D55406GC10 Ag

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
a ble
r
a nsfe
n- t r
a no
Implementing h a s Oracleฺ Audit
) i d e
Vaultcom Gu
a ilฺ ent
@ gmActivity
S
d
tuGuide
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
D55406GC10
Edition 1.0
August 2010
D68649
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and
print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way.
Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display,
perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization
of Oracle.
The information contained in this document is subject to change without notice. If you find any problems in the document, please
report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Restricted Rights Notice
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United
States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS
le
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted
by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract.
r a b
Trademark Notice
a n sfe
n- t r
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective
no
owners.
a
s ฺ
Author h a
) uide
o m
ilฺc ent G
Donna Keesling
a
Technical Contributors and Reviewers gm tud
a @ S
nJoel Goodman,
is Patricia Huey, Vipul M. Shah,
Tammy Bednar, Heinz-Wilhelm Fabry,
ฺr u j t h
Rodney Ward
c a u s e
( r alu e to
This book was capublished
e s Oracle Tutor
nusing:
l u li c
n Ra
ja
Ru
Table of Contents
Practices for Lesson 1 .....................................................................................................................................1-1

There are no practices for Lesson 1...............................................................................................................1-3

Practices for Lesson 2....................................................................................................................................2-3

Practice 2-1: Installing Oracle Audit Vault Server...........................................................................................2-4
Practice 2-2: Installing Oracle Audit Vault Patch Set 2...................................................................................2-18
Practice 2-3: Verifying the Availability of Oracle Audit Vault Server ...............................................................2-33
Practice 2-4: Logging In to the Audit Vault Console .......................................................................................2-36
Practice 2-5: Managing the Audit Vault Database Instance ...........................................................................2-38

a b le
Practice 3-1: Creating a Collection Agent User and Registering the Collection Agent ...................................3-4
r
Practice 3-2: Installing the Oracle Audit Vault Collection Agent .....................................................................3-5
a n sfe
t r
Practice 3-3: Installing Oracle Audit Vault Patch Set 2...................................................................................3-13
n-
no
Practice 3-4: Using Audit Vault Console to View Agent Information...............................................................3-25
s ฺ a
h
) uide a
o m
Practice 4-1: Setting Environment Variables ..................................................................................................4-4
a ilฺc ent G
Practice 4-2: Creating a User Account on the Source Database ...................................................................4-5
gm Stud
Practice 4-3: Verifying Source Database Compatibility ..................................................................................4-7
@
j a n his
Practice 4-4: Registering the Source Database with Oracle Audit Vault ........................................................4-11
ฺr u t
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault ...................................................................4-13
e
c a u s
r a lu
Practice 4-6: Enabling the Agent to Run the Collectors .................................................................................4-17
t o
( nse
Practice 4-7: Starting the Collectors ...............................................................................................................4-18
a
c
Practices for Lesson 5
i c e
luLesson 5.....................................................................................................................................5-1
a l
j a n R 5-1: Retrieving Audit Settings ...........................................................................................................5-4
Practices for ....................................................................................................................................5-3
Ru Practice
Practice 5-2: Viewing and Activating Audit Settings .......................................................................................5-10
Practice 5-3: Creating a Capture Rule ...........................................................................................................5-14
Practice 5-4: Configuring Fine-Grained Auditing Policies ...............................................................................5-17

Practice 6-1: Creating an Email Notification Profile ........................................................................................6-4
Practice 6-2: Creating Templates for Notification ...........................................................................................6-6

Practice 7-1: Generating Audit Records .........................................................................................................7-4
Practice 7-2: Viewing Audit Vault Default Reports .........................................................................................7-5
Practice 7-3: Viewing Entitlement Audit Data .................................................................................................7-10
Practice 7-4: Using Ad Hoc Reporting Features.............................................................................................7-13
Practice 7-5: Using Compliance Reports .......................................................................................................7-19
Practice 7-6: Creating and Scheduling PDF Reports .....................................................................................7-21
Practice 7-7: Attesting Reports.......................................................................................................................7-25
$FWLYLW\ Guide Table of Contents

i
Practice 8-1: Verifying that Alert Processing is Enabled ................................................................................8-4
Practice 8-2: Creating an Alert Status Value ..................................................................................................8-5
Practice 8-3: Creating Alerts ..........................................................................................................................8-7
Practice 8-4: Responding to Alerts .................................................................................................................8-9

Practice 9-1: Changing the AV_ADMIN User Password ................................................................................9-4
Practice 9-2: Updating the Password Credentials in the Wallet .....................................................................9-5
Practices for Lesson 10 ...................................................................................................................................10-1

Practices for Lesson 10..................................................................................................................................10-3
Practice 10-1: Viewing the Audit Vault Collection Agent Log Information ......................................................10-4
Practice 10-2: Viewing Audit Vault Collector Log Information ........................................................................10-5
a b le
r
sfe
Practices for Lesson 11 ...................................................................................................................................11-1
a n
Practices for Lesson 11..................................................................................................................................11-3
t r
Practice 11-1: Setting the Audit Vault Data Warehouse Retention Period .....................................................11-4
no n-
Practice 11-2: Purging Data from the Data Warehouse .................................................................................11-5
a
s ฺ
h a
) uide
o m
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
$FWLYLW\ Guide Table of Contents

ii
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 1
)
m Gu i d e
ฺ c1o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 1 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 1 - Page 2
Practices Overview
There are no practices for Lesson 1.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 1 - Page 3
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 1 - Page 4
a ble
r
a nsfe
n- t r
a no
)
m Gu i d e
ฺ c2o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 2 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 2 - Page 2
Practices Overview
In these practices, you will install Oracle Audit Vault Server 10.2.3.2. In addition you will launch
Oracle Audit Vault Console and begin to explore its capabilities.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 2 - Page 3
Practice 2-1: Installing Oracle Audit Vault Server
Overview
In this practice you install Oracle Audit Vault Server.
Assumptions
Oracle Audit Vault software has been staged in the $HOME/av_installmedia directory.
Tasks
1. Open a terminal window and verify the settings for the following environment variables. Log
in as the oracle user if the terminal window does not default to the oracle user. You can
use the $HOME/labs/setavs_vars.sh script to set the environment variables properly
or you can manually set them as necessary. Note that the environment variables have been
set for your Oracle Database 11g source database, so you must “unset” them prior to
installing Oracle Audit Vault. a ble
r
Environment Variable Setting
a nsfe
ORACLE_SID Null n- t r
Nulla no
ORACLE_HOME
h a s ฺ
TNS_ADMIN Null
m ) uide
o G
PATH
ilฺc entcomponents
No ORACLE_HOME
a
LD_LIBRARY_PATH
@ gNomORACLE_HOME
S tud components
j a n his
ฺr u e t
c
$ echo $ORACLE_SID a u s
$ orcl
r a lu t o
a ( nse
c
$ echo
u lice$ORACLE_HOME
l/u01/app/oracle/product/11.2.0/dbhome_1
R a
$
jan $ echo $TNS_ADMIN
Ru $
$ echo $PATH
/usr/kerberos/bin:/u01/app/oracle/product/11.2.0/dbhome_1/bin:/u
sr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/loca
l/bin:/usr/X11R6/bin:/usr/NX/bin
$ echo $LD_LIBRARY_PATH
$
$ cd labs
$ . ./setavs_vars.sh
$ echo $PATH
/usr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/lo
cal/bin:/usr/X11R6/bin
$ echo $ORACLE_SID

Chapter 2 - Page 4
$ echo $ORACLE_HOME
$ echo $ORACLE_BASE
/u01/app/oracle
$ echo $TNS_ADMIN
$
2. Change to the $HOME/av_installmedia/avserver directory and invoke the Oracle
Universal Installer (OUI).
Note: When you invoke the OUI you may receive an error and prompt as follows:
>>> Could not execute auto check for display colors using command
/usr/X11R6/bin/xdpyinfo. Check if the DISPLAY variable is set.
Failed <<<<
a ble
Some optional pre-requisite checks have failed (see above).
r
Continue? (y/n) [n]
a nsfe
Respond y to continue with the installation. The OUI will operate correctly despite this error
n- t r
message.
a no
$ cd $HOME/av_installmedia/avserver
h a s ฺ
$ ./runInstaller
m ) uide
o t G Click Next.
a ilฺc eInstallation.
3. On the Select Installation Type page, select Advanced
n
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru

Chapter 2 - Page 5
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( Installation
n se Details page, enter the following information:
c
4. On the Advanced
u Name e
R alField lic Value
ja n
Ru Audit Vault Name
av
Audit Vault Home /u01/app/oracle/oracle/product/10.2.3/av_1
Audit Vault Administrator avadmin1
Administrator Password oracle_1
Audit Vault Auditor avaudit1
Auditor Password oracle_1
Click Next.

Chapter 2 - Page 6
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( VaultnsUser
e Credentials page, enter the following information:
c
5. On the Database
e
R alu Field licName Value
ja n
Ru Database Vault Owner
dbvowner1
Owner Password dbvoracle_1
Database Vault Account Manager dbvacct1
Account Manager Password dbvoracle_1
Click Next.

Chapter 2 - Page 7
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a (to install”
n sewindow is displayed. The Product-Specific Prerequisite Checks
6. c
The “Preparing
pageaislu
e
R licAfter the checks complete, click Next.
displayed.
ja n
Ru

Chapter 2 - Page 8
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
On the Specify(Database seStorage
7.
c a e n Option page, enter /u01/app/oracle/oradata/av in
a lu lic
the “Specify Database file location” field. Click Next.
ja nR
Ru

Chapter 2 - Page 9
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
8. On the Specify(Backup s e Recovery Options page, select “Do not enable Automated
and
c a e n
lu lic
backups.” Click
aoption Next.
R
This is selected in this course due to system constraints. You should select “Enable
nAutomated Backups”
j a
Ru
as a best practice in your own installation.

Chapter 2 - Page 10
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
9. a
On the Specify (Database
n seSchemainPasswords page, select “use the same password for all
c
lu lic
the accounts.” Entere the Enter Password field. Click Next.
a oracle_4U
nInRthis course, the same password is used for all the accounts to make it easier for you to
ja work through the practices. You should use different passwords for each account as a best
Ru practice in your own installation.

Chapter 2 - Page 11
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
10. The Summary (page is displayed.
stoeinstall Oracle
Review the information for the Oracle Audit Vault
c a e n
a lu lic
installation. Click Install Audit Vault Server.
j a nR
Ru

Chapter 2 - Page 12
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( appears
11. The Install page
n seshowing the progress of the installation. The Configuration
c e
alu Configuration
Assistants
RDatabase
12. nThe
page
lic
appears.
Assistant page appears. When the Database Configuration
j a
Ru Assistant window appears, click OK.

Chapter 2 - Page 13
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu scripts”
t o
a ( nse
13. The “Execute Configuration window appears. Open a new terminal window and log
c user.eExecute the root.sh script as directed. Do not overwrite the existing
alu lic
in as the root
R
files.
u jan # cd /u01/app/oracle/oracle/product/10.2.3/av_1
R # ./root.sh
Running Oracle 10g root.sh script...
The following environment variables are set as:

ORACLE_OWNER= oracle
ORACLE_HOME= /u01/app/oracle/oracle/product/10.2.3/av_1
Enter the full pathname of the local bin directory:

[/usr/local/bin]: <enter>
The file "dbhome" already exists in /usr/local/bin. Overwrite
it? (y/n)
[n]: <enter>
The file "oraenv" already exists in /usr/local/bin. Overwrite
it? (y/n)
[n]: <enter>

Chapter 2 - Page 14
The file "coraenv" already exists in /usr/local/bin. Overwrite
it? (y/n)
[n]: <enter>
Entries will be added to the /etc/oratab file as needed by

Database Configuration Assistant when a database is created

Finished running generic part of root.sh script.
Now product-specific root actions will be performed.
#
14. After you have executed the root.sh script, return to the “Execute Configuration scripts”
window and click OK.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
15. The End of Installation page appears. Make note of the URLs for Audit Vault Console and
Enterprise Manager Database Control. Click Exit to exit the Oracle Universal Installer.

