG FILE
Use the DOWNLOAD LOG FILE
to download Oracle Audit Vault Server log
files to perform diagnostics,
The DOWNLOAD LOG FILE
command downloads the diagnostics log file (as a .zip
file) from the Audit Vault Server and saves it in the following directory:
AVCLI_installation_path
/av/log
Syntax
DOWNLOAD LOG FILE FROM SERVER
Example
avcli> DOWNLOAD LOG FILE FROM SERVER;
The Audit Vault Server log file is downloaded.
A.13.4 SHOW CERTIFICATE
Use the SHOW CERTIFICATE
command to display Oracle Audit Vault
Server certificates.
The SHOW
CERTIFICATE
command displays the certificate for the Audit Vault Server.
Syntax
SHOW CERTIFICATE FOR SERVER
Example
avcli> SHOW CERTIFICATE FOR SERVER;
The Oracle Audit Vault Server certificate appears.
A.14 Collection Plug-In AVCLI Commands
Use the AVCLI
collection plug-in commands to manage the
deployment of collection plug-ins.
A.14.1 About the Collection Plug-In AVCLI Commands
Use the AVCLI
collection plug-in commands to work with
plug-ins, such as downloading and listing plug-ins.
A.14.2 DEPLOY PLUGIN
Use the DEPLOY PLUGIN
command to deploy plug-ins into Oracle Audit
Vault Server homes from a given archive file.
The DEPLOY PLUGIN
command deploys a plug-in into the Audit Vault Server home from a given archive file.
Syntax
DEPLOY PLUGIN plugin archive
Arguments
Argument | Description |
---|---|
|
The plug-in archive. Archive files have an |
Usage Notes
No action is required after this command.
The DEPLOY
PLUGIN
command updates the agent archive with the contents of this plug-in for future Agent deployments.
When a newer version of the plug-in is available, use the DEPLOY
PLUGIN
command to update the plug-in artifacts. Multiple plug-ins can support a single target type.
Example
avcli> DEPLOY PLUGIN /opt/avplugins/sample_plugin.zip;
Deploys the plug-in at /opt/avplugins/sample_plugin.zip
into the Audit Vault Server and updates the agent archive by adding the plug-in to its contents.
A.14.3 LIST PLUGIN FOR SECURED TARGET TYPE
Use the LIST PLUGIN FOR SECURED TARGET TYPE
command to list all of
the plug-ins in Audit Vault Server installations.
The LIST PLUGIN FOR SECURED TARGET TYPE
command lists all the plug-ins that support a particular target type.
Syntax
LIST PLUGIN FOR SECURED TARGET TYPE secured target type name
Arguments
Argument | Description |
---|---|
|
The name of the target type |
Usage Notes
To find a list of available target types, see "LIST SECURED TARGET TYPE".
Examples
avcli> LIST PLUGINS FOR SECURED TARGET TYPE "Oracle Database";
The plug-ins that support the target type "Oracle Database" are listed.
A.14.4 UNDEPLOY PLUGIN
Use the UNDEPLOY PLUGIN
command to undeploy plug-ins from Oracle
Audit Vault Server homes.
The UNDEPLOY
PLUGIN
command deletes a plug-in from an Audit Vault Server home.
Syntax
UNDEPLOY PLUGIN plugin_id
Arguments
Argument | Description |
---|---|
|
The |
Usage Notes
UNDEPLOY
PLUGIN
attempts to identify dependent plug-ins or packages prior to deleting the plug-in.
This command undeploys a plug-in specified by the plug-in ID from the Audit Vault Server. It also updates the agent archive removing this plug-in, so that it is not deployed in future agent deployments.
Examples
avcli> UNDEPLOY PLUGIN com.abc.sample_plugin
;
The plug-in, com.abc.sample_plugin
, is undeployed from Oracle Audit Vault Server and the agent archive is updated by removing the plug-in.
A.15 General Usage AVCLI Commands
You can find general information, such as help, from the general usage AVCLI commands.
A.15.1 About the General Usage AVCLI Commands
The AVCLI
general usage commands enable you to perform
tasks such as connecting to servers or identifying users.
