Skip to Main Content
Forums

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

AV Agent Audit Trail Issue Can Not Start Up.

RoyalMar 13 2013 — edited Mar 13 2013
I'm facing the AV Agent Audit Trail Can Not Start up issue.

Env:
-----------------------------
DB: DB2 v9.1
OS: AIX 6.1
AVDF: 12.1.0.1
-----------------------------

AV Agent has been deployed on database host.

I have add some audit trails, all these can not start up, please check the below screen shot,

for trail "/home/db2inst5/trail", shows the error message "av.collector.SOURCE_VERSION_IS_NULL"


AV Agent can start commally in the AV Server Management Page, and I have utilized "DB282ExtractionUtil" to extract DB2 audit log to ASCII Text file under Audit Trail "/home/db2inst5/trail", ASCII Text file has been generated, but Audit Trail can not start up, avsys.event_log show no data from AV Agent.


AVCLI> LIST TRAIL FOR SECURED TARGET db2inst5;
-----------------------------------------------------------------------------------------------------------------------------------
| AUDIT_TRAIL_TYPE | HOST | LOCATION | STATUS | REQUEST_STATUS | ERROR_MESSAGE |
===================================================================================================================================
| DIRECTORY | db2inst5 | /home/db2inst5/av/extractionpath | STOPPED | | av.collector.SOURCE_VERSION_IS_NULL |
| DIRECTORY | db2inst5 | /home/db2inst5/trail | STOPPED | | av.collector.SOURCE_VERSION_IS_NULL |
| NETWORK | db2inst5 | | STOPPED | | Unable to start hostmonitor process |
-----------------------------------------------------------------------------------------------------------------------------------

and in the av.server.avcli-24969240-0.log from the attach, following errors are shown,

----------------------------------------------------------------------------------------------------------------------------------------------------------------
$ tail -1000 av.server.avcli-24969240-0.log
[2013-03-13T20:40:35.482+08:00] [server] [ERROR] [] [avcli] [tid: 10] [ecid: 1439958188:67722:1363178435548:0,0] invalid command "list" - rest of line ignored.
[2013-03-13T20:42:18.178+08:00] [server] [ERROR] [] [avcli] [tid: 10] [ecid: 1439958188:67722:1363178435548:0,0] invalid command "list" - rest of line ignored.
$ tail -1000 av.collector.Source_db2inst5-trail_27-17236180-0.log
[2013-03-13T20:42:04.601+08:00] [collector] [ERROR] [] [Source_db2inst5-trail_27] [tid: 10] [ecid: 1439958188:58483:1363178524612:0,0] DB2AuditDataSource : getDBSourceVersion : Error getting source version information by connecting to source[[
java.sql.SQLException: [Audit Vault][DB2 JDBC Driver][DB2]DISTRIBUTION PROTOCOL ERROR CAUSED DEALLOC: REASON 0x124C"("0103")" (null)
at oracle.av.platform.jdbc.db2base.ddb8.a(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddb8.b(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddb8.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.c(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddp.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddm.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.b(Unknown Source)
at oracle.av.platform.jdbc.db2.ddg.g(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddc0.f(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.y(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.e(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.u(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.executeQuery(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:230)
at $Proxy19.executeQuery(Unknown Source)
at oracle.av.plugin.db2db.collector.DB2AuditDataSource.getSourceDBVersion(DB2AuditDataSource.java:741)
at oracle.av.plugin.db2db.collector.DB2AuditDataSource.initializeToSource(DB2AuditDataSource.java:166)
at oracle.av.plugin.db2db.collector.DB2AuditEventCollector.initializeCollector(DB2AuditEventCollector.java:97)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.initialize(CollectionController.java:311)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.process(CollectionController.java:397)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.run(CollectionController.java:345)
at java.lang.Thread.run(Thread.java:811)

]]
[2013-03-13T20:42:04.618+08:00] [collector] [ERROR] [] [Source_db2inst5-trail_27] [tid: 10] [ecid: 1439958188:58483:1363178524612:0,0] DB2AuditDataSource : getSourceDBVersion : Source Version Attribute is NULL
----------------------------------------------------------------------------------------------------------------------------------------------------------------

Do you have any suggestions? Any reply will be appraciate.

many thanks,
Royal.

Comments

Hello

As per

https://docs.oracle.com/cd/E19121-01/sf.x4200/819-4346-20/819-4346-20.pdf

The Sun Fire X4000 series server supports the following Microsoft Windows

operating systems at the time of publication of this document:

■Microsoft Windows Server 2003, SP1 or later, Standard Edition (32-bit)

■Microsoft Windows Server 2003, SP1 or later, Enterprise Edition (32-bit)

■Microsoft Windows Server 2003, Standard x64 Edition (64-bit)

■Microsoft Windows Server 2003, Enterprise x64 Edition (64-bit)

The updated lists of supported operating systems are at the following URLs:

For the Sun Fire X4100 server:

http://www.sun.com/servers/entry/x4100/os.jsp

For the Sun Fire X4200 server:

http://www.sun.com/servers/entry/x4200/os.jsp

Hope this helps

Thank You
Best Regards,
Gabriel

ClaudiuO-Oracle

Hello 4057749,

Welcome to the community! Thank you for your post. One thing that we do ask all community members to do prior to participating in the community is to Update Your Community Display Name and Avatar! so we can easily identify who you are. Please go ahead and make this update.

Regarding your query this can be verified from 2 sources:

https://www.windowsservercatalog.com/item.aspx?idItem=cb4a2f04-b668-cc8b-9b67-afda91e4d853&bCatID=1333

and/or:

https://docs.oracle.com/cd/E19121-01/sf.x4100m2/820-5837-10/Chap_Intro.html#0_pgfId-1001741

I need to remind you that this is an End Of Life product so no new certifications/drivers or enhancements will be available.

Best regards,

Claudiu

MOSC Community Moderator

1 - 2
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Apr 10 2013
Added on Mar 13 2013
#agent, #audit, #audit-vault-and-database-firewall, #database-security
4 comments
1,616 views