Chapter 2 - Page 15
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( that
16. Click Yes toaconfirm
n e want to exit the Oracle Universal Installer.
syou
c e
R alu lic
u jan
R

Chapter 2 - Page 16
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 2 - Page 17
Practice 2-2: Installing Oracle Audit Vault Patch Set 2
Overview
In this practice you install Oracle Audit Vault Patch Set 2 (10.2.3.2.0).
Assumptions
Oracle Audit Vault Server 10.2.3 was installed successfully in Practice 2-1.
Tasks
1. Use the oraenv utility to set your ORACLE_SID and ORACLE_HOME environment variables
for the Audit Vault Server database instance.
$ . oraenv
ORACLE_SID = [oracle] ? av
a b le
r
The Oracle base for
ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is a nsfe
/u01/app/oracle n- t r
$
a no
2. Shut down the Oracle Audit Vault Console. h a s ฺ
m ) uide
$ avctl stop_av o
AVCTL started a ilฺc ent G
Stopping OC4J...
@ gm Stud
OC4J stopped successfully.j a n his
ฺr u e t
$
c a
u the SYS u s
r a las t o
a ( nse
3. Log in to SQL*Plus user. Recall that the password is oracle_4U.
c
lu lic/nolog
$ sqlplus e
a
j a n RSQL*Plus: Release 10.2.0.3.0 - Production on Tue May 18
Ru
11:15:20
2010
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
SQL> connect sys/ as sysoper

Enter password: *********
Connected.
SQL>
4. Shut down the Audit Vault Server database instance. Exit from SQL*Plus.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit

Chapter 2 - Page 18
Disconnected from Oracle Database 10g Enterprise Edition Release
10.2.0.3.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Oracle Database Vault options
$
5. Stop the listener.

$ lsnrctl stop
LSNRCTL for Linux: Version 10.2.0.3.0 - Production on 18-MAY-

2010 11:25:16
Copyright (c) 1991, 2006, Oracle. All rights reserved.
a ble
Connecting to r
(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
a nsfe
The command completed successfully
n- t r
$
a no
6. Confirm that the NLS_LANG , ORACLE_HOME and TNS_ADMIN
h a s ฺ variables are
environment
not set. Unset any that are set.
m ) uide
o
$ echo $NLS_LANG
a ilฺc ent G
gm Stud
$ echo $ORACLE_HOME n@
u j a t h is
c a ฺr s e
/u01/app/oracle/oracle/product/10.2.3/av_1
alu e to
$ unset ORACLE_HOME u
( r
ca icens
$ echo $ORACLE_HOME
l u
n R$a echo $TNS_ADMIN
l
ja
Ru
$
7. Change directories to the $HOME/av_installmedia/avpatch/Disk1 directory where
Oracle Audit Vault Patch Set 2 (10.2.3.2.0) is staged.
$ cd $HOME/av_installmedia/avpatch/Disk1
[Disk1]$
8. Invoke the Oracle Universal Installer.
[Disk1]$ ./runInstaller
9. On the Welcome page, click Installed Products.

Chapter 2 - Page 19
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
10. Review the a ( nsand
information e make note of the Oracle Audit Vault Server home. Click Close
c e
aluto the Welcome
to return
R lic page.
u jan
R

Chapter 2 - Page 20
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
11. Click Next on the Welcome
c a ฺrpage. se t
u
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru

Chapter 2 - Page 21
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a
12. On the Specify (HomenDetails
se page, select your Oracle Audit Vault Server home from the
c e
R alu lic
Name field list. Click Next.
u jan
R

Chapter 2 - Page 22
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( to receive
13. Deselect “I wish n sesecurity updates via My Oracle Support.” Click Next.
c e
lu is deselected
This a
R option lic in the Oracle University classroom because email support is not
ja nprovided. In your own configuration, you should supply your email address and password,
Ru and select the option to receive security updates.

Chapter 2 - Page 23
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( that
14. Click Yes to confirm
n e do not wish to receive updates in the classroom.
syou
c e
R alu lic
u jan
R

Chapter 2 - Page 24
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nPrerequisite
15. The Product-Specific se Checks page appears. Click Next when the checks
c e
alu lic
complete.
R
u jan
R

Chapter 2 - Page 25
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r aluis displayed.
16. The Summary (page e t o
c a n s Click Install.
a lu lice
j a nR
Ru

Chapter 2 - Page 26
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( page
17. The Install progress
n seis displayed.
c e
R alu lic
u jan
R

Chapter 2 - Page 27
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( Assistants
18. The Configuration
n se page is displayed. Note that it takes 45–50 minutes for the
c
u assistants e
alwhile
configuration
R lic to execute, so your instructor may choose to present the next
jan
lesson the configuration assistants execute.
R u

Chapter 2 - Page 28
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a
19. The “Execute ( nse scripts” window is displayed.
Configuration
c
lu lice
a
j a nR
Ru

Chapter 2 - Page 29
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu andtlog o
20. Open a terminal
a ( nse in as the root user. Execute the root.sh script as
window
c
lu Do not
instructed.
i c e
overwrite the files.
a l
j a n R$Password:
su -
Ru ******
# cd /u01/app/oracle/oracle/product/10.2.3/av_1
# ./root.sh

ORACLE_HOME= /u01/app/oracle/oracle/product/10.2.3/av_1

[/usr/local/bin]: <enter>
it? (y/n)
[n]: <enter>
it? (y/n)

Chapter 2 - Page 30
[n]: <enter>
it? (y/n)
[n]: <enter>

# exit
$ exit
21. Return to the “Execute Configuration scripts” window. Click OK.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
22. The End of Installation page is displayed. Click Exit to exit from the Oracle Universal
Installer.

Chapter 2 - Page 31
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( that
syou
c e
R alu lic
u jan
R

Chapter 2 - Page 32
Practice 2-3: Verifying the Availability of Oracle Audit Vault Server
Overview
In this practice you verify that Oracle Audit Vault Server is available.
Assumptions
Practices 2-1 and 2-2 were successfully completed.
Tasks
1. Use the oraenv utility to set your ORACLE_SID and ORACLE_HOME environment variables.
$ . oraenv
ORACLE_SID = [av] ? av
The Oracle base for
ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is
a b le
r
sfe
/u01/app/oracle
2. Log in to SQL*Plus and connect as the SYSTEM user. Verify that the Oracle Audit Vault
t r a n
no
Server database instance is started and that the database is open. Recall that the n-
password for SYSTEM is oracle_4U. Exit from SQL*Plus. a
s ฺ
$ sqlplus /nolog h a
) uide
o m
lฺc ent Gon Tue May 18
SQL*Plus: Release 10.2.0.4.0 -aiProduction 13:53:44
2010
@ gm Stud
j a n his
ฺr u e tOracle. All Rights Reserved.
c a
Copyright (c) 1982, 2007,
u s
r a lu t o
a ( nsystem
SQL> connect se
c e
R alu password:
Enter lic *********
ja n Connected.
Ru
SQL> select open_mode from v$database;
OPEN_MODE
----------
READ WRITE
SQL> exit
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
$
3. Verify that the listener is started.
[av Disk1]$ lsnrctl status

Chapter 2 - Page 33
2010 14:01:53

Connecting to
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.4.0
- Production
Start Date 18-MAY-2010 12:21:36
a ble
r
Uptime 0 days 1 hr. 40 min. 17 sec
a nsfe
Trace Level off
n- t r
Security ON: Local OS Authentication
a no
SNMP OFF
h a s ฺ
Listener Parameter File
m ) uide
o
ilฺc ent G
/u01/app/oracle/oracle/product/10.2.3/av_1/network/admin/listene
r.ora
a
Listener Log File
@ gm Stud
a n his
/u01/app/oracle/oracle/product/10.2.3/av_1/network/log/listener.
j
log
ฺr u e t
c a u s
r a lu
Listening Endpoints Summary...
t o
( nse
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))
a
c
lu lice
R a
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=edp1.us.oracle.com)(PO
ja n RT=1522)))
Ru
RT=5707))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for
this service...
Service "av.us.oracle.com" has 1 instance(s).
Instance "av", status READY, has 1 handler(s) for this
service...
Service "avXDB.us.oracle.com" has 1 instance(s).
service...
Service "av_XPT.us.oracle.com" has 1 instance(s).
service...

Chapter 2 - Page 34
$
4. Verify that Enterprise Manager Database Control is started.
$ emctl status dbconsole
TZ set to UTC
Oracle Enterprise Manager 10g Database Control Release

10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation. All rights
reserved.
http://edp1.us.oracle.com:5500/em/console/aboutApplication
Oracle Enterprise Manager 10g is running.
----------------------------------------------------------------
Logs are generated in directory
a ble
/u01/app/oracle/oracle/product/10.2.3/av_1/edp1.us.oracle.com_av
r
/sysman/log
a nsfe
$
n- t r
5. Verify that the Audit Vault Console is started.
a no
$ avctl show_av_status
h a s ฺ
TZ set to UTCOracle Audit Vault 10g Database
o m de
) uiControl Release
10.2.3.2.0
a ฺc nt G
ilCorporation.
Copyright (c) 2006, 2009 Oracle
g m u d e All rights
t
n@ his S
reserved.
j a
ฺru10g sise trunning.
http://edp1.us.oracle.com:5700/av
Oracle Audit c a
Vault
u
r a lu t o
( nse
------------------------------------
a
c e
lu are ligenerated
c
a
n R/u01/app/oracle/oracle/product/10.2.3/av_1/av/log
Logs in directory
ja
Ru $

Chapter 2 - Page 35
Practice 2-4: Logging In to the Audit Vault Console
Overview
In this practice you log in to the Audit Vault Console.
Assumptions
Practice 2-3 was completed successfully.
Tasks
1. Open a browser and enter the following URL:
http://<host name>:<Audit Vault Console port>/av
2. Enter the following information:
Field Name Value
a ble
User Name avadmin1 r
Password oracle_1
a nsfe
n- t r
Connect As
no
AV_ADMIN
a
h a s ฺ
Click Login.
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
3. Click “I Agree” on the “Oracle Database 10g Licensing Information” page.

4. The Collectors page is displayed. You have not yet configured any collectors. Click
Configuration.

Chapter 2 - Page 36
5. The Source Configuration Management page is displayed. Click Agent.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
lฺc ent G
a i
g m the Oracle
6. The Agent page is displayed. You will install
t u d Audit Vault agent in the next lesson.
Click Logout.
j a n@ his S
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru
7. Close the browser.

Chapter 2 - Page 37
Practice 2-5: Managing the Audit Vault Database Instance
Overview
In this practice you log in to Enterprise Manager Database Control for the Audit Vault database
instance and increase the size of the flash recovery area.
Assumptions
Practices 2-1 and 2-2 were successfully completed.
Tasks
1. Open a browser and enter the following URL:
http://<host name>:<Enterprise Manager Database Control port>/em
2.
Field Name Value
a ble
r
User Name system
a nsfe
Password oracle_4U
n- t r
Connect As a
Normalno
h a s ฺ
m ) uide
Click Login.
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
3. Click “I agree” on the “Oracle Database 10g Licensing Information” page.

4. Navigate to the Recovery Settings page (Maintenance > Recovery Settings). Scroll to the
Flash Recovery Area. Change the value in the Flash Recovery Area Size field to 5. Click
Apply.