A.15.2 CLEAR LOG
Use the CLEAR LOG
command to clear a system's diagnostic
logs.
The CLEAR LOG
command deletes all log files in the directory
$ORACLE_HOME/av/log
on the Audit Vault Server.
Syntax
CLEAR LOG
Example
avcli> CLEAR LOG;
A.15.3 CONNECT
Use the CONNECT
command to connect the current AVCLI user as a
different user.
The CONNECT
command enables you to connect as a different user in AVCLI
.
Syntax
CONNECT [username]
Usage Notes
-
If you have logged into to
AVCLI
without specifying a username and password, then you must use theCONNECT
command to connect as a valid user. -
For additional ways to connect to
AVCLI
, see "Using the Audit Vault Command Line Interface".
Example 1
avcli> CONNECT psmith;
Enter password: password
Connected.
Example 2
avcli> CONNECT; Enter user name: username Enter password: password Connected.
A.15.4 HELP
Use the HELP
command to list the AVCLI commands with their
categories.
The HELP
command lists all available AVCLI commands and their categories.
Syntax
HELP
Example
avcli> HELP
;
A.15.5 -HELP
Use the -HELP command to display help information for all of the AVCLI utility commands.
The -HELP
command displays version number and help information about the AVCLI
commands. Run the -HELP
command from outside of AVCLI
.
Syntax
avcli -h avcli -H avcli -help avcli -HELP
Example
avcli -help: [oracle@slc02vjp ~]$ avcli -help AVCLI : Release 12.2.0.0.0 - Production on Thu Nov 8 00:53:54 UTC 2012 Copyright (c) 1996, 2015 Oracle. All Rights Reserved. Usage 1: avcli -{h|H} | -{v|V} -{h|H} Displays the AVCLI version and the usage help -{v|V} Displays the AVCLI version. Usage 2: avcli [ [<option>] [<logon>] [<start>] ] <option> is: [-{l|L} <log level>] -{l|L} <log level> Sets the log level to the level specified. Supported log levels: INFO, WARNING, ERROR, DEBUG <logon> is: -{u|U} <username> Specifies the database account username for the database connection <start> is: -{f|F} <filename>.<ext> Runs the specified AVCLI script from the local file system (filename.ext). Valid AVCLI script files should have their file extension as '.av' (e.g. sample_script.av)
A.15.6 QUIT
Use the QUIT
command to exit AVCLI.
The QUIT
command exits AVCLI
.
Syntax
QUIT
Example
avcli> QUIT;
A.15.7 SHOW USER
Use the SHOW USER
command to display the currently logged in AVCLI
user.
The SHOW USER
command displays the currently logged in AVCLI user.
Syntax
SHOW USER
Example
avcli> SHOW USER;
A.15.8 STORE CREDENTIALS
Use the STORE CREDENTIALS
command to store administrator credentials
in AVCLI wallet, or to overwrite previously stored credentials.
The STORE CREDENTIALS
command lets you store credentials for one Oracle Audit Vault and Database Firewall administrator in the Oracle AVCLI wallet, or update existing credentials in the wallet.
Syntax
STORE CREDENTIALS [FOR USER username]
Example 1
avcli> STORE CREDENTIALS FOR USER admin1; Enter password: password Re-enter password: password
Example 2
avcli> STORE CREDENTIALS; Enter user name: admin1 Enter password: password Re-enter password: password
A.15.9 -VERSION
Use the -VERSION
command to display the AVCLI version
number.
The -VERSION
command displays the version number for AVCLI
. Run the -VERSION
command from outside of AVCLI
.
Syntax
avcli -v avcli -V avcli -version avcli -VERSION
Example
avcli -v; AVCLI : Release 12.2.0.0.0 - Production on Tue Apr 26 14:25:31 PDT 2011 Copyright (c) 2014, Oracle. All Rights Reserved.
A.16 Retention Policy AVCLI Commands
You can find general information on retention policy (or Information Lifecycle Management) related AVCLI commands.
A.16.1 APPLY RETENTION POLICY
Use the APPLY RETENTION POLICY
command to apply a
retention policy to a target. This can be applied only by a super auditor.
