6 Testing Audit Collection Plug-ins

Find out about the testing you can do for your collection plug-ins.

Be sure to analyze your database and audit trails for other issues that require testing.

6.1 Requirements for Testing Audit Collection Plug-ins

To prepare for testing, deploy the Audit Vault Server and an Audit Vault Agent, and check your systems and audit trails.

You should prepare for testing by performing the following:

• Deploy the Audit Vault Server and an Audit Vault Agent.
• Have an available source system, a system that generates the audit events.
• Ensure that the agent is deployed on the same computer where the audit trail resides if the audit trail must be collected locally (for example, if it is written to operating system files).

6.2 Typical Audit Collection Plug-in Testing Processes

A typical audit collection testing process for collections plug-ins should look like this.

When you are testing procedures, your sequence of tasks should be similar to the following:

1. Perform functional testing:

   1. Deploy the collection plug-in in the generated .zip archive that you created earlier in your test Oracle Audit Vault Server environment.

   2. Redeploy the agent (containing the updated plug-in artifacts) into your test Oracle Audit Vault agent environment.

   3. Register the source using the AVCLI utility.

   4. Issue an AVCLI START COLLECTION command to start gathering records from the audit trail supported by this collection plug-in.

   5. Validate the process, by looking at the data reports through the AVDF Console, to ensure that:

      - Records in the source are now in the Oracle Audit Vault Server.

      - The data makes sense.

      - Fields are correctly mapped.

      - Values are valid.

   6. Issue an AVCLI STOP COLLECTION command.

   7. Undeploy the collection plug-in..

   8. Redeploy the agent as described in Step 1b.

2. Perform failure testing to see what happens when various things go wrong.

   Some examples of failure are network failure, a source shutting down in the middle of collection, a power outage, and malformed input data. In all cases, the collection plug-in should not crash, and should be able to recover gracefully, continuing collection from where it left off. The guarantee you need to provide is that each audit record is sent to the Audit Vault Server once, and exactly once, regardless of failure.

3. Analyze performance by checking how many of these components the collection plug-in uses:

   • The CPU

   • The memory

   • The disk I/O

   • The network I/O

4. Check the performance under stress.

   Some examples of stress are thirty days of continuous use, heavy event volume, or collection of trails for multiple sources at the same time, both on the same host, and on multiple hosts.

5. Perform security testing (for example, see if you can inject HTML or SQL).

6. Perform internationalization testing. Test the ability to handle data in multiple input languages.

7. If bugs are found, fix them and then repeat these steps.

   See Also:

   • Oracle Audit Vault and Database Firewall Administrator's Guide to register the source

   • Oracle Audit Vault and Database Firewall Administrator's Guide to start gathering records from the audit trail supported by this collection plug-in

   • Oracle Audit Vault and Database Firewall Administrator's Guide to undeploy the collection plug-in

6.3 Deploying an Audit Vault Agent

See how you register an Agent, create an Agent home directory, install the Agent, and start the Agent.

This Agent can be on the same computer as the Audit Vault Server, or on a different one.

1. Register the Agent host using the AVCLI command REGISTER HOST.
2. Create a directory ($AGENT_HOME) on the Agent host.
3. Copy the agent.jar from the Audit Vault Server $ORACLE_HOME/av/jlib/agent.jar to the $AGENT_HOME.
4. Install the Agent using following command:

   $ java -jar agent.jar -d $AGENT_HOME
   

5. Start the Agent using -key option. When prompted, enter the activation key that was provided by the Oracle AVDF administrator. As you type it, this key is not displayed.

   $ $AGENT_HOME/bin/agentctl start -key
   Enter activation key: 
   

   Subsequently, starting the Agent does not require the user to provide the activation key. The Agent can be started using the following command:

   $ $AGENT_HOME/bin/agentctl start
   

It can take several seconds before the Agent comes to a complete stop, and the Agent process is shut down.

Activation is a one time activity. You do not have to do it again.

You can stop the Agent at any time by using the following command:

$ $AGENT_HOME/bin/agentctl stop

6.4 Redeploying the Oracle Audit Vault Agent

While testing the collection plug-in, it can be necessary to redeploy the agent for various reasons.

Before you redeploy an agent, .the agent must be already set up, and a directory created.

1. Copy the agent.jar from the Audit Vault Server to a local directory.
2. Update the agent by using the following command:

   $ java -jar agent.jar -d $AGENT_HOME
   

3. Start the agent with the $AGENT_HOME/bin/agentctl start command.

Note:

The agent automatically determines if it is an upgrade or a new install depending on the destination directory provided to the java -jar agent.jar command.