Audit Vault 10.2.3.2 and data store db version

Similar Messages

• Data Source and Data Store

  Are both Data Source and Data Store the same in BI? If not can someone explain what each one of these terms mean.
  Thanks for the help

  Data Source or Persistent Staging Area  is a transparent database table or initial store in BI. In this table the requested data is saved unchanged from the Source System.
  DataStore Objects are primary physical database storage objects used in BI. They are designed to store very detailed transactional level records.
  Thanks

• Audit Vault 12.1.1 - Report "No data found"

  Hola, tengo instalado y configurado Audit Vault 12.1.1
  El agente esta deployado.
  El retrieve de settings de audit esta ok!
  Pero cuando quiero generar un reporte, los reportes salen vacios con el mensaje "no data found"
  El agente esta configurado contra una base 11.2.0.3.
  La tabla sys.aud$ tiene datos.

  The issue seems to be from DB side and an SR would help you in resolving the issue.
  However, added below few points you can look as well from your side.
  + DB may be core dumping in which case it would be required to resolve the core dump issue.
  + Running ASH report from sqlplus may not be working in which we need to resolve the DB side issue.
  + If feasible you can choose to upgrade DB to higher version.
  Regards,
  Bip

• BW Analytical Authorisations and Data Store Objects

  Hello All
  I am in the proces of trying to figure out how BW Analytical authorisations work as I have to build some authrisations for a new a new BW project.
  I understand the concept of BW Analytical authorisations. I have created an object linked to heirarchies via an info provider, and assigned it to a user and it works great. The problem is that I then went and ran a generation for heirarchies and I specified the Z info provider my analytical authorisation object was linked to. Now I find that all usrs on the system have access to my object and I need to remove this. Even new users on the system automatically get this access.
  I have read note 1052242 which explains that I can remove the authorisations using data store objects (DSOs). The thing is that I do not know how to maintain these DSOs..
  Can anyone help with this. Once I know how to maintain the DSO I can add in the required D_E_L_E_T_E entry and re-run the genration and hopefully this will solve my problem.
  Thank You In Advance
  Best Regards

  Hi Anwar,
  if your question is how to update data into a DSO, then I recommend you read the documentation.
  http://help.sap.com/saphelp_nw70/helpdata/en/f9/45503c242b4a67e10000000a114084/frameset.htm
  You require basic BW knowledge for that.
  If your background is more ABAP then think about making the DSO a DSO for direct update.
  That way you do not need BW knowledge and you can use ABAP instead to modify the data in the DSO.
  These Function modules of the API can be used:
  ●      RSDRI_ODSO_INSERT: Inserts new data (with keys not yet in the system).
  ●      RSDRI_ODSO_MODIFY:  inserts data having new keys; for data with keys already in the system, the data is changed.
  ●      RSDRI_ODSO_UPDATE: changes data with keys in the system
  ●      RSDRI_ODSO_DELETE_RFC: deletes data
  More information about these Function Module is here
  http://help.sap.com/saphelp_nw70/helpdata/en/c0/99663b3e916a78e10000000a11402f/frameset.htm
  However, if that doesn't solve your original problem with the authorizations, here are some useful links that I found helpful when implementing BW Analysis Authorizations.
  SDN area for Analysis Authorizations
  http://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI#AuthorizationinSAPNWBI-Differencebetweenrssmandrsecadmin
  Marc Bernard session
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce
  SAP release note for new Analysis Authorizations
  http://help.sap.com/saphelp_nw04s/helpdata/en/80/d71042f664e22ce10000000a1550b0/frameset.htm
  Best,
  Ralf

• RBS Migration and Data Store Expension

  I'm seeking some insight on if (and how) remote blobs are migrated.  For example, if I've configured RBS for SharePoint 2010 but I'm approaching the storage maximum on the hardware of my remote blob location - how would I go about moving the blobs elsewhere and 'pointing' Sql Server and SharePoint to the new locations?  In addition, if I were to simply add another storage location - how does one go about re-configuring the RBS to store blobs in a new/additional location?
  TIA.
  -Tracy