To apply a retention policy to a target.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
APPLY RETENTION POLICY <policy name> TO TARGET <target name>
This command applies a specific retention policy to a specified target.
Arguments
Argument | Description |
---|---|
|
The name of the policy on which the retention policy needs to be applied. |
target name |
The name of specified target for which the policy needs to be applied. |
Example
apply retention policy test_policy1 to target test_target1;
Applies policy test_policy1
to target
test_target1
.
A.16.2 CREATE RETENTION POLICY
Use the CREATE RETENTION POLICY
command to create a
retention (or lifecycle) policy. This can be created only by a super
administrator.
To create a retention policy.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
CREATE RETENTION POLICY <policy name> ONLINE MONTHS <month number> ARCHIVED MONTHS <month number>
This command creates a retention policy with the specified name and specifies the number of online months and archived months. A policy name cannot be null, start with reserved name, or be the same as an existing policy name. Only alphanumeric, underscore (_), dollar sign ($), and pound sign (#) are allowed for the policy name.
Arguments
Argument | Description |
---|---|
|
The name of the policy to be created. |
|
The number of months to be online or to be archived. The number of months for online, must be between 1 and 9000. The number of months to be archived, must be between 0 and 9000. Note: In case the above guidelines for the number of months (online and to be archived) are not followed, then an error may be observed. |
Example
create retention policy test_policy1 online months 2 archived months 3;
Creates a retention policy with the name test_policy1
and sets 2
months online and 3 months as the archival period.
A.16.3 DELETE RETENTION POLICY
Use the DELETE RETENTION POLICY
command to delete a
retention policy.
To delete a retention policy.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
DELETE RETENTION POLICY <policy name>
This command deletes the specified retention policy.
Arguments
Argument | Description |
---|---|
|
The name of the retention policy to be deleted. |
Example
delete retention policy test_policy1;
Deletes test_policy1
.
A.16.4 LIST RETENTION POLICIES
Use the LIST RETENTION POLICIES
command to view all the
retention policies.
To view all the retention policies.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
LIST RETENTION POLICIES
This command lists all retention policies.
Example
list retention policies;
Lists all the retention policies.
A.16.5 SET RETENTION POLICY AS DEFAULT
Use the SET RETENTION POLICY
command to set a retention
policy as default.
Syntax
SET RETENTION POLICY <policy name> AS DEFAULT
This command sets the specified retention policy as default.
Arguments
Argument | Description |
---|---|
policy name | The name of the retention policy to be set as default. |
Example
set retention policy '1 month online, 0 month in archive' as default;
Sets the policy 1 month online, 0 month in archive
as the default
policy.
A.16.6 SHOW RETENTION POLICY FOR TARGET
Use the SHOW RETENTION POLICY FOR TARGET
command to
display the current retention policy defined for the specified target.
To view the lifecycle policy defined for the specified target.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
SHOW RETENTION POLICY FOR TARGET <target name>
This command displays the current retention policy for the specified target.
Arguments
Argument | Description |
---|---|
target name |
The name of specified target for which the policy needs to be viewed. |
Example
show retention policy for target test_target1;
Displays the current policy for test_target1
.
A.17 Alert Policy Management AVCLI Commands
You can find general information on alert policy management related AVCLI commands.
A.17.1 DELETE ALERT POLICY
Use the DELETE ALERT POLICY
command to delete an alert
policy.
To delete an alert policy.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
DELETE ALERT POLICY <alert policy name>
This command deletes the alert policy with the specified name.
Arguments
Argument | Description |
---|---|
alert policy name |
The name of the alert policy to be deleted. |
Example
delete alert policy test_alert1;
Deletes alert policy with the specified name test_alert1
.
A.17.2 DISABLE ALERT POLICY
Use the DISABLE ALERT POLICY
command to disable an alert
policy.
To disable an alert policy.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
DISABLE ALERT POLICY <alert policy name>
This command disables the alert policy with the specified name.
Arguments
Argument | Description |
---|---|
alert policy name |
The name of the alert policy to be disabled. |
Example
disable alert policy test_alert1;
Disables the alert policy with the name test_alert1
.