Chapter 2 - Page 38
a ble
r
a n sfe
t r
nof- Enterprise
5. A message is displayed indicating that changes have been made. Log o
out
Manager Database Control. a n
a s
h ideฺ
)
l ฺ c om t Gu
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
6. Close the browser.

Chapter 2 - Page 39
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 2 - Page 40
a ble
r
a nsfe
n- t r
a no
)
m Gu i d e
ฺ c3o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 3 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 3 - Page 2
Practices Overview
In these practices, you will install the Oracle Audit Vault Collection Agent.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 3 - Page 3
Practice 3-1: Creating a Collection Agent User and Registering the
Collection Agent
Overview
In this practice you create an Audit Vault collection agent user in the Audit Vault Server
database and register the collection agent with Audit Vault Server.
Assumptions
The practices for Lesson 2 were completed successfully.
Tasks
1. Open a terminal window. Use the oraenv utility to set the ORACLE_SID and
ORACLE_HOME environment variables for your Audit Vault Server database. You may keep
this terminal window open to use in later practices.
a ble
r
sfe
$ . oraenv
ORACLE_SID = [av] ?
t r a n
The Oracle base for
ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is no n-
s ฺa
/u01/app/oracle
$ h a
) uide
o m
c collection Gagent user and register the
2. Use the AVCA add_agent command to create
a i lฺthe n t
e information:
g m the
collection agent with Oracle Audit Vault. Specify
t u dfollowing
Argument
j a n@ his S Value
ฺr u t
e avagent1
agentname
c a u s
agenthost
( r alu e to hostname of your system
agentlu a
c name en s
a
user
l
R user password i c avagentuser
j a nagent avagentpass
Ru
$ avca add_agent \
> -agentname avagent1 -agenthost <hostname>
Enter agent user name: avagentuser
Enter agent user password: ***********
Re-enter agent user password: ***********
Agent added successfully.
$
Practice 3-1: Creating a Collection Agent User and Registering the Collection Agent
Chapter 3 - Page 4
Practice 3-2: Installing the Oracle Audit Vault Collection Agent
Overview
In this practice you install the Oracle Audit Vault collection agent.
Assumptions
Tasks
1. Change to the $HOME/av_installmedia/avagent/linux_x32 directory.
$ cd $HOME/av_installmedia/avagent/linux_x32
[linux_x32]$
2. Invoke the Oracle Universal Installer.
a ble
[linux_x32]$ ./runInstaller
r
3. On the Agent Details page, specify the following information:
a nsfe
n- t r
no
Field Value
Audit Vault Agent avagent1 a
s ฺ
Name h a
) uide
o m
ilฺc ent G
Audit Vault Agent /u01/app/oracle/oracle/product/10.2.3/av_agent_1
Home a
m tud
Agent User Name avagentuser@g
j a n his S
Agent User ฺru se t
avagentpass
c a
Password
a lu t o u
Connect String(
a r se
<hostname>:1522:av.us.oracle.com
c e n
R alu lic
jan
Ru

Chapter 3 - Page 5
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
Click Next. a ( se
c e n
lu lic Prerequisite Checks page is displayed. After the checks complete,
4. aNext.
The Product-Specific
R
ja nclick
Ru

Chapter 3 - Page 6
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
se
c a e n Click Install.
R alu lic
u jan
R

Chapter 3 - Page 7
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( appears.
6. The Install page
a n se
c e
R alu lic
u jan
R

Chapter 3 - Page 8
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
7. a ( Assistants
The Configuration
n se page appears.
c e
R alu lic
ja n
Ru

Chapter 3 - Page 9
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( nse scripts” page appears. Open another terminal window and log
8. The “Execute Configuration
a
in as the c
lu user.
root
i c eExecute the root.sh script as directed. Close this terminal window.
a l
j a n R$Password:
su -
Ru ******
# cd /u01/app/oracle/oracle/product/10.2.3/av_agent_1
# ./root.sh

ORACLE_HOME=
/u01/app/oracle/oracle/product/10.2.3/av_agent_1

[/usr/local/bin]:
it? (y/n)
[n]:

Chapter 3 - Page 10
it? (y/n)
[n]:
it? (y/n)
[n]:

# exit
$ exit
a ble
9. Return to the “Execute Configuration scripts” page and click OK. r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
10. The End of Installation page appears. Click Exit to exit the Oracle Universal Installer.

Chapter 3 - Page 11
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( that
11. Click Yes to confirm
syou
c e
R alu lic
u jan
R

Chapter 3 - Page 12
Overview
In this practice you install Oracle Audit Vault Patch Set 2 on the Audit Vault Collection Agent.
Assumptions
Tasks
1. Open a new terminal window and set the following environment variables for the Audit Vault
Collection Agent. You can use the $HOME/labs/setava_vars.sh script to set the
environment variables or manually set them. You may keep this terminal window open to
use in later practices.
Variable Value
a b le
ORACLE_HOME /u01/app/oracle/oracle/product/10.2.3/av_agent_1 fer
n s
LD_LIBRARY_PATH $ORACLE_HOME/lib
n - tra
PATH $PATH:$ORACLE_HOME/bin
a no
h a s ฺ
$ cd labs m ) uide
o
$ . ./setava_vars.sh
a ilฺc ent G
$ echo $ORACLE_HOME
@ gm Stud
j a n his
ฺr
$ echo $LD_LIBRARY_PATHu e t
c a u s
r a lu t o
/u01/app/oracle/oracle/product/10.2.3/av_agent_1/lib
a ( nse
$ echo $PATH
c
lu lice
a
/u01/app/oracle/product/11.2.0/dbhome_1/bin:/usr/kerberos/bin:/u
ja n Rsr/local/bin:/bin:/usr/bin:/usr/NX/bin:/usr/X11R6/bin:/usr/NX/bi
Ru
n:/usr/NX/bin:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/b
in
$
2. Unset the following environment variables: ORACLE_SID, TNS_ADMIN, and TWO_TASK
$ unset ORACLE_SID
$ echo $ORACLE_SID
$ unset TNS_ADMIN
$ echo $TNS_ADMIN
$ unset TWO_TASK
$ echo $TWO_TASK

Chapter 3 - Page 13
3. Verify that all environment variables are set correctly by invoking the AVCTL utility. If the
environment variables are not set correctly, you will not be able to invoke AVCTL.
$ avctl -help
--------------------------------------------
AVCTL Usage
--------------------------------------------
Oracle Audit Vault Control commands - Agent OC4J:
avctl start_oc4j [-loglevel error|warning|info|debug]
avctl stop_oc4j
avctl show_oc4j_status
avctl -help
a b le
$
fer
n s
tra
4. Stop the Oracle Audit Vault Collection Agent by executing the AVCTL stop_oc4j
command.
n -
$ avctl stop_oc4j a no
AVCTL started
h a s ฺ
m ) uide
Stopping OC4J...
o
OC4J stopped successfully.
a ilฺc ent G
$
@ gm Stud
5. Unset the NLS_LANG and ORACLE_HOME j a n henvironment
is variables.
ฺ r u e t
$ unset NLS_LANG
u c a us
a l t o
(r nse
$ echo $NLS_LANG
a
c
u ORACLE_HOME
lunset i c e
a l
n R$ echo $ORACLE_HOME
$
j a
Ru
$
6. Change to the $HOME/av_installmedia/avpatch/Disk1 directory and invoke the
Oracle Universal Installer.
$ cd $HOME/av_installmedia/avpatch/Disk1
[Disk1]$ ./runInstaller
7. The Welcome page is displayed. Click Installed Products to display the Inventory page.

Chapter 3 - Page 14
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( isndisplayed.
8. The Inventory page se home.Note the second OraAV10g Oracle Home. This is the
c
lu lic
Audit Vault e
Collection Agent Click Close to return to the Welcome page.
a
j a nR
Ru

Chapter 3 - Page 15
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
a ฺr Next. se t
9. On the Welcome page, click
c
u
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru

Chapter 3 - Page 16
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
10. On the Specify a (HomenDetails
seyou identified
page, click the arrow at the end of Name field to access the
c
lu lic
list. Select the name ethat in an earlier step as the Audit Vault Collection agent
a
j a nR
home.
Ru

Chapter 3 - Page 17
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
11. On the Specify(Home Details
se page, the path is now set correctly for the Audit Vault
c a e n
alu lic
Collection Agent. Click Next.
R
u jan
R

Chapter 3 - Page 18
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nPrerequisite
12. The Product-Specific se Checks page is displayed. After the checks complete,
c e
alu lic
click Next.
R
u jan
R

Chapter 3 - Page 19
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
se
c a e n Click Install.
R alu lic
u jan
R

Chapter 3 - Page 20
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( is displayed.
14. The Install page
n se
c e
R alu lic
u jan
R

Chapter 3 - Page 21
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( Assistants
15. The Configuration
n se pagepage is displayed. After the configuration assistants
c
lu lic
complete, the End e
of Installation is displayed. Click Exit to exit the Oracle Universal
a
j a nR
Installer.
Ru

Chapter 3 - Page 22
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( that
n e want to exit.
syou
c e
R alu lic
u jan
R
17. Reset the ORACLE_HOME environment variable. Use the AVCTL show_agent_status
command to verify that the Audit Vault Collection Agent is running.
$ ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_agent_1

Chapter 3 - Page 23
$ echo $ORACLE_HOME
$ export ORACLE_HOME
$ avctl show_agent_status
------------------------------------
Agent is running
------------------------------------
$
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 3 - Page 24
Practice 3-4: Using Audit Vault Console to View Agent Information
Overview
In this practice you log in to the Audit Vault Console and view information about the Audit Vault
Collection Agent.
Assumptions
Tasks
1. Open a browser and enter the following the URL:
http://<host name>:<Audit Vault Console port>/av
2. Enter the following information:
Field Value
a ble
r
User Name avadmin1
a nsfe
Password oracle_1
n- t r
Connect As a
AV_ADMIN no
h a s ฺ
m ) uide
o tG
ilฺc entab.
Click Login.
a
3. The Collectors page is displayed. Click the Configuration
m tud Click the Agent tab.
4. The Source Configuration Managementgpage is displayed.
a @
nView.his S
j
ฺru se t
5. The Agent page is displayed. Click
c a u
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru
6. The View Agent page is displayed. Click OK to return to the Agent page.

