Professional Documents
Culture Documents
a ble
r
a nsfe
n- t r
a no
Implementing h a s Oracleฺ Audit
) i d e
Vaultcom Gu
a ilฺ ent
@ gmActivity
S
d
tuGuide
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
D55406GC10
Edition 1.0
August 2010
D68649
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and
print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way.
Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display,
perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization
of Oracle.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
The information contained in this document is subject to change without notice. If you find any problems in the document, please
report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United
States Government, the following notice is applicable:
le
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted
by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract.
r a b
Trademark Notice
a n sfe
n- t r
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective
no
owners.
a
s ฺ
Author h a
) uide
o m
ilฺc ent G
Donna Keesling
a
Technical Contributors and Reviewers gm tud
a @ S
nJoel Goodman,
is Patricia Huey, Vipul M. Shah,
Tammy Bednar, Heinz-Wilhelm Fabry,
ฺr u j t h
Rodney Ward
c a u s e
( r alu e to
This book was capublished
e s Oracle Tutor
nusing:
l u li c
n Ra
ja
Ru
Table of Contents
a b le
Practice 3-1: Creating a Collection Agent User and Registering the Collection Agent ...................................3-4
r
Practice 3-2: Installing the Oracle Audit Vault Collection Agent .....................................................................3-5
a n sfe
t r
Practice 3-3: Installing Oracle Audit Vault Patch Set 2...................................................................................3-13
n-
no
Practice 3-4: Using Audit Vault Console to View Agent Information...............................................................3-25
s ฺ a
Practices for Lesson 4 .....................................................................................................................................4-1
h
) uide a
Practices for Lesson 4....................................................................................................................................4-3
o m
Practice 4-1: Setting Environment Variables ..................................................................................................4-4
a ilฺc ent G
Practice 4-2: Creating a User Account on the Source Database ...................................................................4-5
gm Stud
Practice 4-3: Verifying Source Database Compatibility ..................................................................................4-7
@
j a n his
Practice 4-4: Registering the Source Database with Oracle Audit Vault ........................................................4-11
ฺr u t
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault ...................................................................4-13
e
c a u s
r a lu
Practice 4-6: Enabling the Agent to Run the Collectors .................................................................................4-17
t o
( nse
Practice 4-7: Starting the Collectors ...............................................................................................................4-18
a
c
Practices for Lesson 5
i c e
luLesson 5.....................................................................................................................................5-1
a l
j a n R 5-1: Retrieving Audit Settings ...........................................................................................................5-4
Practices for ....................................................................................................................................5-3
Ru Practice
Practice 5-2: Viewing and Activating Audit Settings .......................................................................................5-10
Practice 5-3: Creating a Capture Rule ...........................................................................................................5-14
Practice 5-4: Configuring Fine-Grained Auditing Policies ...............................................................................5-17
a n
Practices for Lesson 11..................................................................................................................................11-3
t r
Practice 11-1: Setting the Audit Vault Data Warehouse Retention Period .....................................................11-4
no n-
Practice 11-2: Purging Data from the Data Warehouse .................................................................................11-5
a
s ฺ
h a
) uide
o m
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 1
)
m Gu i d e
ฺ c1o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 2
)
m Gu i d e
ฺ c2o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Oracle Audit Vault software has been staged in the $HOME/av_installmedia directory.
Tasks
1. Open a terminal window and verify the settings for the following environment variables. Log
in as the oracle user if the terminal window does not default to the oracle user. You can
use the $HOME/labs/setavs_vars.sh script to set the environment variables properly
or you can manually set them as necessary. Note that the environment variables have been
set for your Oracle Database 11g source database, so you must “unset” them prior to
installing Oracle Audit Vault. a ble
r
Environment Variable Setting
a nsfe
ORACLE_SID Null n- t r
Nulla no
ORACLE_HOME
h a s ฺ
TNS_ADMIN Null
m ) uide
o G
PATH
ilฺc entcomponents
No ORACLE_HOME
a
LD_LIBRARY_PATH
@ gNomORACLE_HOME
S tud components
j a n his
ฺr u e t
c
$ echo $ORACLE_SID a u s
$ orcl
r a lu t o
a ( nse
c
$ echo
u lice$ORACLE_HOME
l/u01/app/oracle/product/11.2.0/dbhome_1
R a
$
jan $ echo $TNS_ADMIN
Ru $
$ echo $PATH
/usr/kerberos/bin:/u01/app/oracle/product/11.2.0/dbhome_1/bin:/u
sr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/loca
l/bin:/usr/X11R6/bin:/usr/NX/bin
$ echo $LD_LIBRARY_PATH
$
$ cd labs
$ . ./setavs_vars.sh
$ echo $LD_LIBRARY_PATH
$ echo $PATH
/usr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/lo
cal/bin:/usr/X11R6/bin
$ echo $ORACLE_SID
$ echo $ORACLE_BASE
/u01/app/oracle
$ echo $TNS_ADMIN
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
$
2. Change to the $HOME/av_installmedia/avserver directory and invoke the Oracle
Universal Installer (OUI).
Note: When you invoke the OUI you may receive an error and prompt as follows:
>>> Could not execute auto check for display colors using command
/usr/X11R6/bin/xdpyinfo. Check if the DISPLAY variable is set.
Failed <<<<
a ble
Some optional pre-requisite checks have failed (see above).
r
Continue? (y/n) [n]
a nsfe
Respond y to continue with the installation. The OUI will operate correctly despite this error
n- t r
message.
a no
$ cd $HOME/av_installmedia/avserver
h a s ฺ
$ ./runInstaller
m ) uide
o t G Click Next.
a ilฺc eInstallation.
3. On the Select Installation Type page, select Advanced
n
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( Installation
n se Details page, enter the following information:
c
4. On the Advanced
u Name e
R alField lic Value
ja n
Ru Audit Vault Name
av
Audit Vault Home /u01/app/oracle/oracle/product/10.2.3/av_1
Audit Vault Administrator avadmin1
Administrator Password oracle_1
Audit Vault Auditor avaudit1
Auditor Password oracle_1
Click Next.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( VaultnsUser
e Credentials page, enter the following information:
c
5. On the Database
e
R alu Field licName Value
ja n
Ru Database Vault Owner
dbvowner1
Owner Password dbvoracle_1
Database Vault Account Manager dbvacct1
Account Manager Password dbvoracle_1
Click Next.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a (to install”
n sewindow is displayed. The Product-Specific Prerequisite Checks
6. c
The “Preparing
pageaislu
e
R licAfter the checks complete, click Next.
displayed.
ja n
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
On the Specify(Database seStorage
7.
c a e n Option page, enter /u01/app/oracle/oradata/av in
a lu lic
the “Specify Database file location” field. Click Next.
ja nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
8. On the Specify(Backup s e Recovery Options page, select “Do not enable Automated
and
c a e n
lu lic
backups.” Click
aoption Next.
R
This is selected in this course due to system constraints. You should select “Enable
nAutomated Backups”
j a
Ru
as a best practice in your own installation.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
9. a
On the Specify (Database
n seSchemainPasswords page, select “use the same password for all
c
lu lic
the accounts.” Entere the Enter Password field. Click Next.
a oracle_4U
nInRthis course, the same password is used for all the accounts to make it easier for you to
ja work through the practices. You should use different passwords for each account as a best
Ru practice in your own installation.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
10. The Summary (page is displayed.
stoeinstall Oracle
Review the information for the Oracle Audit Vault
c a e n
a lu lic
installation. Click Install Audit Vault Server.
j a nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( appears
11. The Install page
n seshowing the progress of the installation. The Configuration
c e
alu Configuration
Assistants
RDatabase
12. nThe
page
lic
appears.
Assistant page appears. When the Database Configuration
j a
Ru Assistant window appears, click OK.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu scripts”
t o
a ( nse
13. The “Execute Configuration window appears. Open a new terminal window and log
c user.eExecute the root.sh script as directed. Do not overwrite the existing
alu lic
in as the root
R
files.
u jan # cd /u01/app/oracle/oracle/product/10.2.3/av_1
R # ./root.sh
Running Oracle 10g root.sh script...