A.17.3 ENABLE ALERT POLICY
Use the ENABLE ALERT POLICY
command to enable an alert
policy.
To enable an alert policy.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
ENABLE ALERT POLICY <alert policy name>
Arguments
Argument | Description |
---|---|
alert policy name |
The name of the alert policy to be enabled. |
Example
enable alert policy test_alert1;
Enables alert policy with the name test_alert1
.
A.17.4 LIST ALERT POLICIES
Use the LIST ALERT POLICIES
command to list all the
active alert policies.
Lists all the active alert policies.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
LIST ALERT POLICIES
This command lists all the active alert policies.
Example
list alert policies;
A.18 Unified Audit Policy AVCLI Commands
You can find general information on unified audit policy related AVCLI commands.
A.18.1 ENABLE UNIFIED AUDIT POLICY
Use the ENABLE UNIFIED AUDIT POLICY
command to enable a
unified audit policy.
To enable a unified audit policy for a target. This command provisions the unified audit policy specified on the target.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
ENABLE UNIFIED AUDIT POLICY <policy name> [EXCLUDE USERS <user names>] [LIST OF USERS <user names>] ON TARGET <target name>
This command provisions the unified audit policy with the specified policy name on the specific target. The policy name must be specified with the actual name.
Arguments
Argument | Description |
---|---|
policy name |
The name of policy to be provisioned or enabled. |
user names |
A list of users separated by comma. This is optional. |
target name |
The name of specific target for which the unified audit policies is to be enabled. |
EXCLUDE USERS |
Optional parameter required for LOGON EVENTS and USER ACTIVITY. The list of user names must be separated by comma. |
LIST OF USERS |
Optional parameter required for LOGON EVENTS and USER ACTIVITY. The list of user names must be separated by comma. |
Result
The job to provision audit policy is successfully submitted. The status of the job can be viewed in the Audit Vault Server console. Provisioning audit policy takes at least a minute to complete.
Examples
enable unified audit policy tp1 on target t1;
Toggles policy tp1
of target t1
to
ON.
enable unified audit policy 'User Activity' list of users 'BOB,JOHN' on target t1;
Enables User Activity
policy for users BOB and
JOHN on target t1
.
enable unified audit policy 'Logon Events' exclude users 'BOB,JOHN' on target t1;
Enables LOGON EVENTS policy for users BOB
and
JOHN
on target t1
.
Edit Unified Audit Policy
Starting Oracle AVDF 20.4, Custom and Oracle Predefined Unified policies can be enforced on users, roles, and on specific event conditions (successful, unsuccessful, or both).
Syntax
ENABLE UNIFIED AUDIT POLICY <policy name> ON TARGET <target name> [WHENEVER SUCCESSFUL | WHENEVER NOT SUCCESSFUL]
ENABLE UNIFIED AUDIT POLICY <policy name> ON TARGET <target name> FOR USERS EXCEPT <user names> [WHENEVER SUCCESSFUL] [WHENEVER NOT SUCCESSFUL]
ENABLE UNIFIED AUDIT POLICY <policy name> ON TARGET <target name> { [FOR USERS <user names> WHENEVER SUCCESSFUL] [FOR USERS <user names> WHENEVER NOT SUCCESSFUL] [FOR USERS <user names>] [FOR USERS WITH ROLES <role names> WHENEVER SUCCESSFUL] [FOR USERS WITH ROLES <role names> WHENEVER NOT SUCCESSFUL] [FOR USERS WITH ROLES <role names>]}
Arguments
Argument | Description |
---|---|
policy name |
The name of policy to be provisioned or enabled. |
target name |
The name of the specific target for which the unified audit policies have to be enabled. |
FOR USERS EXCEPT |
Optional parameter. The list of user names must be separated by comma. |
FOR USERS |
Optional parameter. The list of user names must be separated by comma. |
FOR USERS WITH ROLES |
Optional parameter. The list of roles must be separated by comma. |
WHENEVER SUCCESSFUL |
Optional parameter. The policy is enabled for success events. |
WHENEVER NOT SUCCESSFUL |
Optional parameter. The policy is enabled for fail events. |
Examples
enable unified audit policy tp1 on target t1;
Toggles policy tp1
of target t1
to ON.