Chapter 3 - Page 25
a ble
7. Click Logout to log out of the Audit Vault Console.
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 3 - Page 26
a ble
r
a nsfe
n- t r
a no
)
m Gu i d e
ฺ c4o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 4 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 4 - Page 2
Practices Overview
In these practices, you will configure Oracle Audit Vault sources and collectors.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 4 - Page 3
Practice 4-1: Setting Environment Variables
Overview
In this practice you verify that environment variables are set correctly in the Audit Vault Server
shell and in the Audit Vault Collection Agent shell, prior to registering your source database and
deploying collectors.
Assumptions
Lesson 2 and Lesson 3 practices were completed successfully.
Tasks
1. Return to your Audit Vault Server terminal window and verify that environment variables are
set correctly for the Audit Vault Server.
$ echo $ORACLE_SID
a ble
av r
$ echo $ORACLE_HOME
a nsfe
/u01/app/oracle/oracle/product/10.2.3/av_1
n- t r
$ echo $PATH
a no
a s ฺ
/usr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/lo
h
m ) uide
cal/bin:/usr/X11R6/bin:/u01/app/oracle/oracle/product/10.2.3/av_
o
1/bin
a ilฺc ent G
gm Stud
a @
/u01/app/oracle/oracle/product/10.2.3/av_1/lib
n Agent isterminal window and verify that environment
2. u j
r the Audit
Return to your Audit Vault Collection
ฺfor t h
c a
variables are set correctly u s e Vault Collection Agent.
( r alu e to
$ echo $ORACLE_HOME
l u ca icens
a l
ja n R$ echo $LD_LIBRARY_PATH
Ru /u01/app/oracle/oracle/product/10.2.3/av_agent_1/lib
$ echo $PATH
/u01/app/oracle/product/11.2.0/dbhome_1/bin:/usr/kerberos/bin:/u
sr/local/bin:/bin:/usr/bin:/usr/NX/bin:/usr/X11R6/bin:/usr/NX/bi
n:/usr/NX/bin:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/b
in
$ echo $ORACLE_SID
$ echo $TNS_ADMIN
$ echo $TWO_TASK
Practice 4-1: Setting Environment Variables

Chapter 4 - Page 4
Practice 4-2: Creating a User Account on the Source Database
Overview
In this practice you create a user account on the source database.
Assumptions
Tasks
1. Open a third terminal window. By default the environment variables are set for your Oracle
Database 11g Release 2 database. This is your source database for the practices.
$ echo $ORACLE_SID
orcl
$ echo $ORACLE_HOME
a ble
r
/u01/app/oracle/product/11.2.0/dbhome_1
a nsfe
$
n- t r
2.
no
Invoke SQL*Plus and log in as the SYSTEM user. The password for this user is oracle_4U.
a
$ sqlplus system
h a s ฺ
m ) uide
SQL*Plus: Release 11.2.0.1.0 Production
l ฺ c o t GFri May 21 09:54:19
on
i n
2010
g ma tude
Copyright (c) 1982,ja n@ Oracle.
h i s S All rights reserved.
ฺru se t
2009,
c a u
r a lu *********
t o
( nse
Enter password:
a
c
lu licto: e
a
nR
Connected
ja
Ru
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 -
Production
With the Partitioning, OLAP, Data Mining and Real Application
Testing options
SQL>
3. Create a user named avcolluser with a password of avcollpass. Execute the CREATE
USER command in SQL*Plus.
SQL> create user avcolluser
2 identified by avcollpass;
User created.
SQL> exit
Testing options

Chapter 4 - Page 5
$
4. In the source database terminal window, invoke SQL*Plus as the SYS user. Execute the
/u01/app/oracle/oracle/product/10.2.3/av_1/av/scripts/streams/sourc
e/zarsspriv.sql script with the SETUP argument to grant the necessary privileges for
the DBAUD and OSAUD collectors to the source user you created in the previous step.
$ cd
/u01/app/oracle/oracle/product/10.2.3/av_1/av/scripts/streams/so
urce
$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri May 21 10:10:37

2010

a ble
r
a nsfe
Connected to:
n- t r
Production a no
h a s ฺ
Testing options m ) uide
o
a ilฺc ent G
SQL> @zarsspriv avcollusergSETUP m tud
Granting privileges ton@ s S ... Done.
j a i
AVCOLLUSER
h
SQL>
c a ฺru se t
a
5. Execute the zarsspriv.sqllu t o u a second time with the REDO_COLL argument to grant
script
a r
( byntheseREDO collector. Exit from SQL*Plus.
privileges required
c
lu @zarsspriv
i c e avcolluser REDO_COLL
a
SQL> l
j a n RGranting privileges to AVCOLLUSER ... Done.
Ru SQL> exit
Testing options
$

Chapter 4 - Page 6
Practice 4-3: Verifying Source Database Compatibility
Overview
In this practice you verify that the source database is compatible with the collectors.
Assumptions
Previous practices were completed successfully.
Tasks
1. In your source database terminal window, use the Listener Control Utility to determine the
host name, port, and service name settings. You will need these values when you use the
AVORCLDB verify command in the next step.
$ lsnrctl status
a ble
r
sfe
2010 10:32:34
t r a n
no n-
Copyright (c) 1991, 2009, Oracle.
a
s ฺ
All rights reserved.
h a
) uide
Connecting to
o m
i lฺc ent G
a
STATUS of the LISTENER
@ gm Stud
------------------------
j a n his
Alias
ฺ r u e tLISTENER
c a s
u TNSLSNR for Linux: Version 11.2.0.1.0
Version
r a lu t o
( nse
- Production
a
l
Startc
u lice
Date 14-MAY-2010 12:19:14
a
RUptime 6 days 22 hr. 13 min. 20 sec
ja n
Ru
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File
/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.o
ra
Listener Log File
/u01/app/oracle/diag/tnslsnr/EDP1/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
RT=1521)))
Services Summary...
Service "orcl.example.com" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this
service...

Chapter 4 - Page 7
Service "orclXDB.example.com" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this
service...
$
2. In your Audit Vault Server terminal window, use the AVORCLDB verify command to
verify that the source database will support the collectors.
$ avorcldb verify –src <hostname>:1521:orcl.example.com -
colltype ALL
Enter Source user name: avcolluser
Enter Source password: **********
source ORCL.EXAMPLE.COM verified for OS File Audit Collector
collector a ble
r
source ORCL.EXAMPLE.COM verified for Aud$/FGA_LOG$ Audit
a nsfe
Collector collector
n- t r
no
parameter _JOB_QUEUE_INTERVAL is not set; recommended value is 1
a
h a s ฺ
ERROR: parameter PARALLEL_MAX_SERVERS = 10 is not in required
value range [20 - ANY_VALUE]
m ) uide
o
parameter UNDO_RETENTION = 900 is not in recommended value range
[3600 - ANY_VALUE]
a ilฺc ent G
gm Stud
parameter GLOBAL_NAMES = false is not set to recommended value
@
true
j a n his
ฺr u e t
ERROR: source database must be in ARCHIVELOG mode to use REDO
c a u s
r a lu
LOG collector
t o
( nse
ERROR: set the above init.ora parameters to recommended/required
a
c
lu lice
values
R a$
u janNote that your source database will support the DBAUD and OSAUD collectors, but
R changes need to be made to support the REDO collector.
3. Return to your source database terminal window to make changes to your source
database.
a. Log in to SQL*Plus as the SYS user with SYSDBA privileges.
SQL*Plus: Release 11.2.0.1.0 Production on Fri May 21 10:53:55

2010
Connected to:
Production
Testing options

Chapter 4 - Page 8
SQL>
b. Execute the ALTER SYSTEM command to modify the initialization parameters as
required by the REDO collector.
SQL> alter system set "_job_queue_interval"=1 scope=spfile;
System altered.
SQL> alter system set parallel_max_servers=20;
System altered.
SQL> alter system set undo_retention=3600;

a ble
r
a nsfe
System altered.
n- t r
SQL> alter system set global_names=true; a no
h a s ฺ
m ) uide
System altered. o t Gdynamic, you must shut down
a
c. Because the _JOB_QUEUE_INTERVAL parameter ilฺc eisnnot
gm itSfortuthe
the source database instance and restart
@
d change to take effect. Shut down the
source database instance. an is
ฺr u j t h
a
SQL> shutdown immediate
c u s e
r alu e to
Database closed.
(
l u c e ns
ca idismounted.
Database
a l
nR
ORACLE instance shut down.
ja d. Restart the database instance in MOUNT mode so that you can put it into ARCHIVELOG
Ru mode.
SQL> startup mount
ORACLE instance started.
Total System Global Area 502181888 bytes

Fixed Size 1337492 bytes
Variable Size 377489260 bytes
Database Buffers 117440512 bytes
Redo Buffers 5914624 bytes
Database mounted.
e. Put the database in ARCHIVELOG mode and open the database.
SQL> alter database archivelog;
Database altered.

Chapter 4 - Page 9
SQL> alter database open;
Database altered.
SQL>
f. Exit from SQL*Plus.

4. Return to your Audit Vault Server terminal window and use the AVORCLDB verify
command to verify that the source database will support the collectors.
$ avorcldb verify -src <hostname>:1521:orcl.example.com -
colltype ALL
source ORCL.US.ORACLE.COM verified for OS File Audit Collector
a ble
collector r
source ORCL.US.ORACLE.COM verified for Aud$/FGA_LOG$ Audit
a nsfe
Collector collector
n- t r
no
source ORCL.US.ORACLE.COM verified for REDO Log Audit Collector
a
collector
h a s ฺ
[oracle@EDRSR22P1-av source]$
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 4 - Page 10
Practice 4-4: Registering the Source Database with Oracle Audit Vault
Overview
In this practice you register your Oracle Database 11g Release 2 database with Oracle Audit
Vault.
Assumptions
Tasks
1. Return to your Audit Vault Server terminal window. Use the AVORCLDB add_source
command to register your source database.
$ avorcldb add_source -src <hostname>:1521:orcl.example.com \
> -srcname ORCL
a ble
r
sfe
t r a n
Adding source...
no n-
Source added successfully. a
s ฺ
h a
) use in e
remember the following information ofor m u idavctl
Source name (srcname): ORCL ailฺ
c nt G
Credential stored successfully. g m tude
$ j a n@ his S
ฺruto verifye t
c
2. Use the Audit Vault Console a s that the source database has been added.
uAudit Vault Console by using the following URL:
r
a. Open a browser a luand launch
t o
a ( nse
c
http://<hostname>:5700/av
luin with lthe
i c eAV Administrator username of avadmin1 and password of oracle_1.
a
b. Log
j a n RSelect AV_ADMIN in the Connect As drop-down menu.
Ru c. Select Configuration.
d. On the Audit Source – Source Configuration Management page, view the source
database information.
Chapter 4 - Page 11
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Chapter 4 - Page 12
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault
Overview
In this practice you add the OSAUD, DBAUD, and REDO collectors to Oracle Audit Vault.
Assumptions
Tasks
1. Add the OSAUD collector by performing the following steps.
a. Return to the terminal window that is set for your Oracle source database. Log in to
SQL*Plus as the SYS user with the SYSDBA privilege.
a ble
SQL*Plus: Release 11.2.0.1.0 Production on Fri May 21 12:32:25fer
n s
tra
2010
n -
Copyright (c) 1982, 2009, Oracle. a All rights reserved. no
a s
h ideฺ
)
Connected to:
l ฺ c om t Gu
Oracle Database 11g EnterpriseaiEditionnRelease 11.2.0.1.0 -
Production g m tude
With the Partitioning,n@ OLAP, s S Mining and Real Application
Testing options ru j a t h i Data
c a ฺ s e
a lu t o u
SQL>
a r
( nse
c e
luthe DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY
i c
a
b. Use
R l procedure to set the
jan
maximum operating system file size to 2 GB. Exit from SQL*Plus.
Ru SQL> begin
2 dbms_audit_mgmt.set_audit_trail_property (
3 audit_trail_type => dbms_audit_mgmt.audit_trail_os,
4 audit_trail_property => dbms_audit_mgmt.os_file_max_size,
5 audit_trail_property_value => 204800);
6 end;
7 /
PL/SQL procedure successfully completed.
SQL> exit
Testing options
$

Chapter 4 - Page 13
c. Return to the terminal window that is set for Audit Vault Server. Execute the
AVORCLDB add_collector command to add the OSAUD collector.
$ avorcldb add_collector \
> -srcname ORCL \
> -agentname avagent1 \
> -colltype OSAUD \

> -orclhome /u01/app/oracle/product/11.2.0/dbhome_1
source ORCL verified for OS File Audit Collector collector
Adding collector...
Collector added successfully.
remember the following information for use in avctl

Collector name (collname): OSAUD_Collector
a ble
$ r
d. Return to Audit Vault Console to verify that the OSAUD collector has been added. Click
a nsfe
the Collector tab on the Source Management page to access the Collector
n- t r
Configuration Management page.
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
2. Add the DBAUD collector.
a. Return to the terminal window and use the AVORCLDB add_collector command to
add the DBAUD collector.
> -srcname ORCL \
> -agentname avagent1 \
> -colltype DBAUD
source ORCL verified for Aud$/FGA_LOG$ Audit Collector collector
Adding collector...
Collector added successfully.