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
15. The End of Installation page appears. Make note of the URLs for Audit Vault Console and
Enterprise Manager Database Control. Click Exit to exit the Oracle Universal Installer.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( that
16. Click Yes toaconfirm
n e want to exit the Oracle Universal Installer.
syou
c e
R alu lic
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Oracle Audit Vault Server 10.2.3 was installed successfully in Practice 2-1.
Tasks
1. Use the oraenv utility to set your ORACLE_SID and ORACLE_HOME environment variables
for the Audit Vault Server database instance.
$ . oraenv
ORACLE_SID = [oracle] ? av
a b le
r
The Oracle base for
ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is a nsfe
/u01/app/oracle n- t r
$
a no
2. Shut down the Oracle Audit Vault Console. h a s ฺ
m ) uide
$ avctl stop_av o
AVCTL started a ilฺc ent G
Stopping OC4J...
@ gm Stud
OC4J stopped successfully.j a n his
ฺr u e t
$
c a
u the SYS u s
r a las t o
a ( nse
3. Log in to SQL*Plus user. Recall that the password is oracle_4U.
c
lu lic/nolog
$ sqlplus e
a
j a n RSQL*Plus: Release 10.2.0.3.0 - Production on Tue May 18
Ru
11:15:20
2010
a ble
Connecting to r
(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
a nsfe
The command completed successfully
n- t r
$
a no
6. Confirm that the NLS_LANG , ORACLE_HOME and TNS_ADMIN
h a s ฺ variables are
environment
not set. Unset any that are set.
m ) uide
o
$ echo $NLS_LANG
a ilฺc ent G
gm Stud
$ echo $ORACLE_HOME n@
u j a t h is
c a ฺr s e
/u01/app/oracle/oracle/product/10.2.3/av_1
alu e to
$ unset ORACLE_HOME u
( r
ca icens
$ echo $ORACLE_HOME
l u
n R$a echo $TNS_ADMIN
l
ja
Ru
$
7. Change directories to the $HOME/av_installmedia/avpatch/Disk1 directory where
Oracle Audit Vault Patch Set 2 (10.2.3.2.0) is staged.
$ cd $HOME/av_installmedia/avpatch/Disk1
[Disk1]$
8. Invoke the Oracle Universal Installer.
[Disk1]$ ./runInstaller
9. On the Welcome page, click Installed Products.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
10. Review the a ( nsand
information e make note of the Oracle Audit Vault Server home. Click Close
c e
aluto the Welcome
to return
R lic page.
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
11. Click Next on the Welcome
c a ฺrpage. se t
u
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a
12. On the Specify (HomenDetails
se page, select your Oracle Audit Vault Server home from the
c e
R alu lic
Name field list. Click Next.
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( to receive
13. Deselect “I wish n sesecurity updates via My Oracle Support.” Click Next.
c e
lu is deselected
This a
R option lic in the Oracle University classroom because email support is not
ja nprovided. In your own configuration, you should supply your email address and password,
Ru and select the option to receive security updates.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( that
14. Click Yes to confirm
n e do not wish to receive updates in the classroom.
syou
c e
R alu lic
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nPrerequisite
15. The Product-Specific se Checks page appears. Click Next when the checks
c e
alu lic
complete.
R
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r aluis displayed.
16. The Summary (page e t o
c a n s Click Install.
a lu lice
j a nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( page
17. The Install progress
n seis displayed.
c e
R alu lic
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( Assistants
18. The Configuration
n se page is displayed. Note that it takes 45–50 minutes for the
c
u assistants e
alwhile
configuration
R lic to execute, so your instructor may choose to present the next
jan
lesson the configuration assistants execute.
R u
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a
19. The “Execute ( nse scripts” window is displayed.
Configuration
c
lu lice
a
j a nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu andtlog o
20. Open a terminal
a ( nse in as the root user. Execute the root.sh script as
window
c
lu Do not
instructed.
i c e
overwrite the files.
a l
j a n R$Password:
su -
Ru ******
# cd /u01/app/oracle/oracle/product/10.2.3/av_1
# ./root.sh
Running Oracle 10g root.sh script...
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
22. The End of Installation page is displayed. Click Exit to exit from the Oracle Universal
Installer.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( that
23. Click Yes toaconfirm
n e want to exit the Oracle Universal Installer.
syou
c e
R alu lic
u jan
R
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Use the oraenv utility to set your ORACLE_SID and ORACLE_HOME environment variables.
$ . oraenv
ORACLE_SID = [av] ? av
The Oracle base for
ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is
a b le
r
sfe
/u01/app/oracle
2. Log in to SQL*Plus and connect as the SYSTEM user. Verify that the Oracle Audit Vault
t r a n
no
Server database instance is started and that the database is open. Recall that the n-
password for SYSTEM is oracle_4U. Exit from SQL*Plus. a
s ฺ
$ sqlplus /nolog h a
) uide
o m
lฺc ent Gon Tue May 18
SQL*Plus: Release 10.2.0.4.0 -aiProduction 13:53:44
2010
@ gm Stud
j a n his
ฺr u e tOracle. All Rights Reserved.
c a
Copyright (c) 1982, 2007,
u s
r a lu t o
a ( nsystem
SQL> connect se
c e
R alu password:
Enter lic *********
ja n Connected.
Ru
SQL> select open_mode from v$database;
OPEN_MODE
----------
READ WRITE
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release
10.2.0.4.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
$
3. Verify that the listener is started.
[av Disk1]$ lsnrctl status
Connecting to
(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.4.0
- Production
Start Date 18-MAY-2010 12:21:36
a ble
r
Uptime 0 days 1 hr. 40 min. 17 sec
a nsfe
Trace Level off
n- t r
Security ON: Local OS Authentication
a no
SNMP OFF
h a s ฺ
Listener Parameter File
m ) uide
o
ilฺc ent G
/u01/app/oracle/oracle/product/10.2.3/av_1/network/admin/listene
r.ora
a
Listener Log File
@ gm Stud
a n his
/u01/app/oracle/oracle/product/10.2.3/av_1/network/log/listener.
j
log
ฺr u e t
c a u s
r a lu
Listening Endpoints Summary...
t o
( nse
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))
a
c
lu lice
R a
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=edp1.us.oracle.com)(PO
ja n RT=1522)))
Ru
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=edp1.us.oracle.com)(PO
RT=5707))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for
this service...
Service "av.us.oracle.com" has 1 instance(s).
Instance "av", status READY, has 1 handler(s) for this
service...
Service "avXDB.us.oracle.com" has 1 instance(s).
Instance "av", status READY, has 1 handler(s) for this
service...
Service "av_XPT.us.oracle.com" has 1 instance(s).
Instance "av", status READY, has 1 handler(s) for this
service...
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Open a browser and enter the following URL:
http://<host name>:<Audit Vault Console port>/av
2. Enter the following information:
Field Name Value
a ble
User Name avadmin1 r
Password oracle_1
a nsfe
n- t r
Connect As
no
AV_ADMIN
a
h a s ฺ
Click Login.
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
lฺc ent G
a i
g m the Oracle
6. The Agent page is displayed. You will install
t u d Audit Vault agent in the next lesson.
Click Logout.
j a n@ his S
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru
7. Close the browser.
Assumptions
Practices 2-1 and 2-2 were successfully completed.
Tasks
1. Open a browser and enter the following URL:
http://<host name>:<Enterprise Manager Database Control port>/em
2.
Field Name Value
a ble
r
User Name system
a nsfe
Password oracle_4U
n- t r
Connect As a
Normalno
h a s ฺ
m ) uide
Click Login.
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a n sfe
t r
nof- Enterprise
5. A message is displayed indicating that changes have been made. Log o
out
Manager Database Control. a n
a s
h ideฺ
)
l ฺ c om t Gu
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 3
)
m Gu i d e
ฺ c3o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
database and register the collection agent with Audit Vault Server.
Assumptions
The practices for Lesson 2 were completed successfully.