enable unified audit policy on target t1 'User Activity' for users 'BOB,JOHN';
Enables 'User Activity' policy for users BOB and JOHN on
target t1
.
enable unified audit policy on target t1 'Logon Events' for users except 'BOB,JOHN';
Enables 'Logon Events' policy for users BOB and JOHN on
target t1
.
enable unified audit policy tp2 on target t1 for users 'SCOTT' whenever successful for users with roles 'DBA' whenever not successful;
Enables policy tp2
for users SCOTT whenever it is
successful and for users with granted roles dba
whenever is not
successful on target t1
.
enable unified audit policy tp3 on target t1 for users 'HR';
Enables policy tp2
for users HR for both
success/failure events on target t1
.
Enabling Security Technical Implementation Guidelines (STIG) Compliance
Starting Oracle AVDF 20.5, a new category Security Technical Implementation Guidelines (STIG) is available for Unified audit policy. Security Technical Implementation Guidelines (STIG) category can be enabled on Oracle Database targets to make the target STIG compliant. Security Technical Implementation Guidelines (STIG) category is available for Oracle Database target starting with version 21.
Syntax
ENABLE UNIFIED AUDIT POLICY "Security Technical Implementation Guidelines (STIG)" ON TARGET <target name>;
This command enables the following predefined policies available in Oracle Database version starting with 21.
Predefined Audit Policies Name | Can be enabled for users | Event Condition |
---|---|---|
|
All users |
|
|
All users |
|
|
Privileged users |
|
Privileged users are users retrieved from the user entitlement job.
In case the user entitlement job was never retrieved, then the audit provisioning job will retrieve the user entitlement first to get the privileged users before enabling the above policies in target database.
ENABLE UNIFIED AUDIT POLICY "Security Technical Implementation Guidelines (STIG)" ON TARGET <target name> FOR USERS <user names>;
This command enables following Oracle Predefined policies available in Oracle Database version starting with 21:
ORA_STIG_RECOMMENDATIONS
audit policy will be enabled for all users for both successful and failed events.ORA_LOGON_LOGOFF
audit policy will be enabled for all users for both successful and failed events.ORA_ALL_TOPLEVEL_ACTIONS
will be enabled for users provided in the enable statement for both successful and failed events.
Arguments
Argument | Description |
---|---|
target name |
The name of the specific target for which the unified audit policies have to be enabled. |
FOR USERS |
Optional parameter. The list of user names must be separated by comma. |
A.18.2 LIST UNIFIED AUDIT POLICIES
Use the LIST UNIFIED AUDIT POLICIES
command to list all
the various unified core, oracle pre-defined, custom, and all the unified policies of a
specific target.
To view all the various unified core, Oracle pre-defined, custom, and all the
unified policies of a specific target. The output is displayed in the format
|Unified Policy Name|Enabled (Yes/No)|
.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
LIST UNIFIED AUDIT CORE POLICIES FOR TARGET <target name>
This command lists all the core policies for the specified target.
LIST UNIFIED AUDIT ORACLE PREDEFINED POLICIES FOR TARGET <target name>
This command lists all the Oracle pre-defined policies for the specified target.
LIST UNIFIED AUDIT CUSTOM POLICIES FOR TARGET <target name>
This command lists all the custom policies for the specified target.
LIST UNIFIED AUDIT POLICIES FOR TARGET <target name>
This command lists all the unified policies for the specified target.
Arguments
Argument | Description |
---|---|
target name |
The name of specified target for which the unified audit policies need to be viewed. |
Examples
list unified audit policies for target tg1;
Lists all the unified audit policies (for example core, custom, and
others) for tg1
.
list unified audit oracle predefined policies for target tg1;
Lists all the Oracle pre-defined policies for tg1
.
list unified audit custom policies for target tg1;
Lists all the custom policies for tg1
.
list unified audit policies for target tg1;
Lists all the unified policies for tg1
.