Collector name (collname): DBAUD_Collector

Chapter 4 - Page 14
$
b. Use Audit Vault Console to verify that the DBAUD collector has been added. Refresh
the Collector Configuration Management page to view the information.
a ble
r
a nsfe
n- t r
a no
3. Add the REDO collector.
h a s ฺ
o m u ide
) add_collector
a. Return to the terminal window and use the AVORCLDB command to
ilฺc ent G
add the REDO collector.
a
gm Stud
> -srcname ORCL \
a @
n\ his
> -agentname avagent1 u j
ฺr\ se t
c a u
> -colltype REDO
r a lu t o
( nse
> -av <hostname>:1522:av.us.oracle.com
a
l c
u liceverified for REDO Log Audit Collector collector
source ORCL
a
RAdding collector...
n
ja Collector added successfully.
Ru
Collector name (collname): REDO_Collector
initializing REDO Collector
setting up APPLY process on Audit Vault server
setting up CAPTURE process on source database
$
b. Use Audit Vault Console to verify that the REDO collector has been added. Refresh the
Collector Configuration Management page to view the information.

Chapter 4 - Page 15
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 4 - Page 16
Practice 4-6: Enabling the Agent to Run the Collectors
Overview
In this practice you enable the agent to run the collectors by adding the collection agent
credentials to the Oracle source database.
Assumptions
Tasks
1. Return to the terminal window that is configured for the Audit Vault collection agent. Use the
AVORCLDB setup command to add the collection agent credentials.
$ avorcldb setup -srcname ORCL
a ble
r
sfe
adding credentials for user avcolluser for connection [SRCDB1]
t r a n
Credential stored successfully.
no n-
a
updated tnsnames.ora with alias [SRCDB1] to source database
s ฺ
verifying SRCDB1 connection using wallet h a
) uide
$ o m GVault Agent is started by
a ฺc the Audit
ilthat n t
2. In the Audit Vault agent terminal window, verify
using the AVCTL show_agent_status g m
command. t u de
$ avctl show_agent_status j a n@ his S
c a ฺru se t
------------------------------------
a lu
Agent is rrunning t o u
a ( nse
c
lu lice
------------------------------------
R a
$
j a nYou
Ru Console.
3. can also view information about the Audit Vault Agent on the Agent page in Audit Vault
Practice 4-6: Enabling the Agent to Run the Collectors

Chapter 4 - Page 17
Practice 4-7: Starting the Collectors
Overview
In this practice you start the OSAUD, DBAUD, and REDO collectors. Collectors can be started
by using Audit Vault Console or the AVCTL start_collector command. In this practice you
will start one collector by using the AVCTL command and start the other two collectors by using
Audit Vault Console.
Assumptions
Tasks
1. Return to the terminal window that is configured for Audit Vault Server. Use the AVCTL
start_collector command to start the OSAUD collector.
a ble
$ avctl start_collector \ r
> -collname OSAUD_Collector \
a nsfe
> -srcname ORCL
n- t r
Starting collector...
a no
Collector started successfully.
h a s ฺ
$ m ) uide
o GCollectors page is
ilฺc etab.ntThe
2. Return to Audit Vault Console. Click the Management
a
displayed. Note the status of the OSAUD m d you started in the previous step.
g u
collector that
t
j a n@ his S
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru
3. Select the DBAUD_Collector collector and click Start.
4. A message is displayed indicating that the DBAUD collector has been started.

Chapter 4 - Page 18
5. Select the REDO_Collector collector and click Start.

a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
6. A R
a
j a n message is displayed indicating that the REDO collector has been started.
Ru
7. Click Logout to log out of Audit Vault Console.

Chapter 4 - Page 19
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 4 - Page 20
a ble
r
a nsfe
n- t r
a no
)
m Gu i d e
ฺ c5o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 5 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 5 - Page 2
Practices Overview
In these practices, you will retrieve audit settings from your source database. You will define
additional audit settings in Oracle Audit Vault and provision them to your source database.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 5 - Page 3
Practice 5-1: Retrieving Audit Settings
Overview
In this practice you retrieve the current audit settings that have been defined in your source
database.
Assumptions
Practices for Lessons 2, 3 and 4 were completed successfully.
Tasks
1. Open a browser window and launch the Audit Vault Console. Log in as the AV Auditor as
follows:
Field Value
User Name avaudit1
a ble
r
Password oracle_1
a nsfe
Connect As AV_AUDITOR
n- t r
a no
Click Login.
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
2. Click “I agree” on the Oracle Database 10g Licensing Information page.

Chapter 5 - Page 4
3. Click the Audit Policy tab to display the Audit Settings page.
a ble
r
a nsfe
n- t r
a no
4.
s ฺ
Select the source database and click Retrieve to retrieve the existing audit settings from the
h a
source database.
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
5. An information message is displayed indicating that the settings from the source database
are being retrieved. Click Show Status to view the status of the retrieval.

Chapter 5 - Page 5
6. Retrieval information is displayed. Click Return to return to the Audit Settings page.
7. The Audit Settings page now indicates the setting has been retrieved. Note that the
Problem field is set to 29. This indicates that the audit settings are set in the source
database but they have not yet been activated for use in Oracle Audit Vault. You will
a ble
activate the settings in the next practice. r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a (for the nnext
sefew steps, log out of Audit Vault Console.
c
In preparation
lu the Audit e
8. R
Note athat lic Trail field on the Audit Settings page indicates AUDIT_TRAIL is set to
nDB. The Audit Sys field indicates that AUDIT_SYS_OPERATIONS is set to FALSE. Change
ja the AUDIT_TRAIL initialization parameter to DB,EXTENDED and set the
Ru
AUDIT_SYS_OPERATIONS initialization parameter to TRUE. You can set the initialization
parameters by using SQL commands or Enterprise Manager Database Control. The steps
below use SQL commands to change the value.
a. In your source database terminal window, log in to SQL*Plus as the SYSDBA user.
SQL*Plus: Release 11.2.0.1.0 Production on Tue Jul 13 12:37:16

2010
Connected to:
Production

Chapter 5 - Page 6
Testing options
SQL>
b. View the current setting for the AUDIT_ parameters.
SQL> show parameter audit_
NAME TYPE VALUE

--------------------- -------- --------------------------------
audit_file_dest string /u01/app/oracle/admin/orcl/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
a ble
r
sfe
SQL>
c. Set the AUDIT_TRAIL parameter to DB,EXTENDED.
t r a n
SQL> alter system set audit_trail=db,extended scope=spfile;
no n-
a
s ฺ
System altered. h a
) uide
o m G
d. Set the AUDIT_SYS_OPERATIONS parameter
a ilฺcto TRUE.
n t
g m tude
SQL> alter system set audit_sys_operations=true scope=spfile;
j a n@ his S
System altered. ฺru
e t
e. Shut down andlu c a u s
restart theodatabase
( r a e t instance.
c a ensimmediate
SQL> shutdown
u
a l
Database c
liclosed.
R
n Database dismounted.
ja
Ru ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 502181888 bytes

Fixed Size 1337492 bytes
Variable Size 432015212 bytes
Database Buffers 62914560 bytes
Redo Buffers 5914624 bytes
Database mounted.
Database opened.
SQL>
f. Verify your changes.
SQL> show parameter audit_

Chapter 5 - Page 7
NAME TYPE VALUE
--------------------- -------- --------------------------------
audit_file_dest string /u01/app/oracle/admin/orcl/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB, EXTENDED

SQL>
9. Log in to the Audit Vault Console as the Audit Vault Administrator and check the status of
the collectors.
a. Note that the DBAUD collector is not started. It was shut down when you restarted the
source database instance.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
b. Restart the DBAUD collector by@
gm Stud
clicking Start.
j a n successfully
h is restarted. Log out of Audit Vault Console.
c. The DBAUD collector has
ฺr u been
e t
c a u s
r lu Console
aVault to as the avaudit1 user and retrieve the source database
(
10. Log in to the Audit e
settingsu
l ca icens
again.
a the Audit
a.RClick l Policy tab.
n
ja b. Select your source database and click Retrieve again.
Ru c. Click Show Status to monitor the retrieval process. Click Return to return to the Audit
Settings page.
d. Note that the Audit Trail field has been updated to “DB, EXTENDED” and the Audit Sys
field indicates a value of TRUE.

Chapter 5 - Page 8
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 5 - Page 9
Practice 5-2: Viewing and Activating Audit Settings
Overview
In this practice you view the audit settings for your Oracle Database 11g Release 2 source
database and activate the settings for use in Audit Vault.
Assumptions
Tasks
1. On the Audit Settings page, click the link for your source database.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
2. The Overview page is displayed. Note@ gmthereStare
that udsettings already set in your source
database. j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru
3. View the Statement settings by clicking the Statement tab. To indicate that all the
Statement audit settings should be used by Audit Vault, click “Mark All as Needed.”

Chapter 5 - Page 10
4. The Needed column is updated with a green check mark indicating that the audit setting is
a ble
needed.
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
R the Privilege settings by clicking the Privilege tab. To indicate that all the Privilege
j a naudit
5. View
Ru screenshot has been cropped to save space. Additional privileges are listed on this page.
settings should be used by Audit Vault, click “Mark All as Needed.” Note: The

Chapter 5 - Page 11
6. The Needed column is updated with a green check mark indicating that the audit setting is
needed.
a ble
7. Click the Overview tab. Click “Save All Audit Settings” to save the settings you just r
activated.
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
8. An informational message is displayed indicating that your audit policy has been saved.

Chapter 5 - Page 12
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 5 - Page 13
Practice 5-3: Creating a Capture Rule
Overview
In this practice you use Audit Vault Console to create a capture rule.
Assumptions
Tasks
1. On the Audit Settings page, click the Capture Rule tab. On the Capture Rule page, click
Create.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m
2. Click the flashlight icon for the Table field. Enter HR in
o the de field and click Go.
) ObjectuiOwner
Select the HR.EMPLOYEES table and click Select.
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru

Chapter 5 - Page 14
3. On the Create Capture Rule page, click OK.
4. The Audit Settings page (Capture Rule tab) shows the capture rule you defined. Note that it
is not yet provisioned to your source database.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o t Gthe capture rule.
5. Click the Overview tab. Click “Save All Audit a ilฺc etonsave
Settings”
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru
6. Provision the capture rule to your source database.

a. On the Audit Settings Overview page, enter information as follows:
Field Value
Audit Source User Name system
Audit Source Password oracle_4U

Chapter 5 - Page 15
b. Click Provision.
a ble
r
a nsfe
n- t r
a no
h a s applied.
c. You receive a message that the policy has been successfully ฺ
) i d e
l ฺ c om t Gu
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
d. Return to the Capture Rule page and view the status of the rule you defined.