Tasks
1. Open a terminal window. Use the oraenv utility to set the ORACLE_SID and
ORACLE_HOME environment variables for your Audit Vault Server database. You may keep
this terminal window open to use in later practices.
a ble
r
sfe
$ . oraenv
ORACLE_SID = [av] ?
t r a n
The Oracle base for
ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is no n-
s ฺa
/u01/app/oracle
$ h a
) uide
o m
c collection Gagent user and register the
2. Use the AVCA add_agent command to create
a i lฺthe n t
e information:
g m the
collection agent with Oracle Audit Vault. Specify
t u dfollowing
Argument
j a n@ his S Value
ฺr u t
e avagent1
agentname
c a u s
agenthost
( r alu e to hostname of your system
agentlu a
c name en s
a
user
l
R user password i c avagentuser
j a nagent avagentpass
Ru
$ avca add_agent \
> -agentname avagent1 -agenthost <hostname>
Enter agent user name: avagentuser
Enter agent user password: ***********
Re-enter agent user password: ***********
Agent added successfully.
$
Practice 3-1: Creating a Collection Agent User and Registering the Collection Agent
Chapter 3 - Page 4
Practice 3-2: Installing the Oracle Audit Vault Collection Agent
Overview
In this practice you install the Oracle Audit Vault collection agent.
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Change to the $HOME/av_installmedia/avagent/linux_x32 directory.
$ cd $HOME/av_installmedia/avagent/linux_x32
[linux_x32]$
2. Invoke the Oracle Universal Installer.
a ble
[linux_x32]$ ./runInstaller
r
3. On the Agent Details page, specify the following information:
a nsfe
n- t r
no
Field Value
Audit Vault Agent avagent1 a
s ฺ
Name h a
) uide
o m
ilฺc ent G
Audit Vault Agent /u01/app/oracle/oracle/product/10.2.3/av_agent_1
Home a
m tud
Agent User Name avagentuser@g
j a n his S
Agent User ฺru se t
avagentpass
c a
Password
a lu t o u
Connect String(
a r se
<hostname>:1522:av.us.oracle.com
c e n
R alu lic
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
Click Next. a ( se
c e n
lu lic Prerequisite Checks page is displayed. After the checks complete,
4. aNext.
The Product-Specific
R
ja nclick
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
5. The Summary (page is displayed.
se
c a e n Click Install.
R alu lic
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( appears.
6. The Install page
a n se
c e
R alu lic
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
7. a ( Assistants
The Configuration
n se page appears.
c e
R alu lic
ja n
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( nse scripts” page appears. Open another terminal window and log
8. The “Execute Configuration
a
in as the c
lu user.
root
i c eExecute the root.sh script as directed. Close this terminal window.
a l
j a n R$Password:
su -
Ru ******
# cd /u01/app/oracle/oracle/product/10.2.3/av_agent_1
# ./root.sh
Running Oracle 10g root.sh script...
10. The End of Installation page appears. Click Exit to exit the Oracle Universal Installer.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( that
11. Click Yes to confirm
n e want to exit the Oracle Universal Installer.
syou
c e
R alu lic
u jan
R
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Open a new terminal window and set the following environment variables for the Audit Vault
Collection Agent. You can use the $HOME/labs/setava_vars.sh script to set the
environment variables or manually set them. You may keep this terminal window open to
use in later practices.
Variable Value
a b le
ORACLE_HOME /u01/app/oracle/oracle/product/10.2.3/av_agent_1 fer
n s
LD_LIBRARY_PATH $ORACLE_HOME/lib
n - tra
PATH $PATH:$ORACLE_HOME/bin
a no
h a s ฺ
$ cd labs m ) uide
o
$ . ./setava_vars.sh
a ilฺc ent G
$ echo $ORACLE_HOME
@ gm Stud
j a n his
/u01/app/oracle/oracle/product/10.2.3/av_agent_1
ฺr
$ echo $LD_LIBRARY_PATHu e t
c a u s
r a lu t o
/u01/app/oracle/oracle/product/10.2.3/av_agent_1/lib
a ( nse
$ echo $PATH
c
lu lice
a
/u01/app/oracle/product/11.2.0/dbhome_1/bin:/usr/kerberos/bin:/u
ja n Rsr/local/bin:/bin:/usr/bin:/usr/NX/bin:/usr/X11R6/bin:/usr/NX/bi
Ru
n:/usr/NX/bin:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/b
in
$
2. Unset the following environment variables: ORACLE_SID, TNS_ADMIN, and TWO_TASK
$ unset ORACLE_SID
$ echo $ORACLE_SID
$ unset TNS_ADMIN
$ echo $TNS_ADMIN
$ unset TWO_TASK
$ echo $TWO_TASK
--------------------------------------------
Oracle Audit Vault Control commands - Agent OC4J:
avctl start_oc4j [-loglevel error|warning|info|debug]
avctl stop_oc4j
avctl show_oc4j_status
avctl -help
a b le
$
fer
n s
tra
4. Stop the Oracle Audit Vault Collection Agent by executing the AVCTL stop_oc4j
command.
n -
$ avctl stop_oc4j a no
AVCTL started
h a s ฺ
m ) uide
Stopping OC4J...
o
OC4J stopped successfully.
a ilฺc ent G
$
@ gm Stud
5. Unset the NLS_LANG and ORACLE_HOME j a n henvironment
is variables.
ฺ r u e t
$ unset NLS_LANG
u c a us
a l t o
(r nse
$ echo $NLS_LANG
a
c
u ORACLE_HOME
lunset i c e
a l
n R$ echo $ORACLE_HOME
$
j a
Ru
$
6. Change to the $HOME/av_installmedia/avpatch/Disk1 directory and invoke the
Oracle Universal Installer.
$ cd $HOME/av_installmedia/avpatch/Disk1
[Disk1]$ ./runInstaller
7. The Welcome page is displayed. Click Installed Products to display the Inventory page.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( isndisplayed.
8. The Inventory page se home.Note the second OraAV10g Oracle Home. This is the
c
lu lic
Audit Vault e
Collection Agent Click Close to return to the Welcome page.
a
j a nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
a ฺr Next. se t
9. On the Welcome page, click
c
u
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
10. On the Specify a (HomenDetails
seyou identified
page, click the arrow at the end of Name field to access the
c
lu lic
list. Select the name ethat in an earlier step as the Audit Vault Collection agent
a
j a nR
home.
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
11. On the Specify(Home Details
se page, the path is now set correctly for the Audit Vault
c a e n
alu lic
Collection Agent. Click Next.
R
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nPrerequisite
12. The Product-Specific se Checks page is displayed. After the checks complete,
c e
alu lic
click Next.
R
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
13. The Summary (page is displayed.
se
c a e n Click Install.
R alu lic
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( is displayed.
14. The Install page
n se
c e
R alu lic
u jan
R
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( Assistants
15. The Configuration
n se pagepage is displayed. After the configuration assistants
c
lu lic
complete, the End e
of Installation is displayed. Click Exit to exit the Oracle Universal
a
j a nR
Installer.
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
( that
16. Click Yes toaconfirm
n e want to exit.
syou
c e
R alu lic
u jan
R
17. Reset the ORACLE_HOME environment variable. Use the AVCTL show_agent_status
command to verify that the Audit Vault Collection Agent is running.
$ ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_agent_1
Agent is running
------------------------------------
$
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
Assumptions
Tasks
1. Open a browser and enter the following the URL:
http://<host name>:<Audit Vault Console port>/av
2. Enter the following information:
Field Value
a ble
r
User Name avadmin1
a nsfe
Password oracle_1
n- t r
Connect As a
AV_ADMIN no
h a s ฺ
m ) uide
o tG
ilฺc entab.
Click Login.
a
3. The Collectors page is displayed. Click the Configuration
m tud Click the Agent tab.
4. The Source Configuration Managementgpage is displayed.
a @
nView.his S
j
ฺru se t
5. The Agent page is displayed. Click
c a u
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru
6. The View Agent page is displayed. Click OK to return to the Agent page.
a ble
7. Click Logout to log out of the Audit Vault Console.
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 4
)
m Gu i d e
ฺ c4o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Lesson 2 and Lesson 3 practices were completed successfully.