A.18.3 DISABLE UNIFIED AUDIT POLICY
Use the DISABLE UNIFIED AUDIT POLICY
command to disable
a unified audit policy.
To disable a unified audit policy. This command provisions the unified audit policy specified on the target and turns it off. The policy name must be specified properly.
Note:
This command is available starting Oracle AVDF release 20.3.Syntax
DISABLE UNIFIED AUDIT POLICY <policy name> ON TARGET <target name>
Arguments
Argument | Description |
---|---|
policy name |
The name of policy to be disabled. |
target name |
The name of specific target for which the unified audit policies is to be disabled. |
Result
The job to provision audit policy is successfully submitted. The status of the job can be viewed in the Audit Vault Server console. Provisioning audit policy takes at least a minute to complete.
Examples
disable unified audit policy tp1 on target t1;
Disables the policy tp1
on t1
.
A.18.4 RETRIEVE AUDIT POLICIES
Use the RETRIEVE AUDIT POLICIES
command to retrieve
audit policies configured on the target.
Note:
This command is available starting Oracle AVDF release 20.8.Syntax
RETRIEVE AUDIT POLICIES FROM TARGET <target name>
This command retrieves audit policies configured on the specified target.
Arguments
Argument | Description |
---|---|
target name |
The name of the specific target for which the audit policies have to be retrieved. The name is case-sensitive and must be one of the registered
targets. See LIST SECURED TARGET for a list of registered targets. Special characters
( |
Result
The job to retrieve audit settings is submitted successfully. The status of the job can be viewed in the Audit Vault Server console.
In case the audit setting retrieval job fails due to connection issues, then check the connection details of the specified target.
A.19 AVCLI User Commands
You can run AVCLI user commands to create users, assign roles, reset passwords, and delete users.
A.19.1 About the User AVCLI Commands
The AVCLI
general user commands enable you to perform tasks
such as creating and dropping Oracle Audit Vault users.
A.19.2 ALTER ADMIN
Use the ALTER ADMIN
command to reset the password for an admin or
superadmin user. Only a superadmin can reset the password for an admin or superadmin
user.
The ALTER ADMIN
command resets the password of the user with admin
role. A superadmin can modify the password of the user with admin role.
Syntax
ALTER ADMIN <user name>
Arguments
Argument | Description |
---|---|
user name |
The existing user with admin role who requires a password reset. |
password |
The command prompts a password for modifying the password of the user with admin role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Example
alter admin myadmin
This command resets the password of the existing user myadmin. The password for myadmin is taken from the prompt.
Oracle AVDF 20.3 and later
This command is used to modify an ADMIN user type or reset an ADMIN user's password. This command can be run only by a SUPERADMIN user.
Syntax
ALTER ADMIN <username> ADMIN TYPE <type>
This command changes the ADMIN user's type.
ALTER ADMIN <username> CHANGE PASSWORD
This command resets the password of the specified user name. The user password is taken from the prompt.
Arguments
Argument | Description |
---|---|
user name |
The existing user with ADMIN role who requires a password reset. |
type |
Type specifies the particular type of ADMIN role being created. The type can only be either ADMIN or SUPERADMIN. |
password |
The command prompts a password for modifying the password of the user with ADMIN role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Examples
alter admin myadmin admin type admin;
Changes the type of user myadmin
to ADMIN role.
alter admin myadmin change password;
Resets the password of user myadmin
. The password for
myadmin
is taken from the prompt.
A.19.3 ALTER AUDITOR
Use the ALTER AUDITOR
command to reset the password for
existing auditors or superauditor users. Only a superauditor can reset the password for
auditors or superauditor users.
The ALTER AUDITOR
command resets the password of the user with
auditor role. A superauditor can modify the password of the user with auditor
role.
Syntax
ALTER AUDITOR <user name>
Arguments
Argument | Description |
---|---|
user name |
The existing user with auditor role who requires a password reset. |
password |
The command prompts a password for modifying the password of the user with auditor role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Example
alter auditor myauditor
This command resets the password of the existing user myauditor. The password for myauditor is taken from the prompt.