Chapter 5 - Page 16
Practice 5-4: Configuring Fine-Grained Auditing Policies
Overview
In this practice you configure fine-grained auditing policies in your source database.
Assumptions
Your source database is open.
Tasks
1. In your source database terminal window, log in to SQL*Plus as the SYS user and execute
the $HOME/labs/audit_fga.sql script to configure fine-grained auditing policies in your
source database.
$ cd $HOME/labs
a ble
r
a nsfe
SQL*Plus: Release 11.2.0.1.0 Production on Tue Jul 13 13:27:46
2010 n- t r
a no
Copyright (c) 1982, 2009, Oracle. All rights
h a s reserved.
ฺ
) i d e
l ฺ c om t Gu
Connected to:
m aiEditiond e n
Oracle Database 11g Enterprise
@ g Stu Release 11.2.0.1.0 -
Production
j a n his
ฺr
With the Partitioning, u e t Data Mining and Real Application
OLAP,
c a u s
r a lu
Testing options
t o
a ( nse
SQL>c
lu lice
@audit_fga
a
ja n RConnected.
Ru SQL> BEGIN
2
DBMS_FGA.DROP_POLICY
(object_schema=>'HR',
3 object_name=>'EMPLOYEES',
4 policy_name=>'EMPLOYEEDATA');
5 END;
6 /
BEGIN DBMS_FGA.DROP_POLICY
*
ERROR at line 1:
ORA-28102: policy does not exist
ORA-06512: at "SYS.DBMS_FGA", line 60
ORA-06512: at line 1
SQL> BEGIN DBMS_FGA.DROP_POLICY

2 (object_schema=>'SH',
3 object_name=>'SALES',

Chapter 5 - Page 17
4 policy_name=>'NonAppsSales');
5 END;
6 /
BEGIN DBMS_FGA.DROP_POLICY
*
ERROR at line 1:
SQL> BEGIN DBMS_FGA.DROP_POLICY

2 (object_schema=>'OE',
3 object_name=>'ORDERS',
a ble
r
sfe
4 policy_name=>'NonAppsOrders');
5 END;
t r a n
6 /
no n-
BEGIN DBMS_FGA.DROP_POLICY a
s ฺ
* h a
) uide
ERROR at line 1:
o m
a ilฺc ent G
gm Stud
@
j a n his
ฺr u e t
c a u s
SQL>
r a lu t o
a ( nseDBMS_FGA.ADD_POLICY
c
SQL> BEGIN
e
l2u (object_schema=>'HR',
i c
R a l
jan 3 object_name=>'EMPLOYEES',
Ru 4 policy_name=>'EMPLOYEEDATA',
5 audit_column=>'PHONE_NUMBER',
6 statement_types=>'SELECT',
7 audit_column_opts=>DBMS_FGA.ANY_COLUMNS);
8 END;
9 /
SQL> BEGIN DBMS_FGA.ADD_POLICY

2 (object_schema=>'SH',
3 object_name=>'SALES',
4 policy_name=>'NonAppsSales',
5
audit_condition=>'SYS_CONTEXT(''USERENV'',''SESSION_USER'')<>''A
PPS''',

Chapter 5 - Page 18
6 statement_types=>'SELECT');
7 END;
8 /

SQL> BEGIN DBMS_FGA.ADD_POLICY

2 (object_schema=>'OE',
3 object_name=>'ORDERS',
4 policy_name=>'NonAppsOrders',
5
audit_condition=>'SYS_CONTEXT(''USERENV'',''SESSION_USER'')<>''A
PPS''',
a ble
6 statement_types=>'SELECT');
r
7 END;
a nsfe
8 /
n- t r
a no
h a s ฺ
m ) uide
l o
ฺc nt G
SQL> set echo off
a i
SQL>
g m tude
j a n@ his S
u ande log
ฺrfine-grained
2. Return to the Audit Vault Console t in as the avaudit1 user. Retrieve the latest
u c a s
u auditing policies you defined in the previous step.
a l
audit settings, including the
t o
a. Log in to the
a (r AuditnsVault
e Console by entering the following:
c
lu lField i c e
R a Value
u janUser Name avaudit1

R Password oracle_1
Click Login.
b. Click the Audit Policy tab.
c. Select your source and click “Retrieve” on the audit Settings page.
d. The Audit Settings page is updated indicating that the settings are being retrieved.
e. Click Show Status to view the status of the retrieval. Click Return to return to the Audit
Settings page.
f. The Audit Settings Retrieved column is updated with the time stamp of the retrieval.

Chapter 5 - Page 19
3. View the fine-grained audit policies by clicking the link in the Audit Source column
a. Click the database link in the Audit Source column.
a ble
b. On the Overview page, note that there are now 3 FGA policies in use. Click the FGA
r
tab to view details.
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
c. On the FGA page, the FGA policies that you defined in the previous step are listed.
4. Update Audit Vault to use the fine-grained auditing policies.


Chapter 5 - Page 20
a. Click “Mark All as Needed.”
b. The red Xs in the Needed column change to green check marks.
c. Click the Overview tab. Click “Save All Audit Settings” to save the FGA settings.
d. The policy is saved. Note that all “In Use” FGA policies are now used by Audit Vault.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
e. Log out of Audit Vault Console.

Chapter 5 - Page 21
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 5 - Page 22
a ble
r
a nsfe
n- t r
a no
)
m Gu i d e
ฺ c6o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 6 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 6 - Page 2
Practices Overview
In these practices, you create an email notification profile and notification template.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 6 - Page 3
Practice 6-1: Creating an Email Notification Profile
Overview
In this practice you create an email notification profile.
Assumptions
Practices for Lessons 2, 3, and 4 have been completed successfully.
Tasks
1. Log in to the Audit Vault Console as the AVAUDIT1 user.
2. Click Settings. On the Notification Profiles page, click Create.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
3. Enter the following information: m ) uide
o G
Field a ilฺc ent Value
m tud
gHQ_Auditors
Profile Name
a @ S
n Distribution
i s
Description
ฺ j t h
ru se headquarters-based list for all
u a
c ou auditors.
l
To
a (ra nse t auditors_hq@example.com
c
lu lice sec_admin@example.com
a
j a nCCR avaudit1@example.com
Ru
Click Save.
4. You receive confirmation that your notification profile is created.

Chapter 6 - Page 4
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 6 - Page 5
Practice 6-2: Creating Templates for Notification
Overview
In this practice you create an email notification template.
Assumptions
Practices for Lessons 2, 3, and 4 were completed successfully.
Tasks
1. Click the Notification Templates tab to navigate to the Notification Templates page.
2. On the Notification Templates page, click Create.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
3. Enter the following information: n@
gm Stud
u j a t h is
Field
c a ฺr s e Value
alu e to u
Name
a ( r s
HQ Auditors Alert Notification
c e n Template
R alu lic
Description Alert notification template for HQ
ja n Auditors.
u
R Subject Oracle Audit Vault Alert:
#AlertName#, #AlertTime#
Body #AlertBody#
This is an automated message.
Please do not reply.
Click Save.

Chapter 6 - Page 6
4. The Notification Templates page is displayed again with your new notification template.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c e
luof AuditliVault
c
5. LogR a
out Console.
ja n
Ru

Chapter 6 - Page 7
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 6 - Page 8
a ble
r
a nsfe
n- t r
a no
)
m Gu i d e
ฺ c7o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 7 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 7 - Page 2
Practices Overview
In these practices, you will view Oracle Audit Vault default reports, generate a report PDF file,
and schedule the creation of a report. In addition you will retrieve entitlement audit data and
view entitlement reports. Finally, you will annotate and attest reports.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 7 - Page 3
Practice 7-1: Generating Audit Records
Overview
In this practice you execute a script to generate a number of audit records in your database.
Assumptions
Practices for previous lessons were completed successfully.
Tasks
1. Open a terminal window and ensure that the settings are correct for your source database.
$ . oraenv
ORACLE_SID = [orcl] ?
The Oracle base for
ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 is
a ble
r
sfe
/u01/app/oracle
$
t r a n
2. Change to the labs directory.
no n-
3. a
Log in to SQL*Plus as the SYSTEM user and execute the run_Oracle_workload.sql
s ฺ
h a
) uide
script. This script creates a number of users and objects. You will see some errors when
m
the script is run. The errors are intentional and are used to demonstrate that nonsuccessful
o
ilฺc ent G
transactions can be captured by Oracle Database auditing.
a
[labs]$ sqlplus system
@ gm Stud
j a n his
SQL*Plus: Release ฺr u e
11.2.0.1.0t Production on Wed Jul 14 08:52:20
c a u s
2010
r a lu t o
a ( nse
c
lu lic(c)
Copyright e 1982, 2009, Oracle. All rights reserved.
a
ja nR
Ru Enter password: *********
Connected to:
Production
Testing options
SQL> @run_Oracle_workload
4. Exit from SQL*Plus.
Practice 7-1: Generating Audit Records

Chapter 7 - Page 4
Practice 7-2: Viewing Audit Vault Default Reports
Overview
In this practice you will view a number of Audit Vault default reports.
Assumptions
Tasks
1. Log on to Oracle Audit Vault Console by specifying the following:
Field Value
User Name avaudit1
Password oracle_1
a ble
r
a nsfe
n- t r
2.
3.
Click the Audit Reports tab.
a no
To view account management activity, perform the following steps:
h a s ฺ
) uide
a. On the Default Reports page, click Account Management.
m
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
b. The Account Management page is displayed showing all the account management
commands that have been audited.

Chapter 7 - Page 5
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm S
d
tuUSER
c. You need to find out more about
j a n his
the CREATE statement executed by JSMITH.
Click the icon.
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
R a
jan
Ru
d. Detailed information is provided about the event.

Chapter 7 - Page 6
a ble
r
a n sfe
t
n- USERr
o
e. Scroll down the page and notice that the SQL text field shows the CREATE
n
statement.
s a
Question: What setting enabled the capture of the SQL text?
) a
h ideฺ
Answer: Setting AUDIT_TRAIL to DB, EXTENDEDo
c m the
enables
G ucapture of the SQL text.
l ฺ
ai den t
m
g Stu
a n @ is
ฺr u j t h
c a u s e
( r alu e to
l u ca icens
n Ra l
ja
Ru
f. Click Report View to return to the Account Management page.

g. Click Default Reports to return to the Default Reports page.
4. You can easily view DML activity by accessing the Data Access report.
a. In the Access Reports section, click Data Access.

Chapter 7 - Page 7
b. The Data Access report shows all audited DML commands. You need to view
information about DELETE events. Click the filter event to change the filter.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
c. Select Event in the Column list.@
gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
d. Enter DELETE in the Expression field and click Apply.

Chapter 7 - Page 8
e. The Data Access report now shows only the DELETE events.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
f. Return to the Default Reports page.

Chapter 7 - Page 9
Practice 7-3: Viewing Entitlement Audit Data
Overview
In this practice you retrieve entitlement audit data and view a default entitlement report.
Assumptions
Tasks
1. To view entitlement reports, you must first retrieve the entitlement audit data.
a. On the Audit Policy page, select your source database and User Entitlement. Click
Retrieve.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n hisClick Show Status to view the retrieval status.
b. An informational messageu
ฺrEntitlement t
is displayed.
e
c. Click Return. The c
u a
User s
u Retrieved column is updated indicating the time of
retrieval. ral t o
a ( nse
c
lu lice
a
ja nR
Ru
2. To view an entitlement report, perform the following steps:

a. Navigate to the Default Reports page. In the Entitlement Reports section, click User
Accounts.
b. On the User Accounts page, click Go to view the entitlement snapshot data.

Chapter 7 - Page 10
c. The User Accounts report is displayed.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n the hJSMITH
is user to view detailed information.
ฺr
d. Scroll down the page andu select
e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru e. Detailed entitlement information for the JSMITH user is displayed.

Chapter 7 - Page 11
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
f. Click Report View to return to the User Accounts page.

g. Return to the Default Reports page.

Chapter 7 - Page 12
Practice 7-4: Using Ad Hoc Reporting Features
Overview
In this practice you use some of the ad hoc reporting features to customize your reports.
Assumptions
Tasks
1. On the Default Reports page, click Data Access.
2. On the Data Access report page, click the cog icon.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu
3. In the list, select Highlight.
t o
a ( nse
c
lu lice
a
j a nR
Ru
4. Enter information as follows:

Field Value
Name Highlight Orders
Column Target

Chapter 7 - Page 13
Field Value
Operator =
Expression ORDERS
Select “yellow” for Background Color and “blue” for Text Color. Click Apply.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
c a ฺr filter.se t
u
5. Remove the Event=’DELETE’
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru
6. The report now shows the highlighted data.