  1.   
  Live SharePoint 2010 environment with SQL 2008 R2
  a.   
  Take back up from 2010 live server.
  i.     
  Open management studio on SQL server.
  ii.     
  Take back up of content database of live application.
  2.   
  QA SharePoint 2010 environment with SQL 2008 R2
  a.   
  Restore SQL backup
  i.     
  Open management studio on SQL server.
  ii.     
  Restore database.
  b.  
  Create Web Application
  i.     
  Open SharePoint server
  ii.     
  Open central admin
  iii.     
  Create web application with classic authentication.
  c.   
  Dismount database which is with existing application
  i.     
  Open SharePoint PowerShell on SharePoint server.
  ii.     
  Fire below command.
  Dismount-SPContentDatabase <Database name>
  Note: Change the database name.
  d.  
  Mount restored database with existing application
  i.     
  Open SharePoint PowerShell on SharePoint server.
  ii.     
  Fire below command.
  Mount-SPContentDatabase <Database name>  -DatabaseServer  <Database server name > -WebApplication <Web application>
  Note: Change the database name and web application URL.
  iii.     
  Open SharePoint Designer and change the master page and publish it.
  iv.     
  Set the Test page as Home page.
  v.     
  Test user logging
  Logging with the 2-3 different users and test they can able to logging.
  e.   
  Configure RBS
  i.     
  Enable FILESTREAM on the database server
  Open SQL Server Configuration manager on SQL Server.
  From left panel click on SQL Server Services.
  From right panel select the instance of SQL Server on which you want to enable FILESTREAM.
  Right-click the instance and then click Properties.
  In the SQL Server Properties dialog box, click the FILESTREAM tab.
  Select the Enable FILESTREAM for Transact-SQL access check box.
  If you want to read and write FILESTREAM data from Windows, click Enable FILESTREAM for file I/O streaming access. Enter the name of the Windows share in the Windows Share Name box.
  If remote clients must access the FILESTREAM data that is stored on this share, select allow remote clients to have streaming access to FILESTREAM data.
  Click Apply and ok.
  ii.     
  Set FILESTREAM access level
  Open SQL management studio and connect SQL database instance.
  Right click on database instance and open Property.
  Go to: click on advanced from left panel.
  Find the “Filestream Access Level” property and set the value “Full access enabled”
  Click OK and exit window.
  iii.     
  Set SharePoint Configure FILESTREAM access level
  Open Query window on root
  Execute  following query
  EXEC sp_configure filestream_access_level, 2
  RECONFIGURE
  Restart SQL services
  Note: You will get message” Configuration option 'filestream access level' changed from 2 to 2. Run the RECONFIGURE statement to install.”
  iv.     
  Provision a BLOB store for each content database
  Click the content database for which you want to create a BLOB store, and then click New Query
  Execute following query
  use [<Database name>]
  if not exists
  (select * from sys.symmetric_keys
  where name = N'##MS_DatabaseMasterKey##')
  create master key encryption by password = N'Admin Key Password !2#4'
  Note:
  Change the database name
  You get “Command(s) completed successfully.” Message.
  use [<Database name>]
  if not exists
  (select groupname from sysfilegroups
  where groupname=N'RBSFilestreamProvider')
  alter database [<Database name>]
  add filegroup RBSFilestreamProvider contains filestream
  Note:
  Change the database name.
  You get “Command(s) completed successfully.” Message.
  use [<Database name>]
  alter database [<Database name>]
   add file (name = RBSFilestreamFile, filename =
  '<E:\SQL\Data\PetroChina>')
  to filegroup RBSFilestreamProvider
  Note:
  Change the database name and store path.
  If you get message “FILESTREAM file 'RBSFilestreamFile' cannot be added because its destination filegroup cannot have more than one file.”
  Ignore it.
  v.     
  Install the RBS client library on each Web server
  To install the RBS client library on the on the first Web server
  Open SharePoint Web server
  Open command prompt.
  Execute following command
  msiexec /qn /lvx* rbs_install_log.txt /i RBS.msi TRUSTSERVERCERTIFICATE=true FILEGROUP=PRIMARY DBNAME=<Database name> DBINSTANCE=<Database server> FILESTREAMFILEGROUP=RBSFilestreamProvider FILESTREAMSTORENAME=FilestreamProvider_1
  Note:
  Change the database name and database instance name.
  DB instance should be <server name\instance name>
