3 Replies Latest reply: Jan 20, 2013 10:41 AM by 985703 RSS

    I cannot collect audit trail in AVDF 12. What's wrong?

    984235
      I installed Audit Vault Server 12 (not install firewall) in a oracle linux vmware and activated an agent for Oracle 11g release 2 in windows 7 x64 vmware
      according to Oracle® Audit Vault and Database Firewall Installation Guide and Administrator’s Guide Release 12.1.0 as follows:

      1) ALTER SYSTEM SET AUDIT_TRAIL=XML, EXTENDED SCOPE=SPFILE;
      Database restart

      2) Register the Oracle Database Host Machine

      3) Deploy Agent and Request Activation on the Host Machine

      4) Create user accounts on the secured targets and set up Oracle AVDF user privileges on an Oracle Database secured target.

      5) Register Secured Targets in the Audit Vault Server with user acount of stpe 4:jdbc:oracle:thin:@//IP:1521/orcl

      6) Configure an Audit Trail in the Audit Vault Server : TABLE - sys.aud$ or DVSYS.audit_trail$, DIRECTORY - directory of audit trail xml saved.

      Every step seemed to be installed without any problems.
      I turned off firewall just in case.
      Administrator web page of AVDF showed only messages of "request completed" after configuring an audit trail in the Audit Vault Server.
      But, collection state was a red downward arrow, and even auditor web page showed same state.
      I couldn't show audit trails in the auditor web page.
      But, the vault option page(https://IP:1158/dva) showed audit trails in its report page.
      what't wrong?
        • 1. Re: I cannot collect audit trail in AVDF 12. What's wrong?
          985703
          I`ve the same situation. Only difference is AUDIT_TRAIL=DB.

          Agent logs content:

          av.agent.log:
          Agent started successfully.

          av.collfwk-NNNNN-0.log:
          [SRC_CLASS: oracle.av.platform.common.util.AVLogger] [SRC_METHOD: logWarn] CollectorState : clearRequestStatus : Exception occured while trying to clear request status. Message: Closed Connection
          CollectionFactory : createCollection : Exception while creating collection.
          java.lang.reflect.UndeclaredThrowableException
               at $Proxy0.close(Unknown Source)
               at oracle.av.platform.common.dao.ConnectionManagerImpl.releaseConnection(ConnectionManagerImpl.java:552)
               at oracle.av.platform.agent.collfwk.impl.connection.AVConnection.releaseConnection(AVConnection.java:196)
               at oracle.av.platform.agent.collfwk.impl.state.CollectorState.clearRequestStatus(CollectorState.java:366)
               at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:507)
               at oracle.av.platform.agent.collfwk.impl.factory.CollectionFactory.createCollection(CollectionFactory.java:346)
               at oracle.av.platform.agent.StartTrailCommandHandler.processMessage(StartTrailCommandHandler.java:63)
               at oracle.av.platform.agent.AgentController.processMessage(AgentController.java:285)
               at oracle.av.platform.agent.AgentController$MessageListenerThread.run(AgentController.java:1490)
               at java.lang.Thread.run(Thread.java:662)
          Caused by: oracle.ucp.UniversalConnectionPoolException: Invalid life cycle state. Check the status of the Universal Connection Pool
               at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:368)
               at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:49)
               at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:80)
               at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:131)
               at oracle.ucp.common.UniversalConnectionPoolImpl.returnConnection(UniversalConnectionPoolImpl.java:535)
               at oracle.ucp.jdbc.proxy.JDBCConnectionProxyFactory.invoke(JDBCConnectionProxyFactory.java:235)
               ... 10 more
          [SRC_CLASS: oracle.av.platform.common.util.AVLogger] [SRC_METHOD: logWarn] CollectorState : clearRequestStatus : Exception occured while trying to clear request status. Message: Failed to connect to DB

          av.common-NNNNN-0.log:
          Unable to get connection to the datasourceException occurred while getting connection: oracle.ucp.UniversalConnectionPoolException: Invalid life cycle state. Check the status of the Universal Connection Pool

          Secured target (database) is up and available, listener`s up too.
          • 2. Re: I cannot collect audit trail in AVDF 12. What's wrong?
            IBarr
            My tests came to the same result. I believe there is a missing executable in the Windows x64 agent, namely avorclcoll.exe. The linux x64 agent works fine, however.

            Regards,

            Iain Barr
            Ategrity Solutions Ltd
            • 3. Re: I cannot collect audit trail in AVDF 12. What's wrong?
              985703
              The linux-x64 agent works fine. In plugin folder (com.oracle.av.plugin.oracle/bin) there are no files for other OS. Any idea where to find them?