Chapter 7 - Page 14
7. Click the User column to further filter the report data. Select PJONES to filter the report to
show only actions taken by PJONES.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu now lshows
i c e only actions by PJONES with the updates to ORDERS highlighted.
8. a
The report
ja nR
Ru
9. Delete the “User=’PJONES’ filter.

Chapter 7 - Page 15
10. Click the Event column to filter the report data to show only UPDATE events.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
11. Once again, click the cog icon. Choose Save Report to save a copy of this report.

Chapter 7 - Page 16
a ble
r
a nsfe
12. In the Save Report fields, enter the following:
n- t r
Field
a no Value
Update Report as
Name
) h ideฺ
Category New Category
l ฺ c om(select
t Ginumenu)
Category (new field) SOX a i
Update e n
Reports
m d
gReportStofu updates
Description
a n @ is
ฺr u j t h
c a u s e
Click Apply.
( r alu e to
l u ca icens
n Ra l
ja
Ru
13. A message is displayed with your saved report name.

Chapter 7 - Page 17
14. Return to the Default Reports page.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 7 - Page 18
Practice 7-5: Using Compliance Reports
Overview
In this practice you use the default compliance reports.
Assumptions
Tasks
1. Navigate to the Compliance Reports page. Click Database Failed Logins.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
2. The report is displayed. You wantnto display isthe failed logins for only certain users. To do
u j a t h
c a ฺr
that, click Change Definition.
s e
alu e to u
( r
l u ca icens
n Ra l
ja
Ru
3. A new filter appears. Click the link to edit the filter.

Chapter 7 - Page 19
4. Select APPS in the Expression menu. Click Apply.
a ble
r
a nsfe
n- t r
a no
5. The report now shows only the failed logins for the APPS)user. hasNote
i d e ฺ you could save
that
l ฺ c om trequirements.
this report definition if it was appropriate for your business
G u
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
6. Return to the Compliance Reports page.

Chapter 7 - Page 20
Practice 7-6: Creating and Scheduling PDF Reports
Overview
In this practice you create PDF reports and schedule the creation of PDF reports.
Assumptions
Tasks
1. Create a PDF report of the Schema Changes Report.
a. On the Compliance Reports page, click Schema Changes Report.
b. On the Schema Changes report page, click Create PDF.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm page,
S tudensure Immediately is selected.
c. On the “Create or Schedule PDF
j a n his
Report”
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
d. Scroll to the Attestation section and select the AVAUDIT1 user.

Chapter 7 - Page 21
e. Click Create PDF. The Generated Reports page is displayed. Click Show Pending
a ble
Reports. r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu on the
f. The report appears
t o list.
a ( nse
c
lu lice
R a
jan
Ru
g. Return to the Generated Reports page. After the report is generated, it appears on the
Generated Reports page. Click the Details icon to view additional information.

Chapter 7 - Page 22
h. Detailed information about the generated report is displayed. Click Done to return to
the Generated Reports page.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
i. Return to the Compliance Reports page.
2. Now schedule the Schema Changes report to execute on a weekly basis.
a. Click Schema Changes on the Compliance Reports page.
b. Click Create PDF.
c. In the Schedule section select Specify Schedule. Choose Weekly in the Repeat field.

Chapter 7 - Page 23
d. In the Notification section select “Report Notification Template” in the template field.
Enter avaudit1@example.com in the “To e-mail” field and click “Add to List.”
e. Select AVAUDIT1 in the Attestation section. Click Schedule. a ble

r
f. The Report Schedules page appears showing your scheduled report.
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu for thei c e practice, log out of Audit Vault Console.
3. a
To prepare l next
ja nR
Ru

Chapter 7 - Page 24
Practice 7-7: Attesting Reports
Overview
In this practice you annotate and attest reports assigned to you.
Assumptions
Tasks
1. Log in to Audit Vault Console as the AVAUDIT1 user.
2. Scroll to the Attestation Actions section. Click the report icon for the report that needs to be
attested.
a ble
r
a nsfe
n- t r
3. Click View Report. a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
4. The report is displayed. Scroll to the right and click Details to return to the Details for
Generated Report page.

Chapter 7 - Page 25
5. Add a note in the New Note field. Click “Save & Attest” to save your note and record that
you have attested the report.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
lฺc ent G
a i
6. m appears.
In the Previous Notes section your new note
g t u d In the Attestation section, the time
j a n@ his S
and date of your attestation is shown.
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
a
ja nR
Ru
7. Click Home to return to the Dashboard page.


Chapter 7 - Page 26
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 7 - Page 27
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 7 - Page 28
a ble
r
a nsfe
n- t r
a no
)
m Gu i d e
ฺ c8o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 8 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 8 - Page 2
Practices Overview
In these practices, you will verify that alert processing is enabled. You will define alert status
values. Finally you will trigger an alert and respond to the alert.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 8 - Page 3
Practice 8-1: Verifying that Alert Processing is Enabled
Overview
In this practice you verify that alert processing is enabled.
Assumptions
Tasks
1. Log in to the Audit Vault Console as the AVADMIN1 user.
2. Navigate to the Alerts Setting page. (Configuration > Alert)
3. Verify that “Alert Processing Status” is set to Enable.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
4. Log out of Audit Vault Console. n is
u j a t h
c a ฺr s e
alu e to u
( r
l u ca icens
n Ra l
ja
Ru
Practice 8-1: Verifying that Alert Processing is Enabled

Chapter 8 - Page 4
Practice 8-2: Creating an Alert Status Value
Overview
In this practice you will define an additional alert status value.
Assumptions
Tasks
1. Log in to Audit Vault Console as the AVAUDIT1 user.
2. Click the Settings tab. Click the Alert Status Values tab to navigate to the Alert Status
Values page.
3. The Oracle Audit Vault default status values of NEW and CLOSED are displayed. Click
Create.
a ble
r
sfe
4. On the “Add Alert Status Value” page, enter the following information:
Field Value
t r a n
Status Value no
PENDING SUPERVISOR REVIEW n-
a
Description Alert needs review
Supervisor ) h
as by eAudit
ฺ
om t Gu i d
l ฺ c
m ai den
Click Save.
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
5. Your new status value is displayed on the Alert Status Values page.

Chapter 8 - Page 5
a ble
r
6. Click Home to return to the Dashboard page.
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru

Chapter 8 - Page 6
Practice 8-3: Creating Alerts
Overview
In this practice you create a basic alert.
Assumptions
Tasks
1. Click the Audit Policy tab. Click the Alerts tab to navigate to the Alerts page.
2. On the Alerts page, click Create.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
) uide
3. On the Create Alert Rule page, enter the following information:
m
Field
l ฺ o G
c nt Value
a i
Alert
g m tUser
Create
u de
Description
j a n@ Alert
h i s Sthat is raised when a user
ฺru se is t created.
c a u Warning
Alert Severity
r a lu t o
a (
Type ns
e
l c
Audit Source
u lic e ORCLDB
Audita
R Source ORCL
ja n
Ru Audit Event Category ACCOUNT MANAGEMENT
Audit Event CREATE USER
Audit Event Status BOTH

Chapter 8 - Page 7
a ble
r
Click OK.
a nsfe
4. The Alerts page shows your new alert.
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( Vault
ofcAudit
5. Log outu e n se
al
Console.
R lic
u jan
R

Chapter 8 - Page 8
Practice 8-4: Responding to Alerts
Overview
In this practice you execute a script to trigger an alert and then view the alert.
Assumptions
Tasks
1. Open a terminal window and set the environment for your source database. Change to the
labs directory. Invoke SQL*Plus and log in to your source database as the SYSTEM user.
$ . oraenv
ORACLE_SID = [orcl] ?
The Oracle base for
a ble
r
sfe
ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 is
/u01/app/oracle
t r a n
$ cd $HOME/labs
no n-
[labs]$ sqlplus system
a
s ฺ
h a
SQL*Plus: Release 11.2.0.1.0 Production
o m ) on Fri
u ideJun 11 12:32:52
2010
a ilฺc ent G
m tud
gOracle.
Copyright (c) 1982, 2009,
a @
n his S All rights reserved.
j
ru se t
ฺ*********
c a u
r a lu
Enter password:
t o
a ( nse
c
lu licto:
Connected e
a
ja n ROracle Database 11g Enterprise Edition Release 11.2.0.1.0 -
Ru
Production
Testing options
SQL>
2. Execute the cr_hruser.sql script to create a new user named HRUSER.
SQL> @cr_hruser
Connected.
SQL> create user hruser
2 identified by hrpass
3 default tablespace example
4 temporary tablespace temp
5 /
User created.

Chapter 8 - Page 9
SQL> set echo off
SQL>
3. Determine whether an alert has been raised as a result of the creation of a new user.
a. Return to Audit Vault console and log in as the AVAUDIT1 user.
b. On the Overview page, observe that the alert has been raised.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
a n that
c. Scroll down the page and jobserve
h isthe alert information is displayed in the charts.
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
4. View detailed information about the alert.

a. Return to the top of the page and click the icon.

Chapter 8 - Page 10
b. Detailed information is displayed.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
c. Click Report View to go to the Default Reports page.

d. The alert is also listed on the Default Reports page.

Chapter 8 - Page 11
5. Change the status of the alert to “PENDING SUPERVISOR REVIEW.”

a. Click the Details icon.
a ble
r
sfe
b. Change the Status to “PENDING SUPERVISOR REVIEW” and click Update.
t r a n
no n-
a
s ฺ
h a
) uide
o m
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
u janc. Return to the Default Reports page and observe the status change.
R
6. Return to the Dashboard page.

Chapter 8 - Page 12
a ble
r
a nsfe
n- t r
a no
)
m Gu i d e
ฺ c9o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 9 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 9 - Page 2
Practices Overview
In these practices, you will update the password of the user that was granted the AV_ADMIN
role when you installed Audit Vault. Then you will update the wallet credentials.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 9 - Page 3
Practice 9-1: Changing the AV_ADMIN User Password
Overview
In this practice you change the password of the AVADMIN1 user.
Assumptions
Tasks
1. Open a terminal window and set the environment variables for your Audit Vault Server.
$ . oraenv
ORACLE_SID = [av] ? <enter>
The Oracle base for
ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is
a ble
r
sfe
/u01/app/oracle
[av ~]$
t r a n
o
2. Log in to SQL*Plus and connect as the Database Vault Account Manager.
-
nReminder: The
password for the dbvacct1 user is dbvoracle_1. a n
a s
h ideฺ
[oracle@EDRSR22P1-av ~]$ sqlplus dbvacct1
)
l ฺ c om t Gu
SQL*Plus: Release 10.2.0.4.0 -aiProduction e n on Mon Jun 14 12:40:42
2010 m
g Stu d
a n @ is
u j
ฺr 2007, t h
Copyright (c) 1982,
c a u s e Oracle. All Rights Reserved.
( r alu e to
l u c icens ***********
Enter apassword:
a
RConnected l
n
ja Oracle Database to:
R u 10g Enterprise Edition Release 10.2.0.4.0 -
Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
SQL>
3. Change the password for the Audit Vault Administrator to oracle_2.
SQL> alter user avadmin1 identified by oracle_2;
User altered.
4. Exit from SQL*Plus.
Practice 9-1: Changing the AV_ADMIN User Password

Chapter 9 - Page 4
Practice 9-2: Updating the Password Credentials in the Wallet
Overview
In this practice you update the wallet password credentials for the AV_ADMIN user following
your change in the previous step.
Assumptions
Tasks
1. In your Audit Vault terminal window, execute the AVCA create_credential command
to update the password credentials of the AV_ADMIN user. Supply the following values:
Parameter/Input Value
-wrl $ORACLE_HOME/network/admin/avwallet
a ble
r
-dbalias av
a nsfe
Source user username avadmin1 n- t r
a no
Source user password
h a s ฺ
oracle_2
m ) uide
o
ilฺc ent G\
$ avca create_credential \
a
> -wrl $ORACLE_HOME/network/admin/avwallet
> -dbalias av
@ gm Stud
j a n havadmin1
is
u
Enter source user username:
ฺr password:t
e ********
Enter source c a
user
u s
alu euser
Re-enter rsource
( to password: ********
u
Credential
l ns successfully.
ca icestored
R$a l
u janVerify your changes by logging in to Audit Vault Console as the Audit Vault Administrator
2.
R (avadmin1) with the new password of oracle_2.
3. Log out of Audit Vault Console.