  Download RBS.msi for respective SQL version.
  To install the RBS client library on all additional Web and application serversOpen SharePoint Web server
  Open command prompt.
  Execute following command
  msiexec /qn /lvx* rbs_install_log.txt /i RBS.msi DBNAME=<Database name> DBINSTANCE=<Database server> ADDLOCAL=Client,Docs,Maintainer,ServerScript,FilestreamClient,FilestreamServer
  Note:
  Change the database name and database instance name.
  DB instance should be <server name\instance name>
  vi.     
  Enable RBS for each content database
  You must enable RBS on one Web server in the SharePoint farm. It is not important which Web server that you select for this activity. You must perform this procedure once for each content database.
  Open SharePoint web server
  Open SharePoint PowerShell
  Execute below script
  $cdb = Get-SPContentDatabase <Database name>
  $rbss = $cdb.RemoteBlobStorageSettings
  $rbss.Installed()
  $rbss.Enable()
  $rbss.SetActiveProviderName($rbss.GetProviderNames()[0])
  $rbss
  Note: Change the database name.
  vii.     
  Test the RBS installation
  On the computer that contains the RBS data store.
  Browse to the RBS data store directory.
  Confirm that size of RBS data store directory.
  On the SharePoint farm, upload a file that is at least 100 kilobytes (KB) to a document library.
  On the computer that contains the RBS data store.
  Browse to the RBS data store directory.
  Confirm that size of RBS data store directory.
  It must be more than before.
  viii.     
  Test user logging
  Logging with the 2-3 different users and test they can able to logging.
  f.    
  Migrate RBLOB from RBS to SQL database and completely remove RBS
  i.     
  Migrate all content from RBS to SQL and disable RBS for content DB:
  Open SharePoint server.
  Open SharePoint management PowerShell
  Execute below script
  $cdb=Get-SPContentDatabase <Database name>
  $rbs=$cdb.RemoteBlobStorageSettings
  $rbs.GetProviderNames()
  $rbs.SetActiveProviderName("")
  $rbs.Migrate()
  $rbs.Disable()
  Note:
  Migrate() might take some time depending on amount of data in your RBS store.
  Change the database name.
  If you get message on the PowerShell “PS C:\Users\sp2010_admin> $rbs.Migrate()
  Could not read configuration for log provider <ConsoleLog>. Default value used.
  Could not read configuration for log provider <FileLog>. Default value used.
  Could not read configuration for log provider <CircularLog>. Default value used.
  Could not read configuration for log provider <EventViewerLog>. Default value used.
  Could not read configuration for log provider <DatabaseTableLog>. Default value used.” Then wait for while it will take some time to start migration.”
  ii.     
  Change the default RBS garbage collection window to 0 on your content DB:
  Open SQL server
  Open SQL management studio
  Select your content DB and open new query window
  Execute below SQL query
  exec mssqlrbs.rbs_sp_set_config_value ‘garbage_collection_time_window’,'time 00:00:00′
  exec mssqlrbs.rbs_sp_set_config_value ‘delete_scan_period’,'time 00:00:00′
  Note:
  Run one by one SQL query
  You will get “Command(s) completed successfully.” Message
  iii.     
  Run RBS Maintainer (and disable the task if you scheduled it):
  Open SharePoint server
  Open command prompt
  Run below command
  "C:\Program Files\Microsoft SQL Remote Blob Storage 10.50\Maintainer\Microsoft.Data.SqlRemoteBlobs.Maintainer.exe" -connectionstringname RBSMaintainerConnection -operation GarbageCollection ConsistencyCheck ConsistencyCheckForStores -GarbageCollectionPhases
  rdo -ConsistencyCheckMode r -TimeLimit 120
  iv.     
  Uninstall RBS:
  Open SQL server
  Open SQL management studio
  On your content DB run below SQL query
  exec mssqlrbs.rbs_sp_uninstall_rbs 0
  Note:
  If you will get message “The RBS server side data cannot be removed because there are existing BLOBs registered. You can only remove this data by using the force_uninstall parameter of the mssqlrbs.rbs_sp_uninstall stored pro” then run this “exec mssqlrbs.rbs_sp_uninstall_rbs
  1 ”
  You will get “Command(s) completed successfully.” Message.
  v.     
  Uninstall from add/remove SQL Remote Blob Storage.
  I found that there were still FILESTREAM references in my DB, so remove that reference
  Open SQL server
  Open SQL management studio
  Run below SQL query on your content DB:
  ALTER TABLE [mssqlrbs_filestream_data_1].[rbs_filestream_configuration] DROP column [filestream_value]
