In my previous post I had illustrated on how to install Oracle Audit Vault Server 10.3 in Solaris SPARC. In this post I will show on how to install Audit Vault Agent in the same server. We are installing audit vault agent for a RAC database. So the agent will be installed in the same server where Audit Vault Server is installed.
Audit Vault Server Name : mgtav
Audit Vault Server IP : 100.100.100.102
Source RAC Database Server Name : srcdbdc-1
Source RAC Database Server SCAN IP : 100.100.100.109
The "/etc/hosts" file of mgtav should have following entry for name resolution:
100.100.100.109 srcdbdc-1-vip
Audit Vault Server Name : mgtav
Audit Vault Server IP : 100.100.100.102
Source RAC Database Server Name : srcdbdc-1
Source RAC Database Server SCAN IP : 100.100.100.109
The "/etc/hosts" file of mgtav should have following entry for name resolution:
100.100.100.109 srcdbdc-1-vip
1. Create user on source database
create user srcdb_av_user identified by SecurePassword*314 default tablespace users temporary tablespace temp;
2. Add tnsentry in AV Server home for source database.
Provide the SCAN IP of the source database server in HOST field of the tnsnames.ora file.
SRCDB_TAF=
(DESCRIPTION =
(LOAD_BALANCE = YES)
(FAILOVER = ON)
(ADDRESS = (PROTOCOL = TCP)(HOST = 100.100.100.109)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = SRCDB)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
)
)
)
3. Run Script from AV Server home
bash-3.2$
sqlplus sys@srcdb_taf as sysdba
SQL*Plus:
Release 11.2.0.3.0 Production on Fri Dec 14 12:57:14 2012
Copyright
(c) 1982, 2011, Oracle. All rights
reserved.
Enter
password:
Connected
to:
Oracle
Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With
the Partitioning, Real Application Clusters, Automatic Storage Management,
OLAP,
Data
Mining and Real Application Testing options
SQL>
@/u01/app/oracle/product/10.3.0/av_1/av/scripts/streams/source/zarsspriv.sql
srcdb_av_user SETUP
Granting
privileges to SRCDB_AV_USER ... Done.
SQL>
4. Add agent in the audit vault server
From audit vault server home add agent.
bash-3.2$avca add_agent -agentname srcdb_db_agent -agentdesc 'Agent for srcdb RAC Database' -agenthost mgtav
Enter agent user name:srcdb_db_agent_user
Enter agent user password:agentuser123
Re-enter agent user password:agentuser123
Agent added successfully.
bash-3.2$
5. Add source db to audit vault server from av server home
bash-3.2$avorcldb add_source -src srcdbdc-1-vip:1521:srcdb -desc 'srcdb RAC Database' -agentname srcdb_db_agent
Enter Source user name:srcdb_av_user
Enter Source password:av_user123
Adding source...
Source added successfully.
remember the following information for use in avctl
Source name (srcname): SRCDB
Credential stored successfully.
Mapping Source to Agent...
bash-3.2$
6. Make changes for hostname in tnsnames.ora file of av server.
After adding source database to audit vault server, audit vault server creates a tns entry in $ORACLE_HOME/network/admin/tnsnames.ora. $ORACLE_HOME points to audit vault server installation directory. Change the hostname parameter in this file to point to SCAN IP.
# Alias for SRCDB
SRCDB2 = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=100.100.100.109)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=SRCDB)))
7. Create agent directory for agent installation
mkdir –p /u01/app/oracle/product/10.3.0/srcdb_av_agent
chmod 775 /u01/app/oracle/product/10.3.0/srcdb_av_agent
8. Install agent software
Execute the runInstaller from agent installation directory and provide following details in the "Agent Details" window:
Audit Vault Agent Name:srcdb_db_agentAudit Vault Agent Home:/u01/app/oracle/product/10.3.0/srcdb_av_agentAgent User Name:srcdb_db_agent_userAgent User Password:agentuser123
Connect String:100.100.100.102:1522:avdc
Connect String:100.100.100.102:1522:avdc
9. Agent Setup
Setup Agent for Source Database Connectivity from audit vault agent home. Remember the environment variable ORACLE_HOME must be set to the agent installation directory otherwise avorcldb will not work.