Chapter 9 - Page 5
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 9 - Page 6
a ble
r
a nsfe
n- t r
a no
) i d e
l ฺ
Chapter c om t Gu
10
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru

Chapter 10 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 10 - Page 2
Practices Overview
In these practices, you will view diagnostic information in the Audit Vault log files.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 10 - Page 3
Practice 10-1: Viewing the Audit Vault Collection Agent Log
Information
Overview
In this practice you view Audit Vault collection agent log information.
Assumptions
Tasks
1. To prepare for viewing information in the log files, use the Audit Vault Console to stop the
Audit Vault collectors.
2. Return to your Audit Vault collection agent terminal window. To prepare for viewing
information in the log files, stop the Audit Vault collection agent.
a ble
r
sfe
$ avctl stop_agent
Stopping agent...
t r a n
Agent stopped successfully.
no n-
$
s ฺ a
3. Restart the Audit Vault collection agent. h a
) uide
o m
ilฺc ent G
$ avctl start_agent
Starting agent... a
Agent started successfully.
@ gm Stud
j a n his
$
r u
ฺcollection e t
c a
4. Verify that the Audit Vault
u u sagent started by viewing the information in the log file.
a l t o
(r Vaultnscollection
a. In your Audit
a elog directory.
agent terminal window, navigate to the Audit Vault
c
u lic
collection agentehome
R alcd
$ /u01/app/oracle/oracle/product/10.2.3/av_agent_1/av/log
n
ja [log]$
Ru b. View the result of the start_agent command by viewing the avca.log file.
$ tail avca.log
…
07/19/10 08:36:57 xml URL -
file:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/oc4j/j2ee/
home/config/http-web-site.xml
07/19/10 08:36:57 Agent started successfully.
Practice 10-1: Viewing the Audit Vault Collection Agent Log Information
Chapter 10 - Page 4
Practice 10-2: Viewing Audit Vault Collector Log Information
Overview
In this practice you view Audit Vault collector log information.
Assumptions
Tasks
1. Restart the DBAUD collector by using Audit Vault Console.
2. Verify that the DBAUD collector started by viewing information in the log file.
a. Return to your Audit Vault collection agent terminal window.
b. View the DBAUD_Collector_ORCL_1.log file.
$ tail -100 DBAUD_Collector_ORCL_1.log
a b le
r
…
a nsfe
INFO @ '19/07/2010 08:58:36 00:00':
n- t r
n o
***** Started logging for 'AUD$ Audit a
s Collector' *****
) h a e ฺ
om t Gu i d
INFO @ '19/07/2010 08:58:36 00:00':
l ฺ c
m ai den
***** Collector Name = DBAUD_Collector
@ g Stu
j a n h is
INFO @ '19/07/2010u08:58:36 t
ฺr Name s=eORCL00:00':
c a u
r a lu
***** Source
t o
a ( nse
INFO c
lu *****
@
c e
'19/07/2010
i 08:58:36 00:00':
a l
ja nR Av Name = AV
Ru INFO @ '19/07/2010 08:58:36 00:00':

***** Initialization done OK
INFO @ '19/07/2010 08:58:36 00:00':

***** Starting CB
INFO @ '19/07/2010 08:58:36 00:00':

Getting parameter |AUDAUDIT_DELAY_TIME|, got |20|
INFO @ '19/07/2010 08:58:36 00:00':

Getting parameter |AUDAUDIT_SLEEP_TIME|, got |5000|
INFO @ '19/07/2010 08:58:36 00:00':

Getting parameter |AUDAUDIT_ACTIVE_SLEEP_TIME|, got |1000|

Chapter 10 - Page 5
INFO @ '19/07/2010 08:58:36 00:00':
Getting parameter |AUDAUDIT_MAX_PROCESS_RECORDS|, got |1000|
INFO @ '19/07/2010 08:58:36 00:00':

***** CSDK inited OK + 1
INFO @ '19/07/2010 08:58:36 00:00':

***** Src alias = SRCDB1
INFO @ '19/07/2010 08:58:36 00:00':

***** SRC connected OK
INFO @ '19/07/2010 08:58:37 00:00':

a ble
r
sfe
***** SRC data retrieved OK
t r a n
INFO @ '19/07/2010 08:58:37 00:00':
no n-
***** Recovery done OK
s ฺa
[log]$ h a
) uidmetric e
c. View the ORCL-DBAUD_Collector-0.log file
c o m
for additional
G information about
the DBAUD_Collector collector. l ฺ
ai den t
m
g Stu
[log]$ tail ORCL-DBAUD_Collector-0.log
a n @ is FINE: return cached metric ,
Jul 19, 2010 9:04:38
u j h
AM Thread-13
t
ฺr value=0.0996
name=RECORDS_PER_SEC
c a u s e
Jul 19, 2010
r a lu t
9:05:38 o AM Thread-13 FINE: return cached metric ,
a ( nsvalue=true
name=IS_ALIVE e
c
lu lic e
a
Jul 19, 2010 9:05:38 AM Thread-13 FINE: return cached metric ,
Rname=BYTES_PER_SEC value=13.6409
jan Jul 19, 2010 9:05:38 AM Thread-13 FINE: return cached metric ,
Ru name=RECORDS_PER_SEC value=0.0996
name=IS_ALIVE value=true
name=BYTES_PER_SEC value=4.5537
name=RECORDS_PER_SEC value=0.0331
[log]$
3. Restart the OSAUD collector by using Audit Vault Console.
4. Verify that the OSAUD collector started by viewing information in the log file.

Chapter 10 - Page 6
a. Return to your Audit Vault collection agent terminal window.
b. View the OSAUD_Collector_ORCL_1.log file.
$ tail -100 OSAUD_Collector_ORCL_1.log
INFO @ '19/07/2010 08:59:04 00:00':
***** Started logging for 'OS Audit Collector' *****
INFO @ '19/07/2010 08:59:05 00:00':

Audit trail is not set OS for source ORCL
INFO @ '19/07/2010 08:59:05 00:00':
DBMS_AUDIT_MGMT package is available for source database.
Audit trail cleanup activated.
INFO @ '19/07/2010 08:59:12 00:00':
Metric:IS_ALIVE
a ble
r
sfe
INFO @ '19/07/2010 08:59:12 00:00':
Metric command: Collector status = 1
t r a n
INFO @ '19/07/2010 08:59:16 00:00':
no n-
Metric:ALL_METRICS
s ฺa
h a
) uide
[log]$ o m
c. View the ORCL-OSAUD_Collector-0.log a t G metric information about
ilฺcfile forenadditional
the OSAUD_Collector collector. gm tud
a @
n his S
u j
[log]$ tail ORCL-OSAUD_Collector-0.log
t
ฺr AMseThread-14
u c
Jul 19, 2010 9:10:06a u FINE: return cached metric ,
l
ra 9:11:07
name=RECORDS_PER_SEC t o value=0.0000
a (2010 s e
l u c icen value=true
Jul 19, AM Thread-14 FINE: return cached metric ,
a 19, 2010 l 9:11:07 AM Thread-14 FINE: return cached metric ,
name=IS_ALIVE
RJul
n
ja name=BYTES_PER_SEC value=0.0000
Ru Jul 19, 2010 9:11:07 AM Thread-14 FINE: return cached metric ,
[log]$

Chapter 10 - Page 7
5. Verify that the REDO_Collector collector started by viewing the ORCL-REDO_Collector-
0.log file.
[log]$ tail ORCL-REDO_Collector-0.log
name=RECORDS_PER_SEC value=0

name=BYTES_PER_SEC value=17
Jul 19, 2010 9:17:09 AM Thread-15 FINE:
a b return cached metric , le
name=BYTES_PER_SEC value=17 r
fe,
Jul 19, 2010 9:17:09 AM Thread-15 FINE: n
return cached metrics
n - tra
Jul 19, 2010 9:18:09 AM Thread-15 FINE: no metric ,
return cached
a
h a s ฺ
m ) uidecached metric ,
return
name=BYTES_PER_SEC value=17
i l ฺ co ntreturn
G cached metric ,
a
m tude
name=RECORDS_PER_SEC value=0 g
[log]$
j a n@ his S
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
R a
ja n
Ru

Chapter 10 - Page 8
a ble
r
a nsfe
n- t r
a no
) i d e
l ฺ
Chapter c om t Gu
11
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru

Chapter 11 - Page 1
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 11 - Page 2
Practices Overview
In these practices, you will set the Audit Vault data warehouse retention period. You will also
attempt to purge data from the data warehouse.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 11 - Page 3
Practice 11-1: Setting the Audit Vault Data Warehouse Retention
Period
Overview
In this practice you set the retention period for data kept in the data warehouse.
Assumptions
Tasks
1. Log in to Audit Vault Console as the AVADMIN1 user.
2. Navigate to the Warehouse Settings page.
a. Click the Configuration tab.
b. Click the Warehouse tab.
a ble
r
3. Set the retention period to 15 months.
a nsfe
a. Enter 1 in the Year field and 3 in the Months field.
n- t r
b. Click Apply.
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nsthat
4. You receive a message e the change to the retention period was successful.
c e
R alu lic
u jan
R
Practice 11-1: Setting the Audit Vault Data Warehouse Retention Period
Chapter 11 - Page 4
Practice 11-2: Purging Data from the Data Warehouse
Overview
In this practice you attempt to purge data from the data warehouse.
Assumptions
Tasks
1. Navigate to the Warehouse Activity (Purge Activity) Page.
a. Click the Management tab.
b. Click the Warehouse tab.
c. Click the Purge Activity tab.
2. Purge the data in the data warehouse from yesterday.
a ble
r
a. Enter yesterday’s date in the Start Date field. You can also use the calendar to select
the date. a nsfe
n- t r
b. Enter 1 in the Number of Days field.
c. Click Purge Now. a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
3. You receive an error. Why are you unable to purge data from the data warehouse?
Answer: You cannot purge any of the data in your data warehouse because you did not
manually load the data.

Chapter 11 - Page 5
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru

Chapter 11 - Page 6

D55406GC10 Ag

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

D55406GC10 Ag

Uploaded by

Copyright:

Available Formats

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ

Restricted Rights Notice

U.S. GOVERNMENT RIGHTS

Practices for Lesson 1 .....................................................................................................................................1-1

Practices for Lesson 2 .....................................................................................................................................2-1

Practices for Lesson 2....................................................................................................................................2-3

Practices for Lesson 3 .....................................................................................................................................3-1

Practices for Lesson 6 .....................................................................................................................................6-1

Practices for Lesson 7 .....................................................................................................................................7-1

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

$FWLYLW\ Guide Table of Contents

Practices for Lesson 9 .....................................................................................................................................9-1

Practices for Lesson 10 ...................................................................................................................................10-1

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

$FWLYLW\ Guide Table of Contents

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

The following environment variables are set as:

Enter the full pathname of the local bin directory:

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Entries will be added to the /etc/oratab file as needed by

Database Configuration Assistant when a database is created

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

Practice 2-1: Installing Oracle Audit Vault Server

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

SQL> connect sys/ as sysoper