  ALTER TABLE [mssqlrbs_filestream_data_1].[rbs_filestream_configuration] SET (FILESTREAM_ON = "NULL")
  Note:
  Run one by one SQL query
  vi.     
  Now you can remove the file and filegroup for filestream:
  Open SQL server
  Open SQL management studio
  Open new query window on top
  Execute below SQL query
  ALTER DATABASE <Database name> Remove file RBSFilestreamFile;
  Note:
  Change the database name
  If it gives message “The file 'RBSFilestreamFile' cannot be removed because it is not empty.” Then remove all table prefix with “mssqlrbs_” from your database and execute SQL query again.
  This query takes time as per your database size (almost 30 min).
  You will get “The file 'RBSFilestreamFile' has been removed.” Message
  Execute below SQL query
  ALTER DATABASE <Database name> REMOVE FILEGROUP RBSFilestreamProvider;
  Note:
  Change the database name
  You get “The filegroup 'RBSFilestreamProvider' has been removed.” Message.
  Or If you get “Msg 5524, Level 16, State 1, Line 1 Default FILESTREAM data filegroup cannot be removed unless it's the last
  FILESTREAM data filegroup left.” message. Then ignore this message.
  vii.     
  Remove Blob Store installation
  Open SharePoint server
  Run RBS.msi setup file and choose Remove option.
  Finish wizard.
  viii.     
  Disable FILESTREAM in SQL Configuration Manager
  Disable FILESTREAM in SQL Configuration Manager for your instance (if you do not use it anywhere aside this single content DB with SharePoint), run SQL reset and IIS reset and test.
  ix.     
  Test the RBS Removed or not?
  On the computer that contains the SQL database.
  Confirm that size of SQL database (.mdf file).
  On the SharePoint farm, upload a file that is at least 100 kilobytes (KB) to a document library.
  On the computer that contains the SQL database.
  Confirm that size of SQL database.
  It must be more than before. If there is no difference then ignore it. Just check it Store is no more in SQL.
  x.     
  Test user logging
  Logging with the 2-3 different users and test they can able to logging.
  g.   
  Convert classic-mode web applications to claims-based authentication
  i.     
  Open SharePoint server
  ii.     
  Open SharePoint PowerShell
  iii.     
  Execute below script
  $WebAppName = "<URL>"
  $wa = get-SPWebApplication $WebAppName
  $wa.UseClaimsAuthentication = $true
  $wa.Update()
  $account = "<Domain name\User name>"
  $account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
  $wa = get-SPWebApplication $WebAppName
  $zp = $wa.ZonePolicies("Default")
  $p = $zp.Add($account,"PSPolicy")
  $fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
  $p.PolicyRoleBindings.Add($fc)
  $wa.Update()
  $wa.MigrateUsers($true)
  $wa.ProvisionGlobally()
  iv.     
  Test user logging
  Logging with the 2-3 different users and test they can able to logging.
  h.  
  Take SQL backup from QA server
  i.     
  Open SQL server
  ii.     
  Open management studio on SQL server
  iii.     
  Select the content database
  iv.     
  Take back up of content database
  Information: This SQL backup is not content RBS.
  3.   
  New SharePoint 2013 environment with SQL 2012
  a.   
  Restore SQL backup
  i.     
  Open SQL server
  ii.     
  Open SQL management studio
  iii.     
  Restore the SQL database using *.bak file
  b.  
  Dismount database which is with existing application
  i.     
  Open SharePoint server
  ii.     
  Open SharePoint management PowerShell
  iii.     
  Execute below script
  Dismount-SPContentDatabase <Database name>
  Note: change the database name which bind with existing application.
  c.   
  Mount restored database with existing application
  i.     
  Open SharePoint server
  ii.     
  Open SharePoint management PowerShell
  iii.     
  Execute below script
  Mount-SPContentDatabase <Database name> -DatabaseServer <Database server name> -WebApplication <URL>
  Note:
  Change the database name with new restored database name
  Change the database server name in form of “DB server name\DB instance name”
  Change the URL of web application
  This command take some time.
  d.  
  Upgrade site collection
  i.     
  Open SharePoint server
  ii.     
  Open new site
  iii.     
  You will find message on top “Experience all that SharePoint 15 has to offer. Start now or Remind me later”
  iv.     
  Click on “Start”
  v.     
  Click on ”Upgrade this Site Collection”
  vi.     
  Click on “I Am ready”
  vii.     
  After some time you will get message “Upgrade Completed Successfully”
  viii.     
  Test User logging.

