I have an Audit Vault server 10.1 on Solaris platform. The solaris server is getting old so I decided to build a new Audit Vault 10.3 server running on Linux OS. I installed Audit Vault server and agent collector on the new linux server. Everything appears configured correctly.
My question is - how do I migrate the old audit data from the old server to the new Linux server? I have about two years of audited data on the old server.
I was told that just import the AUD$ from the old server to the new server and enable collector. I have done just that, but nothing is moving to the AV database. I am not sure if this method will work.
Do you mean to export a full old AV database and import it to a new AV database? if so, I am not sure if it will work. There is a metadata repository already installed with the new AV installation in AVSYS schema, and it may conflict with the data that is imported over from the old database.
Here are what I have done to migrate the old audit data from an old platform to a linux Audit Vault server:
1) Export sys.AUD$ from the old source database.
2) Import sys.AUD$ to a new source database.
3) Install and enable collection at this point only.
4) select max(av_time) from avsys.audit_event_fact;
You should see the date you import.
5) select SQL_BIND_STR from avsys.audit_event_fact;
select SQL_TEXT_STR from avsys.audit_event_fact;
At this point you should see your data from this table
6) Lastly, check AV server report.