Tasks
1. Return to your Audit Vault Server terminal window and verify that environment variables are
set correctly for the Audit Vault Server.
$ echo $ORACLE_SID
a ble
av r
$ echo $ORACLE_HOME
a nsfe
/u01/app/oracle/oracle/product/10.2.3/av_1
n- t r
$ echo $PATH
a no
a s ฺ
/usr/java/jdk1.5.0_16/bin:/bin:/home/oracle/bin:/usr/bin:/usr/lo
h
m ) uide
cal/bin:/usr/X11R6/bin:/u01/app/oracle/oracle/product/10.2.3/av_
o
1/bin
a ilฺc ent G
gm Stud
$ echo $LD_LIBRARY_PATH
a @
/u01/app/oracle/oracle/product/10.2.3/av_1/lib
n Agent isterminal window and verify that environment
2. u j
r the Audit
Return to your Audit Vault Collection
ฺfor t h
c a
variables are set correctly u s e Vault Collection Agent.
( r alu e to
$ echo $ORACLE_HOME
l u ca icens
/u01/app/oracle/oracle/product/10.2.3/av_agent_1
a l
ja n R$ echo $LD_LIBRARY_PATH
Ru /u01/app/oracle/oracle/product/10.2.3/av_agent_1/lib
$ echo $PATH
/u01/app/oracle/product/11.2.0/dbhome_1/bin:/usr/kerberos/bin:/u
sr/local/bin:/bin:/usr/bin:/usr/NX/bin:/usr/X11R6/bin:/usr/NX/bi
n:/usr/NX/bin:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/b
in
$ echo $ORACLE_SID
$ echo $TNS_ADMIN
$ echo $TWO_TASK
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Open a third terminal window. By default the environment variables are set for your Oracle
Database 11g Release 2 database. This is your source database for the practices.
$ echo $ORACLE_SID
orcl
$ echo $ORACLE_HOME
a ble
r
/u01/app/oracle/product/11.2.0/dbhome_1
a nsfe
$
n- t r
2.
no
Invoke SQL*Plus and log in as the SYSTEM user. The password for this user is oracle_4U.
a
$ sqlplus system
h a s ฺ
m ) uide
SQL*Plus: Release 11.2.0.1.0 Production
l ฺ c o t GFri May 21 09:54:19
on
i n
2010
g ma tude
Copyright (c) 1982,ja n@ Oracle.
h i s S All rights reserved.
ฺru se t
2009,
c a u
r a lu *********
t o
( nse
Enter password:
a
c
lu licto: e
a
nR
Connected
ja
Ru
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 -
Production
With the Partitioning, OLAP, Data Mining and Real Application
Testing options
SQL>
3. Create a user named avcolluser with a password of avcollpass. Execute the CREATE
USER command in SQL*Plus.
SQL> create user avcolluser
2 identified by avcollpass;
User created.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release
11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application
Testing options
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
$ cd
/u01/app/oracle/oracle/product/10.2.3/av_1/av/scripts/streams/so
urce
$ sqlplus / as sysdba
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. In your source database terminal window, use the Listener Control Utility to determine the
host name, port, and service name settings. You will need these values when you use the
AVORCLDB verify command in the next step.
$ lsnrctl status
a ble
r
sfe
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 21-MAY-
2010 10:32:34
t r a n
no n-
Copyright (c) 1991, 2009, Oracle.
a
s ฺ
All rights reserved.
h a
) uide
Connecting to
o m
i lฺc ent G
(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
a
STATUS of the LISTENER
@ gm Stud
------------------------
j a n his
Alias
ฺ r u e tLISTENER
c a s
u TNSLSNR for Linux: Version 11.2.0.1.0
Version
r a lu t o
( nse
- Production
a
l
Startc
u lice
Date 14-MAY-2010 12:19:14
a
RUptime 6 days 22 hr. 13 min. 20 sec
ja n
Ru
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File
/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.o
ra
Listener Log File
/u01/app/oracle/diag/tnslsnr/EDP1/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=edp1.us.oracle.com)(PO
RT=1521)))
Services Summary...
Service "orcl.example.com" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this
service...
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
2. In your Audit Vault Server terminal window, use the AVORCLDB verify command to
verify that the source database will support the collectors.
$ avorcldb verify –src <hostname>:1521:orcl.example.com -
colltype ALL
Enter Source user name: avcolluser
Enter Source password: **********
source ORCL.EXAMPLE.COM verified for OS File Audit Collector
collector a ble
r
source ORCL.EXAMPLE.COM verified for Aud$/FGA_LOG$ Audit
a nsfe
Collector collector
n- t r
no
parameter _JOB_QUEUE_INTERVAL is not set; recommended value is 1
a
h a s ฺ
ERROR: parameter PARALLEL_MAX_SERVERS = 10 is not in required
value range [20 - ANY_VALUE]
m ) uide
o
parameter UNDO_RETENTION = 900 is not in recommended value range
[3600 - ANY_VALUE]
a ilฺc ent G
gm Stud
parameter GLOBAL_NAMES = false is not set to recommended value
@
true
j a n his
ฺr u e t
ERROR: source database must be in ARCHIVELOG mode to use REDO
c a u s
r a lu
LOG collector
t o
( nse
ERROR: set the above init.ora parameters to recommended/required
a
c
lu lice
values
R a$
u janNote that your source database will support the DBAUD and OSAUD collectors, but
R changes need to be made to support the REDO collector.
3. Return to your source database terminal window to make changes to your source
database.
a. Log in to SQL*Plus as the SYS user with SYSDBA privileges.
$ sqlplus / as sysdba
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 -
Production
With the Partitioning, OLAP, Data Mining and Real Application
Testing options
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
System altered.
System altered.
Database altered.
Database altered.
SQL>
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Assumptions
Practice 4-3 was completed successfully.
Tasks
1. Return to your Audit Vault Server terminal window. Use the AVORCLDB add_source
command to register your source database.
$ avorcldb add_source -src <hostname>:1521:orcl.example.com \
> -srcname ORCL
a ble
r
sfe
Enter Source user name: avcolluser
Enter Source password: **********
t r a n
Adding source...
no n-
Source added successfully. a
s ฺ
h a
) use in e
remember the following information ofor m u idavctl
Source name (srcname): ORCL ailฺ
c nt G
Credential stored successfully. g m tude
$ j a n@ his S
ฺruto verifye t
c
2. Use the Audit Vault Console a s that the source database has been added.
uAudit Vault Console by using the following URL:
r
a. Open a browser a luand launch
t o
a ( nse
c
http://<hostname>:5700/av
luin with lthe
i c eAV Administrator username of avadmin1 and password of oracle_1.
a
b. Log
j a n RSelect AV_ADMIN in the Connect As drop-down menu.
Ru c. Select Configuration.
d. On the Audit Source – Source Configuration Management page, view the source
database information.
Practice 4-4: Registering the Source Database with Oracle Audit Vault
Chapter 4 - Page 11
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Practice 4-4: Registering the Source Database with Oracle Audit Vault
Chapter 4 - Page 12
Practice 4-5: Adding the Oracle Collectors to Oracle Audit Vault
Overview
In this practice you add the OSAUD, DBAUD, and REDO collectors to Oracle Audit Vault.
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Add the OSAUD collector by performing the following steps.
a. Return to the terminal window that is set for your Oracle source database. Log in to
SQL*Plus as the SYS user with the SYSDBA privilege.
$ sqlplus / as sysdba
a ble
SQL*Plus: Release 11.2.0.1.0 Production on Fri May 21 12:32:25fer
n s
tra
2010
n -
Copyright (c) 1982, 2009, Oracle. a All rights reserved. no
a s
h ideฺ
)
Connected to:
l ฺ c om t Gu
Oracle Database 11g EnterpriseaiEditionnRelease 11.2.0.1.0 -
Production g m tude
With the Partitioning,n@ OLAP, s S Mining and Real Application
Testing options ru j a t h i Data
c a ฺ s e
a lu t o u
SQL>
a r
( nse
c e
luthe DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY
i c
a
b. Use
R l procedure to set the
jan
maximum operating system file size to 2 GB. Exit from SQL*Plus.