• Audit Vault Agent Installation issue

  Hi All,
  I have installed the following things
  1) Audit Vault Server (10.2.2.0.1) on a Windows 2003 Server
  2) I completed the post-installation tasks
  3) I am trying to install Audit Vault agent (10.2.2) on HPUX (11.11) machine.
  I start the AV Agent runInstaller, and fill the details like AVAgent name, Username, connect String etc, then click on next , it throws the following error:
  "error1: the AV server is expecting an agent with the given name to be installed on another machine"
  I am able to ping from Windows to HP machine and Vice versa (By IP Address and Hostname).
  Can anyone tell me where i am going wrong and how to solve it.
  Please mail to my email address ([email protected])
  Thanks & Regards,
  Rakesh

  Hi,
  The details of the installation done so far:
  1) I have installed "Oracle Audit Vault Server (10.2.2)" on a Windows 2003 machine providing the following details
  a) Audit vault Name
  b) Audit Vault Home
  c) Audit Vault Administrator
  d) Administrator Password
  e) Audit Vault Auditor
  f) Ausitor Password
  g) Database Vault Owner and Manager
  h) Created a Audit Vault Agent user and added the user to the udit Vault server using AVCA.
  2)I invoke the "Audit Vault Agent" Installer from a HP-UX machine and provide details viz.,
  a) Audit vault Agent Name (Same name when i executed the AVCA command above)
  b) Aduit Vault Agent Home
  c) Agent Username
  d) Agent Password
  e) Audit Vault Server Connect String (Provide the Database details as mentioned in Audit Vault Server (localhost:port:servicename)
  and when i click on the next button it throws me the following error:
  "error1: the AV server is expecting an agent with the given name to be installed on another machine".
  Hope this gives you a better idea. Waiting for your reply.
  Thanks & Regards,
  Rakesh

• Dvsys.synchronize_policy_for_object + 10.2.3.2.4 Audit Vault Server

  OS: Suse Linux 10 SP 2
  Oracle Audit Vault Version:10.2.3.2.4
  Two nodes RAC database
  After patch the Oracle Audit Vault Server I began to notice the following message at the second instance alert log:
  ora-12012 error on auto execute of job 23
  PLS-00201 identifier 'DVSYS.SYNCHRONIZE_POLICY_FOR_OBJECT' must be declared
  In fact there is not any procedure or function with that name at DVSYS schema, so why is there some job that call it?

  Hello experts
  I am confuse due to the audit vault server is installed sucefull and later I can connect me into the database but during the isntallation process some I get some errors on the database oracle vault component and the last compoent (AVAC) fails. The errors begin with this:
  Rule_set: java_sql.SQLException: ora24141 rule set dvsys.dv$1 does not exist.
  This is my first audit vault server installation so I have not experience with that product. I really need your help.