Oracle AVDF 20.3 and later
This command is used to modify an AUDITOR user type or reset an AUDITOR user's password. This command can be run only by a SUPERAUDITOR user.
Syntax
ALTER AUDITOR <username> AUDITOR TYPE <type>
This command changes the AUDITOR user's type.
ALTER AUDITOR <username> CHANGE PASSWORD
This command resets the password of the specified user name. The user password is taken from the prompt.
Arguments
Argument | Description |
---|---|
user name |
The existing user with AUDITOR role who requires a password reset. |
type |
Type specifies the particular type of AUDITOR role being created. The type can only be either AUDITOR or SUPERAUDITOR. |
password |
The command prompts a password for modifying the password of the user with AUDITOR role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Examples
alter auditor myauditor auditor type superauditor;
Modify the type of user myauditor
to SUPERAUDITOR role.
alter auditor myauditor change password;
Resets the password of user myauditor
. The password for
myauditor
is taken from the prompt.
A.19.4 CREATE ADMIN
Use the CREATE ADMIN
command to create users with the admin role.
Only a superadmin can create a user with admin role.
The CREATE ADMIN
command creates a user with admin role. A
superadmin can create a user with admin role.
Syntax
CREATE ADMIN user name
Arguments
Argument | Description |
---|---|
user name |
The name of the user being created with admin role. The user name cannot be null, start with any reserved user name, or be the same as any of the existing user role. It must be alphanumeric only and can contain underscore (_), dollar sign ($), and pound sign (#). |
password |
The command prompts a password before creating a user with admin role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Example
create admin myadmin
This command creates a user myadmin with admin role. The user password is taken from the prompt.
Oracle AVDF 20.3 and later
This command creates a user with administrator privileges. A super administrator can create a user with admin role.
Syntax
CREATE ADMIN <user name> ADMIN TYPE <type>
This command prompts a password and creates a user with the specified user name and assigns ADMIN or SUPERADMIN privileges.
Arguments
Argument | Description |
---|---|
user name |
The name of the user being created with ADMIN role. The user name cannot be null, start with any reserved user name, or be the same as any of the existing user role. It must be alphanumeric only and can contain underscore (_), dollar sign ($), and pound sign (#). It can have a maximum of 30 characters in length. |
password |
The command prompts a password before creating a user with ADMIN role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
type |
Type specifies the particular type of administrator role being created. The type can only be either ADMIN or SUPERADMIN. ADMIN gives administrator privileges, while SUPERADMIN gives super administrator privileges. |
Example
create admin myadmin admin type superadmin
Creates user myadmin
with SUPERADMIN type. The user
password is taken from the prompt.
A.19.5 CREATE AUDITOR
Use the CREATE AUDITOR
command to create users with the
auditor role. Only superauditors can create users with the auditor role.
The CREATE AUDITOR
command creates a user with the auditor role. A
superauditor can create a user with auditor role.
Syntax
CREATE AUDITOR user name
Arguments
Argument | Description |
---|---|
user name |
The name of the user being created with auditor role. The user name cannot be null, start with any reserved user name, or the same as any of the existing user role. It must be alphanumeric only and can contain underscore (_), dollar sign ($), and pound sign (#). |
password |
The command prompts a password before creating a user with auditor role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
Example
create auditor myauditor
This command creates a user myauditor with auditor role. The user password is taken from the prompt.
Oracle AVDF 20.3 and later
This command creates a user with AUDITOR privileges. A super auditor can create a user with auditor role.
Syntax
CREATE AUDITOR <username> AUDITOR TYPE <type>
This command prompts a password and creates a user with the specified user name and assigns AUDITOR privileges.
Arguments
Argument | Description |
---|---|
user name |
The name of the user being created with auditor role. The user name cannot be null, start with any reserved user name, or the same as any of the existing user role. It must be alphanumeric only and can contain underscore (_), dollar sign ($), and pound sign (#). It can have a maximum of 30 characters in length. |
password |
The command prompts a password before creating a user with auditor role. The password must have at least one uppercase letter, one lowercase letter, one digit(0-9), and one special character(.,+:_!). A password must be at least 8 characters and at most 30 bytes in length. |
type |
Type specifies the particular type of auditor role being created. The type can only be either AUDITOR or SUPERAUDITOR. AUDITOR gives auditor privileges, while SUPERAUDITOR gives super auditor privileges. |
Example
create auditor myauditor auditor type superauditor;
Creates user myauditor
with SUPERAUDITOR
type. The user password is taken from the prompt.