Ru SQL> begin
2 dbms_audit_mgmt.set_audit_trail_property (
3 audit_trail_type => dbms_audit_mgmt.audit_trail_os,
4 audit_trail_property => dbms_audit_mgmt.os_file_max_size,
5 audit_trail_property_value => 204800);
6 end;
7 /
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release
11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application
Testing options
$
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
a ble
r
a nsfe
n- t r
a no
3. Add the REDO collector.
h a s ฺ
o m u ide
) add_collector
a. Return to the terminal window and use the AVORCLDB command to
ilฺc ent G
add the REDO collector.
a
gm Stud
$ avorcldb add_collector \
> -srcname ORCL \
a @
n\ his
> -agentname avagent1 u j
ฺr\ se t
c a u
> -colltype REDO
r a lu t o
( nse
> -av <hostname>:1522:av.us.oracle.com
a
l c
u liceverified for REDO Log Audit Collector collector
source ORCL
a
RAdding collector...
n
ja Collector added successfully.
Ru
remember the following information for use in avctl
Collector name (collname): REDO_Collector
initializing REDO Collector
setting up APPLY process on Audit Vault server
setting up CAPTURE process on source database
$
b. Use Audit Vault Console to verify that the REDO collector has been added. Refresh the
Collector Configuration Management page to view the information.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Previous practices were completed successfully.
Tasks
1. Return to the terminal window that is configured for the Audit Vault collection agent. Use the
AVORCLDB setup command to add the collection agent credentials.
$ avorcldb setup -srcname ORCL
Enter Source user name: avcolluser
a ble
r
sfe
Enter Source password: **********
adding credentials for user avcolluser for connection [SRCDB1]
t r a n
Credential stored successfully.
no n-
a
updated tnsnames.ora with alias [SRCDB1] to source database
s ฺ
verifying SRCDB1 connection using wallet h a
) uide
$ o m GVault Agent is started by
a ฺc the Audit
ilthat n t
2. In the Audit Vault agent terminal window, verify
using the AVCTL show_agent_status g m
command. t u de
$ avctl show_agent_status j a n@ his S
c a ฺru se t
------------------------------------
a lu
Agent is rrunning t o u
a ( nse
c
lu lice
------------------------------------
R a
$
j a nYou
Ru Console.
3. can also view information about the Audit Vault Agent on the Agent page in Audit Vault
Assumptions
Previous practices were completed successfully.
Tasks
1. Return to the terminal window that is configured for Audit Vault Server. Use the AVCTL
start_collector command to start the OSAUD collector.
a ble
$ avctl start_collector \ r
> -collname OSAUD_Collector \
a nsfe
> -srcname ORCL
n- t r
Starting collector...
a no
Collector started successfully.
h a s ฺ
$ m ) uide
o GCollectors page is
ilฺc etab.ntThe
2. Return to Audit Vault Console. Click the Management
a
displayed. Note the status of the OSAUD m d you started in the previous step.
g u
collector that
t
j a n@ his S
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru
4. A message is displayed indicating that the DBAUD collector has been started.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 5
)
m Gu i d e
ฺ c5o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Practices for Lessons 2, 3 and 4 were completed successfully.
Tasks
1. Open a browser window and launch the Audit Vault Console. Log in as the AV Auditor as
follows:
Field Value
User Name avaudit1
a ble
r
Password oracle_1
a nsfe
Connect As AV_AUDITOR
n- t r
a no
Click Login.
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
3. Click the Audit Policy tab to display the Audit Settings page.
a ble
r
a nsfe
n- t r
a no
4.
s ฺ
Select the source database and click Retrieve to retrieve the existing audit settings from the
h a
source database.
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
5. An information message is displayed indicating that the settings from the source database
are being retrieved. Click Show Status to view the status of the retrieval.
7. The Audit Settings page now indicates the setting has been retrieved. Note that the
Problem field is set to 29. This indicates that the audit settings are set in the source
database but they have not yet been activated for use in Oracle Audit Vault. You will
a ble
activate the settings in the next practice. r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a (for the nnext
sefew steps, log out of Audit Vault Console.
c
In preparation
lu the Audit e
8. R
Note athat lic Trail field on the Audit Settings page indicates AUDIT_TRAIL is set to
nDB. The Audit Sys field indicates that AUDIT_SYS_OPERATIONS is set to FALSE. Change
ja the AUDIT_TRAIL initialization parameter to DB,EXTENDED and set the
Ru
AUDIT_SYS_OPERATIONS initialization parameter to TRUE. You can set the initialization
parameters by using SQL commands or Enterprise Manager Database Control. The steps
below use SQL commands to change the value.
a. In your source database terminal window, log in to SQL*Plus as the SYSDBA user.
$ sqlplus / as sysdba
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 -
Production
SQL>
b. View the current setting for the AUDIT_ parameters.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
j a n@ his S
System altered. ฺru
e t
e. Shut down andlu c a u s
restart theodatabase
( r a e t instance.
c a ensimmediate
SQL> shutdown
u
a l
Database c
liclosed.
R
n Database dismounted.
ja
Ru ORACLE instance shut down.
SQL> startup
ORACLE instance started.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
b. Restart the DBAUD collector by@
gm Stud
clicking Start.
j a n successfully
h is restarted. Log out of Audit Vault Console.
c. The DBAUD collector has
ฺr u been
e t
c a u s
r lu Console
aVault to as the avaudit1 user and retrieve the source database
(
10. Log in to the Audit e
settingsu
l ca icens
again.
a the Audit
a.RClick l Policy tab.
n
ja b. Select your source database and click Retrieve again.
Ru c. Click Show Status to monitor the retrieval process. Click Return to return to the Audit
Settings page.
d. Note that the Audit Trail field has been updated to “DB, EXTENDED” and the Audit Sys
field indicates a value of TRUE.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
Assumptions
Practice 5-1 was completed successfully.
Tasks
1. On the Audit Settings page, click the link for your source database.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
2. The Overview page is displayed. Note@ gmthereStare
that udsettings already set in your source
database. j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru
3. View the Statement settings by clicking the Statement tab. To indicate that all the
Statement audit settings should be used by Audit Vault, click “Mark All as Needed.”
4. The Needed column is updated with a green check mark indicating that the audit setting is
a ble
needed.
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
R the Privilege settings by clicking the Privilege tab. To indicate that all the Privilege
j a naudit
5. View
Ru screenshot has been cropped to save space. Additional privileges are listed on this page.
settings should be used by Audit Vault, click “Mark All as Needed.” Note: The
a ble
7. Click the Overview tab. Click “Save All Audit Settings” to save the settings you just r
activated.
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
8. An informational message is displayed indicating that your audit policy has been saved.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. On the Audit Settings page, click the Capture Rule tab. On the Capture Rule page, click
Create.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m
2. Click the flashlight icon for the Table field. Enter HR in
o the de field and click Go.
) ObjectuiOwner
Select the HR.EMPLOYEES table and click Select.
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru
4. The Audit Settings page (Capture Rule tab) shows the capture rule you defined. Note that it
is not yet provisioned to your source database.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o t Gthe capture rule.
5. Click the Overview tab. Click “Save All Audit a ilฺc etonsave
Settings”
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
a
j a nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s applied.
c. You receive a message that the policy has been successfully ฺ
) i d e
l ฺ c om t Gu
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
d. Return to the Capture Rule page and view the status of the rule you defined.
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. In your source database terminal window, log in to SQL*Plus as the SYS user and execute
the $HOME/labs/audit_fga.sql script to configure fine-grained auditing policies in your
source database.
$ cd $HOME/labs
$ sqlplus / as sysdba
a ble
r
a nsfe
SQL*Plus: Release 11.2.0.1.0 Production on Tue Jul 13 13:27:46
2010 n- t r
a no
Copyright (c) 1982, 2009, Oracle. All rights
h a s reserved.
