A Troubleshooting Oracle Audit Vault and Database Firewall

Oracle Audit Vault and Database Firewall provides troubleshooting advice for a range of installation or upgrade scenarios.

A.1 Error When Installing Audit Vault Server in Releases 20.1 to 20.3

Learn how to resolve an error observed when installing Audit Vault Server 20.1, 20.2, or 20.3.

Problem

An error is observed when installing Audit Vault Server. This is observed only in Oracle AVDF releases 20.1 to 20.3.

Solution

The Audit Vault Server installer (ISO) file is split into 3 parts or files in Oracle AVDF releases 20.1 to 20.3. All the three ISO files have to be concatenated to get a single Audit Vault Server 20.x ISO (avdf-install.iso) before proceeding with installation.

Refer to Downloading and Verifying Oracle AVDF Software for complete information.

Starting with Oracle AVDF 20.4, there is a single Audit Vault Server ISO file and there is no need to concatenate.

A.2 Install or Upgrade Failure Due to New File System Added to Oracle AVDF

Learn how to resolve the error pertaining to new file system added to Oracle AVDF.

Problem

Pre-existing file system, LVM, or device mapper metadata may result in upgrade or installation failure.

Symptom

The symptoms of any pre-existing LVM or other device mapper metadata include, but are not limited to:

  • Two vg_root volume groups.
  • Hard drive devices becoming unavailable during install or upgrade. This may lead to input or output errors and eventually result in upgrade failure.

Solution

To remove any such metadata, follow these steps:

  1. Run the following command on the device:

    # dd of=/dev/<device name> if=/dev/zero bs=1024k

    Best Practice:

    To ensure you only erase the correct drive, place it in a standalone system to run this command. On successful completion, add the drive to Oracle AVDF appliance.
  2. Reboot the device.

  3. Verify the partition table and metadata.

Note:

This will erase data from the drive.

A.3 EFI Related Error When Installing Audit Vault Server on VMware

Learn how to resolve EFI related error when installing Audit Vault Server on VMware.

Problem

The following possible errors are observed when attempting to install Audit Vault Server on VMware:


EFI Virtual disk (0.0) … unsuccessful.
EFI VMware Virtual SATA CDROM Drive (0.0) … unsuccessful.
EFI Network …

Solution

There are important prerequisites to be followed while installing Audit Vault Server on VMware:

  • You must set VMX configuration parameter disk.EnableUUID to TRUE. This must be done to enable proper mounting of disks. Without this setting, the Audit Vault Server installation on VMware will fail.

  • You must set your virtual machine to use EFI boot. In some versions of VMware this is done by selecting the VM Options tab, then expanding Boot Options, and then choose EFI in the Firmware field. You must disable secure boot. Do not select the checkbox Enable UEFI secure boot field.

    This EFI boot setting is required only for fresh installation of Audit Vault Server specifically when the disk size is more than 2TB. This setting is not required for upgrade.

Note:

See Installing Audit Vault Server on VMware for complete information.

A.4 Pre-upgrade RPM Failure Due to Insufficient Memory

Learn how to resolve pre-upgrade RPM failure due to insufficient memory.

Problem

Installing the pre-upgrade RPM places the system in a safe state, performs multiple checks, and rearranges free space on the appliance for a safe and successful installation or upgrade of Audit Vault Server and Database Firewall.

The following error may be observed:


 AVDF::Installer::Upgrade::InvalidPreconditions
 Recommended memory is x.yy GB; system only has xx.yy MB available
 ERROR:
 AVDF::Installer::Upgrade::InvalidPreconditions
 Verifying pre-upgrade conditions failed.

Solution

Follow these steps to resolve this issue:

  1. Run the following command to find the exact version of the pre-upgrade RPM:

    rpm -qa |grep avdf-pre*
    
  2. Run the following command to uninstall and remove the pre-upgrade RPM:

    rpm -e {rpm name}
  3. Power off the host machine.

  4. Increase the memory as per the recommendation.

  5. Power on the host machine.

  6. Re-install the pre-upgrade RPM.

  7. Ensure to check the warnings related to memory are resolved.

  8. Proceed with the upgrade as per Oracle AVDF documentation.

A.5 Cannot Access the Audit Vault Server Console

Learn the workaround for when you cannot access the Audit Vault server user interface or console.

Problem

The Audit Vault Server console is not accessible.