A.19.6 DROP ADMIN
Use the DROP ADMIN
command to drop or delete admin or superadmin
users. Only a superadmin can drop an admin or superadmin user.
The DROP ADMIN
command drops or deletes a user with admin role. A
superadmin can drop a user with admin role.
Syntax
DROP ADMIN user name
Arguments
Argument | Description |
---|---|
user name |
The existing user with admin role who needs to be dropped or deleted. |
Example
drop admin myadmin
This command drops the existing user myadmin. The command performs a cleanup, expire the password, lock the account, terminate any existing sessions for the user, and drop the user completely from the database.
A.19.7 DROP AUDITOR
Use the DROP AUDITOR
command to drop or delete auditors
or superauditor users. Only superauditors can drop an auditor or superauditor
user.
The DROP AUDITOR
command drops or deletes a user with auditor role.
A superauditor can drop a user with auditor role.
Syntax
DROP AUDITOR user name
Arguments
Argument | Description |
---|---|
user name |
The existing user with auditor role who needs to be dropped or deleted. |
Example
drop auditor myauditor
This command drops the existing user myauditor. The command performs a cleanup, expire the password, lock the account, terminate any existing sessions for the user, and drop the user completely from the database.
A.19.8 LIST ADMIN
Use the LIST ADMIN command to see administrator privileges for a specific user.
The LIST ADMIN
command lists administrator privileges for a
specific user.
Note:
This command is available starting Oracle AVDF release 20.4.Syntax
LIST ADMIN <username>
This command lists the administrator privileges for a specific user.
Argument
Argument | Description |
---|---|
username |
The specified user. |
Example
list admin scott;
Lists the administrator privileges of a specific user
scott
.
A.19.9 LIST ADMINS
Use the LIST ADMINS command to view or get a list of all users with administrator privileges.
The LIST ADMINS
command lists all users with administrator
privileges.
Note:
This command is available starting Oracle AVDF release 20.4.Syntax
LIST ADMINS
Example
list admins;
List all users with administrator privileges.
A.19.10 LIST AUDITOR
Use the LIST AUDITOR command to see auditor privileges for a specific user.
The LIST AUDITOR
command lists auditor privileges for a specific
user.
Note:
This command is available starting Oracle AVDF release 20.4.Syntax
LIST AUDITOR <username>
This command lists the auditor privileges for a specific user.
Argument
Argument | Description |
---|---|
username |
The specified user. |
Example
list auditor scott;
Lists the auditor privileges of a specific user
scott
.
A.19.11 LIST AUDITORS
Use the LIST AUDITORS command to view or get a list of all users with auditor privileges.
The LIST AUDITORS
command lists all users with auditor
privileges.
Note:
This command is available starting Oracle AVDF release 20.4.Syntax
LIST AUDITORS
Example
list auditors;
List all users with auditor privileges.
A.20 User Entitlement AVCLI Commands
You can find general information on user entitlement related AVCLI commands.
A.20.1 RETRIEVE USER ENTITLEMENT
Use the RETRIEVE USER ENTITLEMENT
command to retrieve user
entitlement configured on the target.
Syntax
RETRIEVE USER ENTITLEMENT FROM TARGET <target name>
This command retrieves user entitlement data on the specified target.
Arguments
Argument | Description |
---|---|
target name |
The name of specified target for which the user entitlement have to be retrieved. The name is case-sensitive and must be one of the registered targets. See LIST SECURED TARGET for a list of registered targets. Special characters (&<>"/;,*|=% --) cannot be used for target names. |
Result
The job to retrieve user entitlement is submitted successfully. The status of the job can be viewed in the Audit Vault Server console.
In case the user entitlement retrieval job fails due to connection issues, then check the connection details of the specified target.