ฺ
) i d e
l ฺ c om t Gu
Connected to:
m aiEditiond e n
Oracle Database 11g Enterprise
@ g Stu Release 11.2.0.1.0 -
Production
j a n his
ฺr
With the Partitioning, u e t Data Mining and Real Application
OLAP,
c a u s
r a lu
Testing options
t o
a ( nse
SQL>c
lu lice
@audit_fga
a
ja n RConnected.
Ru SQL> BEGIN
2
DBMS_FGA.DROP_POLICY
(object_schema=>'HR',
3 object_name=>'EMPLOYEES',
4 policy_name=>'EMPLOYEEDATA');
5 END;
6 /
BEGIN DBMS_FGA.DROP_POLICY
*
ERROR at line 1:
ORA-28102: policy does not exist
ORA-06512: at "SYS.DBMS_FGA", line 60
ORA-06512: at line 1
ERROR at line 1:
ORA-28102: policy does not exist
ORA-06512: at "SYS.DBMS_FGA", line 60
ORA-06512: at line 1
Click Login.
b. Click the Audit Policy tab.
c. Select your source and click “Retrieve” on the audit Settings page.
d. The Audit Settings page is updated indicating that the settings are being retrieved.
e. Click Show Status to view the status of the retrieval. Click Return to return to the Audit
Settings page.
f. The Audit Settings Retrieved column is updated with the time stamp of the retrieval.
3. View the fine-grained audit policies by clicking the link in the Audit Source column
a. Click the database link in the Audit Source column.
a ble
b. On the Overview page, note that there are now 3 FGA policies in use. Click the FGA
r
tab to view details.
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
c. On the FGA page, the FGA policies that you defined in the previous step are listed.
c. Click the Overview tab. Click “Save All Audit Settings” to save the FGA settings.
d. The policy is saved. Note that all “In Use” FGA policies are now used by Audit Vault.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 6
)
m Gu i d e
ฺ c6o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Log in to the Audit Vault Console as the AVAUDIT1 user.
2. Click Settings. On the Notification Profiles page, click Create.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
3. Enter the following information: m ) uide
o G
Field a ilฺc ent Value
m tud
gHQ_Auditors
Profile Name
a @ S
n Distribution
i s
Description
ฺ j t h
ru se headquarters-based list for all
u a
c ou auditors.
l
To
a (ra nse t auditors_hq@example.com
c
lu lice sec_admin@example.com
a
j a nCCR avaudit1@example.com
Ru
Click Save.
4. You receive confirmation that your notification profile is created.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Click the Notification Templates tab to navigate to the Notification Templates page.
2. On the Notification Templates page, click Create.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
3. Enter the following information: n@
gm Stud
u j a t h is
Field
c a ฺr s e Value
alu e to u
Name
a ( r s
HQ Auditors Alert Notification
c e n Template
R alu lic
Description Alert notification template for HQ
ja n Auditors.
u
R Subject Oracle Audit Vault Alert:
#AlertName#, #AlertTime#
Body #AlertBody#
This is an automated message.
Please do not reply.
Click Save.
4. The Notification Templates page is displayed again with your new notification template.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c e
luof AuditliVault
c
5. LogR a
out Console.
ja n
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 7
)
m Gu i d e
ฺ c7o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
view entitlement reports. Finally, you will annotate and attest reports.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Open a terminal window and ensure that the settings are correct for your source database.
$ . oraenv
ORACLE_SID = [orcl] ?
The Oracle base for
ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 is
a ble
r
sfe
/u01/app/oracle
$
t r a n
2. Change to the labs directory.
no n-
3. a
Log in to SQL*Plus as the SYSTEM user and execute the run_Oracle_workload.sql
s ฺ
h a
) uide
script. This script creates a number of users and objects. You will see some errors when
m
the script is run. The errors are intentional and are used to demonstrate that nonsuccessful
o
ilฺc ent G
transactions can be captured by Oracle Database auditing.
a
[labs]$ sqlplus system
@ gm Stud
j a n his
SQL*Plus: Release ฺr u e
11.2.0.1.0t Production on Wed Jul 14 08:52:20
c a u s
2010
r a lu t o
a ( nse
c
lu lic(c)
Copyright e 1982, 2009, Oracle. All rights reserved.
a
ja nR
Ru Enter password: *********
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 -
Production
With the Partitioning, OLAP, Data Mining and Real Application
Testing options
SQL> @run_Oracle_workload
4. Exit from SQL*Plus.
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Log on to Oracle Audit Vault Console by specifying the following:
Field Value
User Name avaudit1
Password oracle_1
a ble
r
Connect As AV_AUDITOR
a nsfe
n- t r
2.
3.
Click the Audit Reports tab.
a no
To view account management activity, perform the following steps:
h a s ฺ
) uide
a. On the Default Reports page, click Account Management.
m
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
b. The Account Management page is displayed showing all the account management
commands that have been audited.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm S
d
tuUSER
c. You need to find out more about
j a n his
the CREATE statement executed by JSMITH.
Click the icon.
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
R a
jan
Ru
a ble
r
a n sfe
t
n- USERr
o
e. Scroll down the page and notice that the SQL text field shows the CREATE
n
statement.
s a
Question: What setting enabled the capture of the SQL text?
) a
h ideฺ
Answer: Setting AUDIT_TRAIL to DB, EXTENDEDo
c m the
enables
G ucapture of the SQL text.
l ฺ
ai den t
m
g Stu
a n @ is
ฺr u j t h
c a u s e
( r alu e to
l u ca icens
n Ra l
ja
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
c. Select Event in the Column list.@
gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
e. The Data Access report now shows only the DELETE events.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. To view entitlement reports, you must first retrieve the entitlement audit data.
a. On the Audit Policy page, select your source database and User Entitlement. Click
Retrieve.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n hisClick Show Status to view the retrieval status.
b. An informational messageu
ฺrEntitlement t
is displayed.
e
c. Click Return. The c
u a
User s
u Retrieved column is updated indicating the time of
retrieval. ral t o
a ( nse
c
lu lice
a
ja nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n the hJSMITH
is user to view detailed information.
ฺr
d. Scroll down the page andu select
e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru e. Detailed entitlement information for the JSMITH user is displayed.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. On the Default Reports page, click Data Access.
2. On the Data Access report page, click the cog icon.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu
3. In the list, select Highlight.
t o
a ( nse
c
lu lice
a
j a nR
Ru
Select “yellow” for Background Color and “blue” for Text Color. Click Apply.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
c a ฺr filter.se t
u
5. Remove the Event=’DELETE’
a lu t o u
a r
( nse
c
lu lice
a
j a nR
Ru
7. Click the User column to further filter the report data. Select PJONES to filter the report to
show only actions taken by PJONES.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu now lshows
i c e only actions by PJONES with the updates to ORDERS highlighted.
8. a
The report
ja nR
Ru
10. Click the Event column to filter the report data to show only UPDATE events.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
11. Once again, click the cog icon. Choose Save Report to save a copy of this report.
a ble
r
a nsfe
12. In the Save Report fields, enter the following:
n- t r
Field
a no Value
Update Report as
Name
) h ideฺ
Category New Category
l ฺ c om(select
t Ginumenu)
Category (new field) SOX a i
Update e n
Reports
m d
gReportStofu updates
Description
a n @ is
ฺr u j t h
c a u s e
Click Apply.