Solution

There are two remedies that you can perform depending on when this problem occurs:

  • The problem occurs immediately after Audit Vault Server installation.

    In this case, the installation may not have been completed correctly. Perform the installation again.

  • The problem occurs after the system is already running.

    In this case, check that the disk is not full and that the Oracle Audit Vault Server database is running using this command:

    /etc/init.d/dbfwdb status

    To restart the database, use run this command as root:

    /etc/init.d/dbfwdb start

    If you have a problem restarting the database, then contact Oracle Support.

A.6 Collecting Logs to Debug Installation Failures

To collect logs for debug installation failures, follow this procedure.

Problem

You may encounter issues during installation or upgrade.

Pre-reboot installation failure

To collect logs for debugging pre-reboot installation failures, follow this procedure:

  1. During installation or upgrade, after mounting the .iso file, press Tab and interrupt the normal boot process.
  2. To collect logs, the installer must run with command line access. To enable command line access, remove the noshell from the boot option.
  3. After the failure occurs, press the Alt + Right Arrow key to access the command line.
  4. Run the following command to start the collection tool:

    python /run/install/repo/collect_diagnostics.py
  5. Follow the instructions to collect the diagnostics file.

Post-reboot installation failure

To collect logs for debugging post-reboot installation failures, follow this procedure:

  1. Using the password you have previously set, log in as root on the console or using ssh.
  2. Run the following command to start the collection tool:

    python /media/avdf-install/collect_diagnostics.py
  3. Follow the instructions to collect the diagnostics file.

Collecting the diagnostics file

Use this procedure to collect the diagnostics file for analyzing or debugging issues.

  1. The collection tool creates a diagnostic or log file in the following location:

    /root/install-diagnostics.tgz

  2. Follow the instructions that are displayed on the prompt to transfer the diagnostic file for analysis. Use the following command to transfer the file:

    scp /root/install-diagnostics.tgz <user>@<Ip address>:<Path>
  3. The following steps and commands pertaining to configuring the network are also displayed on the command prompt:

    ip addr add <IP address>/<sub net> dev <Interface>
    ip link set <Interface> up
    ip route add default via <Gateway>
  4. Use the information available in the diagnostic file for analyzing the issue. Attempt to redo the installation after addressing the issue.

Note:

Refer to MOS (Doc ID 2719385.1) for instructions on how to debug and collect logs for Oracle AVDF 20 installation issues.

A.7 Failure While Adding Disks

If you experience disk failures when adding disks during an upgrade, then use this procedure.

Problem

Failure while adding additional disk or failure during upgrade. The symptoms include, but are not limited to:

  • Two vg_root volume groups. This results in failure during install or upgrade.

  • Hard drive devices becoming unavailable during install or upgrade. This leads to input or output errors and failure.

Solution

Ensure that any disk added to the appliance has no pre-existing LVM or other device mapper metadata. To remove any such metadata, follow these steps:

  1. Execute the following command:

    dd of=/dev/<device name> if=/dev/zero bs=1024k

    Best Practice:

    To ensure you only erase the correct drive, place it in a standalone system to execute this command. On successful completion, add the drive to the Oracle Audit Vault and Database Firewall appliance.

  2. Reboot the device.

  3. Verify the partition table and metadata.

Note:

Fiber Channel based storage with multipath is supported in Oracle Audit Vault and Database Firewall release 20.1 and onwards.

A.8 Unable to Reach Gateway Error

Learn to fix incorrect Gateway details entered during installation.

Problem

Incorrect or invalid Gateway details entered while installing Audit Vault Sever or Database Firewall. The following error message may be encountered:

Gateway is not reachable from host

Solution

The Gateway details can to be corrected by following these steps:

  1. Log in to Terminal-1 as root user. Alternately, Terminal-1 can be accessed by pressing Ctrl+Alt+Right Arrow Key.
  2. Access and open the dbfw.conf file by executing this command:
    vi /usr/local/dbfw/etc/dbfw.conf
  3. Set the correct value for the GATEWAY field by overwriting the existing value.
  4. Save and close the file.
  5. Execute the command to apply the modified value:
    /usr/local/dbfw/bin/priv/configure-networking
  6. Return back to the appliance screen by pressing Ctrl+Alt+Left Arrow Key.

Note:

The network settings entered during installation can be modified, by choosing the Change IP Settings option in the installer or appliance screen.

A.9 RPM Upgrade Failed

Read the troubleshooting advice if RPM upgrades fail.