bash-3.2$ . ./.profile_av_srcdb
bash-3.2$ echo $ORACLE_HOME
/u01/app/oracle/product/10.3.0/srcdb_av_agent
bash-3.2$
bash-3.2$ avorcldb setup -srcname SRCDB
Enter Source user name: srcdb_av_user
Enter Source password: SecurePassword*314
adding credentials for user srcdb_av_user for connection [SRCDB2]
Credential stored successfully.
updated tnsnames.ora with alias [SRCDB2] to source database
verifying SRCDB2 connection using wallet
bash-3.2$
Contents of .profile_av_srcdb
# This is the default standard profile provided to a user.
# They are expected to edit it to meet their own needs.
# Audit vault collection agent for prdc
MAIL=/usr/mail/${LOGNAME:?}
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR
ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/product/10.3.0/srcdb_av_agent; export ORACLE_HOME
ORACLE_HOSTNAME=mgtav.mydomain.com.np; export ORACLE_HOSTNAME
ORACLE_TERM=xterm; export ORACLE_TERM
PATH=/usr/sbin:/usr/ccs/bin:/usr/ucb:$PATH;
export PATH
PATH=$ORACLE_HOME/bin:$ORACLE_HOME/OPatch:$PATH; export PATH
LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib:/usr/local/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH
export PATH
umask 022
ulimit -n 65536
#End .profile for audit vault agent
Contents of .profile default profile for audit vault server home. There are three profiles in the server:
1. .profile which is the default profile points to audit vault server home.
2. .profile_av_srcdb which is the profile for audit vault agent and points to audit vault agent home.
# This is the default standard profile provided to a user.
# They are expected to edit it to meet their own needs.
MAIL=/usr/mail/${LOGNAME:?}
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR
ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/product/10.3.0/av_1; export ORACLE_HOME
ORACLE_HOSTNAME=mgtav.mydomain.com.np; export ORACLE_HOSTNAME
ORACLE_SID=avdc; export ORACLE_SID
ORACLE_TERM=xterm; export ORACLE_TERM
PATH=/usr/sbin:/usr/ccs/bin:/usr/ucb:$PATH;
export PATH
PATH=$ORACLE_HOME/bin:$PATH; export PATH
LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib:/usr/local/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH
export PATH
umask 022
ulimit -n 65536
#End .profile for audit vault server
10. Make changes in tnsnames.ora file of audit vault agent
After agent is setup, audit vault server creates a tns entry in $ORACLE_HOME/network/admin/tnsnames.ora. Change the hostname parameter in this file to point to SCAN IP. $ORACLE_HOME points to audit vault agent installation directory.
# Alias for SRCDB
SRCDB2 = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=100.100.100.109)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=srcdb)))
11. Verify from av server home if collector can be added
From audit vault server home verify if collector can be added.
bash-3.2$ echo $ORACLE_HOME
/u01/app/oracle/product/10.3.0/av_1
bash-3.2$
bash-3.2$ avorcldb verify -src srcdbdc-1-vip:1521:srcdb -colltype DBAUD
Enter Source user name: srcdb_av_user
Enter Source password: SecurePassword*314
source SRCDB verified for Aud$/FGA_LOG$ Audit Collector collector
bash-3.2$
12. Add Collector
From audit vault server home add the collector.
bash-3.2$ echo $ORACLE_HOME
/u01/app/oracle/product/10.3.0/av_1
bash-3.2$
bash-3.2$ avorcldb add_collector -srcname SRCDB -agentname srcdb_db_agent -colltype DBAUD
source SRCDB verified for Aud$/FGA_LOG$ Audit Collector collector
Adding collector...
Collector added successfully.
remember the following information for use in avctl
Collector name (collname): DBAUD_Collector
bash-3.2$
To start collector:
avctl start_collector -collname DBAUD_Collector
-srcname SRCDB
Sequence to start av services:
**********************************************************************
from av server home:avctl start_av
from av agent home :avctl start_agent
from av agent home :avctl start_oc4j
from av server home:avctl start_collector -collname DBAUD_Collector -srcname SRCDB
Hope this helps 
No comments:
Post a Comment