( r alu e to
l u ca icens
n Ra l
ja
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Navigate to the Compliance Reports page. Click Database Failed Logins.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
2. The report is displayed. You wantnto display isthe failed logins for only certain users. To do
u j a t h
c a ฺr
that, click Change Definition.
s e
alu e to u
( r
l u ca icens
n Ra l
ja
Ru
a ble
r
a nsfe
n- t r
a no
5. The report now shows only the failed logins for the APPS)user. hasNote
i d e ฺ you could save
that
l ฺ c om trequirements.
this report definition if it was appropriate for your business
G u
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
6. Return to the Compliance Reports page.
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Create a PDF report of the Schema Changes Report.
a. On the Compliance Reports page, click Schema Changes Report.
b. On the Schema Changes report page, click Create PDF.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm page,
S tudensure Immediately is selected.
c. On the “Create or Schedule PDF
j a n his
Report”
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
e. Click Create PDF. The Generated Reports page is displayed. Click Show Pending
a ble
Reports. r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu on the
f. The report appears
t o list.
a ( nse
c
lu lice
R a
jan
Ru
g. Return to the Generated Reports page. After the report is generated, it appears on the
Generated Reports page. Click the Details icon to view additional information.
h. Detailed information about the generated report is displayed. Click Done to return to
the Generated Reports page.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
i. Return to the Compliance Reports page.
2. Now schedule the Schema Changes report to execute on a weekly basis.
a. Click Schema Changes on the Compliance Reports page.
b. Click Create PDF.
c. In the Schedule section select Specify Schedule. Choose Weekly in the Repeat field.
ja nR
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Log in to Audit Vault Console as the AVAUDIT1 user.
2. Scroll to the Attestation Actions section. Click the report icon for the report that needs to be
attested.
a ble
r
a nsfe
n- t r
3. Click View Report. a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
4. The report is displayed. Scroll to the right and click Details to return to the Details for
Generated Report page.
5. Add a note in the New Note field. Click “Save & Attest” to save your note and record that
you have attested the report.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
lฺc ent G
a i
6. m appears.
In the Previous Notes section your new note
g t u d In the Attestation section, the time
j a n@ his S
and date of your attestation is shown.
c a ฺru se t
a lu t o u
a r
( nse
c
lu lice
a
ja nR
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 8
)
m Gu i d e
ฺ c8o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Log in to the Audit Vault Console as the AVADMIN1 user.
2. Navigate to the Alerts Setting page. (Configuration > Alert)
3. Verify that “Alert Processing Status” is set to Enable.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
4. Log out of Audit Vault Console. n is
u j a t h
c a ฺr s e
alu e to u
( r
l u ca icens
n Ra l
ja
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Log in to Audit Vault Console as the AVAUDIT1 user.
2. Click the Settings tab. Click the Alert Status Values tab to navigate to the Alert Status
Values page.
3. The Oracle Audit Vault default status values of NEW and CLOSED are displayed. Click
Create.
a ble
r
sfe
4. On the “Add Alert Status Value” page, enter the following information:
Field Value
t r a n
Status Value no
PENDING SUPERVISOR REVIEW n-
a
Description Alert needs review
Supervisor ) h
as by eAudit
ฺ
om t Gu i d
l ฺ c
m ai den
Click Save.
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
5. Your new status value is displayed on the Alert Status Values page.
a ble
r
6. Click Home to return to the Dashboard page.
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Click the Audit Policy tab. Click the Alerts tab to navigate to the Alerts page.
2. On the Alerts page, click Create.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
) uide
3. On the Create Alert Rule page, enter the following information:
m
Field
l ฺ o G
c nt Value
a i
Alert
g m tUser
Create
u de
Description
j a n@ Alert
h i s Sthat is raised when a user
ฺru se is t created.
c a u Warning
Alert Severity
r a lu t o
a (
Type ns
e
l c
Audit Source
u lic e ORCLDB
Audita
R Source ORCL
ja n
Ru Audit Event Category ACCOUNT MANAGEMENT
Audit Event CREATE USER
Audit Event Status BOTH
a ble
r
Click OK.
a nsfe
4. The Alerts page shows your new alert.
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( Vault
ofcAudit
5. Log outu e n se
al
Console.
R lic
u jan
R
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Open a terminal window and set the environment for your source database. Change to the
labs directory. Invoke SQL*Plus and log in to your source database as the SYSTEM user.
$ . oraenv
ORACLE_SID = [orcl] ?
The Oracle base for
a ble
r
sfe
ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 is
/u01/app/oracle
t r a n
$ cd $HOME/labs
no n-
[labs]$ sqlplus system
a
s ฺ
h a
SQL*Plus: Release 11.2.0.1.0 Production
o m ) on Fri
u ideJun 11 12:32:52
2010
a ilฺc ent G
m tud
gOracle.
Copyright (c) 1982, 2009,
a @
n his S All rights reserved.
j
ru se t
ฺ*********
c a u
r a lu
Enter password:
t o
a ( nse
c
lu licto:
Connected e
a
ja n ROracle Database 11g Enterprise Edition Release 11.2.0.1.0 -
Ru
Production
With the Partitioning, OLAP, Data Mining and Real Application
Testing options
SQL>
2. Execute the cr_hruser.sql script to create a new user named HRUSER.
SQL> @cr_hruser
Connected.
SQL> create user hruser
2 identified by hrpass
3 default tablespace example
4 temporary tablespace temp
5 /
User created.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
a n that
c. Scroll down the page and jobserve
h isthe alert information is displayed in the charts.
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
t r a n
no n-
a
s ฺ
h a
) uide
o m
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
u janc. Return to the Default Reports page and observe the status change.
R
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 9
)
m Gu i d e
ฺ c9o
a i l
Chapter
e n t
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Overview
In this practice you change the password of the AVADMIN1 user.
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Open a terminal window and set the environment variables for your Audit Vault Server.
$ . oraenv
ORACLE_SID = [av] ? <enter>
The Oracle base for
ORACLE_HOME=/u01/app/oracle/oracle/product/10.2.3/av_1 is
a ble
r
sfe
/u01/app/oracle
[av ~]$
t r a n
o
2. Log in to SQL*Plus and connect as the Database Vault Account Manager.
-
nReminder: The
password for the dbvacct1 user is dbvoracle_1. a n
a s
h ideฺ
[oracle@EDRSR22P1-av ~]$ sqlplus dbvacct1
)
l ฺ c om t Gu
SQL*Plus: Release 10.2.0.4.0 -aiProduction e n on Mon Jun 14 12:40:42
2010 m
g Stu d
a n @ is
u j
ฺr 2007, t h
Copyright (c) 1982,
c a u s e Oracle. All Rights Reserved.
( r alu e to
l u c icens ***********
Enter apassword:
a
RConnected l
n
ja Oracle Database to:
R u 10g Enterprise Edition Release 10.2.0.4.0 -
Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
SQL>
3. Change the password for the Audit Vault Administrator to oracle_2.
SQL> alter user avadmin1 identified by oracle_2;
User altered.
4. Exit from SQL*Plus.
Assumptions
Practice 9-1 was completed successfully.
Tasks
1. In your Audit Vault terminal window, execute the AVCA create_credential command
to update the password credentials of the AV_ADMIN user. Supply the following values:
Parameter/Input Value
-wrl $ORACLE_HOME/network/admin/avwallet
a ble
r
-dbalias av
a nsfe
Source user username avadmin1 n- t r
a no
Source user password
h a s ฺ
oracle_2
m ) uide
o
ilฺc ent G\
$ avca create_credential \
a
> -wrl $ORACLE_HOME/network/admin/avwallet
> -dbalias av
@ gm Stud
j a n havadmin1
is
u
Enter source user username:
ฺr password:t
e ********
Enter source c a
user
u s
alu euser
Re-enter rsource
( to password: ********
u
Credential
l ns successfully.
ca icestored
R$a l
u janVerify your changes by logging in to Audit Vault Console as the Audit Vault Administrator
2.
R (avadmin1) with the new password of oracle_2.
3. Log out of Audit Vault Console.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 10
) i d e
l ฺ
Chapter c om t Gu
10
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Practices for Lessons 2, 3, and 4 were completed successfully.
Tasks
1. To prepare for viewing information in the log files, use the Audit Vault Console to stop the
Audit Vault collectors.
2. Return to your Audit Vault collection agent terminal window. To prepare for viewing
information in the log files, stop the Audit Vault collection agent.
a ble
r
sfe
$ avctl stop_agent
Stopping agent...
t r a n
Agent stopped successfully.
no n-
$
s ฺ a
3. Restart the Audit Vault collection agent. h a
) uide
o m
ilฺc ent G
$ avctl start_agent
Starting agent... a
Agent started successfully.