Problem

An RPM upgrade failed with the following error:

error: %post(dbfw-mgmtsvr-###) scriptlet failed, exit status 1

Solution

  1. Check that there is at least 10MB of free /tmp space.

  2. Remove the new RPM:

    rpm -e dbfw-mgmtsvr-###

  3. Retry the upgrade.

A.10 Insufficient Space Error in /var/lib/oracle File System Reported by Pre-upgrade RPM

Learn how to fix insufficient space error issue in /var/lib/oracle (lv_oracle) file system reported by pre-upgrade RPM.

Problem

An error or issue is observed when running pre-upgrade RPM. There is insufficient space in /var/lib/oracle (lv_oracle) file system.

Solution

The /var/lib/oracle file system needs a minimum of 31 GB free space for performing upgrade.

Follow these steps to clear space in /var/lib/oracle and to proceed with the upgrade process:

  1. Run the following command as grid user:

    /usr/bin/find /var/lib/oracle/grid/rdbms/audit -name '*.aud' -mtime +1 -delete

    This process may take up to one hour to complete.

  2. Create another terminal.

  3. Run the following command as grid user to remove the trc and trm files:

    rm /var/lib/oracle/diag/asm/+asm/+ASM/trace/*.tr[cm]
  4. As root user check if the /var/lib/oracle/upgrade_iso_file directory exists. Remove the ISO file in case it exists.

  5. As root user check and remove these file in case they exist.

    rm /var/lib/oracle/software/database.tar.xz
    rm /var/lib/oracle/dbfw/av/grid[12].zip
  6. Run the following command as oracle user and remove the trc and trm files:

    rm /var/lib/oracle/diag/rdbms/dbfwdb/dbfwdb/trace/*.tr[cm]
  7. Clear diagnostic logs through the Audit Vault Server console. This process may also release some additional space. In case any of the components are set to Debug, then set them to Warning.

A.11 Issue with Configuring or Managing Oracle AVDF through Oracle Enterprise Manager Cloud Control

Learn how to solve an issue with configuring or managing Oracle AVDF through Oracle Enterprise Manager Cloud Control.

Problem

Unable to configure or manage Oracle AVDF through Oracle Enterprise Manager Cloud Control.

Solution

Oracle AVDF plug-in is an interface within Oracle Enterprise Manager Cloud Control for administrators to manage and monitor Oracle AVDF components. Refer to System Monitoring Plug-in User's Guide for Audit Vault and Database Firewall in case of any issues when configuring the Oracle EM plug-in.

Refer to Compatibility with Oracle Enterprise Manager to check the supported versions of Oracle Enterprise Manager with Oracle AVDF 20.

A.12 Pre-upgrade RPM Could Not Stop Certain Processes During Oracle AVDF Upgrade

Learn how to fix warnings or errors pointed by pre-upgrade RPM while upgrading Oracle AVDF.

Problem

The pre-upgrade RPM performs necessary checks to prepare the appliance conducive for upgrade. It stops certain processes running on the appliance in due course. In some cases, some of the processes cannot be stopped by the pre-upgrade RPM. It results in the following errors or warnings:

Not all processes were stopped
target is busy

Solution

Follow these steps:

  1. The pre-upgrade RPM suggests a possible way or solution to figure out the specific processes that are still running. Follow the instructions and stop the specific processes.
  2. Uninstall the pre-upgrade RPM.
  3. Reinstall the pre-upgrade RPM.
  4. Proceed with the upgrade procedure.

A.13 Installation Stops Progressing After Entering the IP Address

Learn what to do when the installation stops progressing.

Problem

When installing Audit Vault Server, the installation stops progressing after you enter the IP address.

Solution

  1. Follow the instructions at My Oracle Support Doc ID 2719385.1 to debug and collect logs for Oracle AVDF 20 installation issues.
  2. File a service request (SR) and attach the collected diagnostic information to the SR.

A.14 No Signal Error During Post-Install Tasks

Learn what to do when you receive a "no signal" error.

Problem

During the installation you receive a "no signal" error with a green screen, and the installation takes a long time to complete.

Solution

  1. Capture the screen content.
  2. Follow the instructions at My Oracle Support Doc ID 2719385.1 to debug and collect logs for Oracle AVDF 20 installation issues.
  3. File a service request (SR) and attach the screen capture and the collected diagnostic information to the SR.