@ gm Stud
j a n his
$
r u
ฺcollection e t
c a
4. Verify that the Audit Vault
u u sagent started by viewing the information in the log file.
a l t o
(r Vaultnscollection
a. In your Audit
a elog directory.
agent terminal window, navigate to the Audit Vault
c
u lic
collection agentehome
R alcd
$ /u01/app/oracle/oracle/product/10.2.3/av_agent_1/av/log
n
ja [log]$
Ru b. View the result of the start_agent command by viewing the avca.log file.
$ tail avca.log
…
07/19/10 08:36:57 xml URL -
file:/u01/app/oracle/oracle/product/10.2.3/av_agent_1/oc4j/j2ee/
home/config/http-web-site.xml
07/19/10 08:36:57 Agent started successfully.
Practice 10-1: Viewing the Audit Vault Collection Agent Log Information
Chapter 10 - Page 4
Practice 10-2: Viewing Audit Vault Collector Log Information
Overview
In this practice you view Audit Vault collector log information.
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Restart the DBAUD collector by using Audit Vault Console.
2. Verify that the DBAUD collector started by viewing information in the log file.
a. Return to your Audit Vault collection agent terminal window.
b. View the DBAUD_Collector_ORCL_1.log file.
$ tail -100 DBAUD_Collector_ORCL_1.log
a b le
r
…
a nsfe
INFO @ '19/07/2010 08:58:36 00:00':
n- t r
n o
***** Started logging for 'AUD$ Audit a
s Collector' *****
) h a e ฺ
om t Gu i d
INFO @ '19/07/2010 08:58:36 00:00':
l ฺ c
m ai den
***** Collector Name = DBAUD_Collector
@ g Stu
j a n h is
INFO @ '19/07/2010u08:58:36 t
ฺr Name s=eORCL00:00':
c a u
r a lu
***** Source
t o
a ( nse
INFO c
lu *****
@
c e
'19/07/2010
i 08:58:36 00:00':
a l
ja nR Av Name = AV
t r a n
INFO @ '19/07/2010 08:58:37 00:00':
no n-
***** Recovery done OK
s ฺa
[log]$ h a
) uidmetric e
c. View the ORCL-DBAUD_Collector-0.log file
c o m
for additional
G information about
the DBAUD_Collector collector. l ฺ
ai den t
m
g Stu
[log]$ tail ORCL-DBAUD_Collector-0.log
a n @ is FINE: return cached metric ,
Jul 19, 2010 9:04:38
u j h
AM Thread-13
t
ฺr value=0.0996
name=RECORDS_PER_SEC
c a u s e
Jul 19, 2010
r a lu t
9:05:38 o AM Thread-13 FINE: return cached metric ,
a ( nsvalue=true
name=IS_ALIVE e
c
lu lic e
a
Jul 19, 2010 9:05:38 AM Thread-13 FINE: return cached metric ,
Rname=BYTES_PER_SEC value=13.6409
jan Jul 19, 2010 9:05:38 AM Thread-13 FINE: return cached metric ,
Ru name=RECORDS_PER_SEC value=0.0996
Jul 19, 2010 9:06:39 AM Thread-13 FINE: return cached metric ,
name=IS_ALIVE value=true
Jul 19, 2010 9:06:39 AM Thread-13 FINE: return cached metric ,
name=BYTES_PER_SEC value=4.5537
Jul 19, 2010 9:06:39 AM Thread-13 FINE: return cached metric ,
name=RECORDS_PER_SEC value=0.0331
Jul 19, 2010 9:07:38 AM Thread-13 FINE: return cached metric ,
name=IS_ALIVE value=true
Jul 19, 2010 9:07:38 AM Thread-13 FINE: return cached metric ,
name=BYTES_PER_SEC value=6.9245
Jul 19, 2010 9:07:38 AM Thread-13 FINE: return cached metric ,
name=RECORDS_PER_SEC value=0.0507
[log]$
3. Restart the OSAUD collector by using Audit Vault Console.
4. Verify that the OSAUD collector started by viewing information in the log file.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
a ble
r
sfe
INFO @ '19/07/2010 08:59:12 00:00':
Metric command: Collector status = 1
t r a n
INFO @ '19/07/2010 08:59:16 00:00':
no n-
Metric:ALL_METRICS
s ฺa
h a
) uide
[log]$ o m
c. View the ORCL-OSAUD_Collector-0.log a t G metric information about
ilฺcfile forenadditional
the OSAUD_Collector collector. gm tud
a @
n his S
u j
[log]$ tail ORCL-OSAUD_Collector-0.log
t
ฺr AMseThread-14
u c
Jul 19, 2010 9:10:06a u FINE: return cached metric ,
l
ra 9:11:07
name=RECORDS_PER_SEC t o value=0.0000
a (2010 s e
l u c icen value=true
Jul 19, AM Thread-14 FINE: return cached metric ,
a 19, 2010 l 9:11:07 AM Thread-14 FINE: return cached metric ,
name=IS_ALIVE
RJul
n
ja name=BYTES_PER_SEC value=0.0000
Ru Jul 19, 2010 9:11:07 AM Thread-14 FINE: return cached metric ,
name=RECORDS_PER_SEC value=0.0000
Jul 19, 2010 9:12:08 AM Thread-14 FINE: return cached metric ,
name=IS_ALIVE value=true
Jul 19, 2010 9:12:08 AM Thread-14 FINE: return cached metric ,
name=BYTES_PER_SEC value=0.0000
Jul 19, 2010 9:12:08 AM Thread-14 FINE: return cached metric ,
name=RECORDS_PER_SEC value=0.0000
Jul 19, 2010 9:13:08 AM Thread-14 FINE: return cached metric ,
name=IS_ALIVE value=true
Jul 19, 2010 9:13:08 AM Thread-14 FINE: return cached metric ,
name=BYTES_PER_SEC value=0.0000
Jul 19, 2010 9:13:08 AM Thread-14 FINE: return cached metric ,
name=RECORDS_PER_SEC value=0.0000
[log]$
a ble
r
a nsfe
n- t r
a no
Practices for h a sLesson ฺ 11
) i d e
l ฺ
Chapter c om t Gu
11
m ai den
@ g Stu
j a n h is
ฺr u e t
c a u s
( r alu e to
l u ca icens
n Ra l
ja
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru
Assumptions
Practices for Lessons 2, 3, and 4 were completed successfully.
Tasks
1. Log in to Audit Vault Console as the AVADMIN1 user.
2. Navigate to the Warehouse Settings page.
a. Click the Configuration tab.
b. Click the Warehouse tab.
a ble
r
3. Set the retention period to 15 months.
a nsfe
a. Enter 1 in the Year field and 3 in the Months field.
n- t r
b. Click Apply.
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nsthat
4. You receive a message e the change to the retention period was successful.
c e
R alu lic
u jan
R
Practice 11-1: Setting the Audit Vault Data Warehouse Retention Period
Chapter 11 - Page 4
Practice 11-2: Purging Data from the Data Warehouse
Overview
In this practice you attempt to purge data from the data warehouse.
Assumptions
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Tasks
1. Navigate to the Warehouse Activity (Purge Activity) Page.
a. Click the Management tab.
b. Click the Warehouse tab.
c. Click the Purge Activity tab.
2. Purge the data in the data warehouse from yesterday.
a ble
r
a. Enter yesterday’s date in the Start Date field. You can also use the calendar to select
the date. a nsfe
n- t r
b. Enter 1 in the Number of Days field.
c. Click Purge Now. a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
ja n
Ru
3. You receive an error. Why are you unable to purge data from the data warehouse?
Answer: You cannot purge any of the data in your data warehouse because you did not
manually load the data.
a ble
r
a nsfe
n- t r
a no
h a s ฺ
m ) uide
o
a ilฺc ent G
@ gm Stud
j a n his
ฺr u e t
c a u s
r a lu t o
a ( nse
c
lu lice
R a
jan
Ru