• Audit Vault server Installation taking days.

  Dear DBA's
  This is my First Implementation of Database Vault.
  I am installing Audit Vault 12.1 on Linux 5 update 8 in VM Where.
  but in the middle of the installation it will ask for reboot--Install Complete.
  after rebooting it is showing installing oracle and not changing the screen last 2days.
  is Oracle Vault support VM Where?
  How much time will it take to finish the Installation?
  Common issues while installing Oracle Vault?
  Kindly help me on above queries.
  Regards,
  SG

  It is always best not to force install an Oracle product, or any product for that matter, into an environment where you don't have installation instructions and where support will be essentially non-existent as few others have that environment.
  Audit Vault is a security product and belongs in the most secure, stable environment you can provide. Why not install based on Oracle's documented instructions?

• Audit Vault Agent DB2 AS /400

  Hi
  Any body know if Audit Vault can support DB2 running on AS/400 ?
  Regards

  I'm not sure I understand your follow-on query. There is no such thing as an "Agent for DB2". Audit Vault only has one agent, and it can collect audit trails from all supported types of sources, including Oracle , SQL Server, Sybase, and DB2 LUW databases. The agent runs on several platforms - Linux on Intel (both 32-bit and 64-bit variants), Solaris on SPARC, AIX on POWER, HP-UX on PA-RISC and Itanium, and 32-bit Windows on Intel. It does not run on the AS400 at this time.
  Regards.

• OEM versus Audit Vault

  Is there such Audit Vault option within OEM? In other word, can you use OEM to set up Audit Vault for the target DBs and monitor it?
  thx

  Hi:
  As of the current production release, there is no explicit integration between OEM and Audit Vault.
  However, OEM can be used to administer Audit Vault's repository database, just as if it were a normal database. Furthermore, some users have wrapped Audit Vault's commands into OEM fetchlets to provide higher-level administrative functions in OEM.
  Regards.

• Copying a Data Store

  Hi All,
  Is there any provision where in we can copy a existing data store. Also as part of recovery is there any provision of switching data store.
  Thanks,
  Kartik P.

  Running data stores across versions (like your 2.2.2 -> 2.3.0 example) is not supported. And even if you copied the 2.2.2 data store to the 2.3 Endeca Server area, the 2.2.2 data store wouldn't run with the 2.3.0 dgraph because only data indexed with the same dgraph version will work (i.e., only data indexed with the 2.3.0 dgraph will run on that 2.3.0 dgraph). So the attach-ds command would fail because the command tries to start up the dgraph as part of its operation.

• Oracle Database Vault vs Audit Vault and database firewall

  Hi All,
  I would like to know the main difference between Oracle Database Vault and Oracle Audit Vault and Database firewall.
  I have read all the white papers and documents on them both and find them very similar in work process.
  Only difference I see in the pricing.
  I feel Oracle audit Vault can do all the work of Database Vault with added feature of proactive session monitoring.
  If someone can help me based on their knowledge and experience it would be appreciated.
  Thank you.

  I have read the white papers of both Database Vault and Audit Vault
  According to database Vault sessions can be managed using various roles created as per business requirements.
  Audit vault offers same thing in terms of a firewall which manages and restrictions based on roles created .
  From the white papers:
  DATABAES VAULT:
  Oracle Database Vault restricts access to specific areas in an Oracle database from any user, including users who have administrative access.
  This enables you to apply fine_grained access control to your sensitive data in a variety of ways.
  Oracle Database Vault enables you to create the following components to manage security for your database:
  Realms
  Command Rules
  Factors
  Rule Sets.
  DATABAE AUDIT AND FIREWALL:
  Oracle Audit Vault and database Firewall consolidates database activity monitoring events and audit logs. Policies enforce expected application behaviour, helping preventing SQL injection, application bypass, and other malicious activities from reaching the database while also monitoring and auditing privileged users and other activities inside the database.
  To me these sound very similar of doing same work.
  My apologies as I am unable to paste the whole text here and I cannot type full documents here 

• Audit Vault - OS data collection

  Hi all,
  Based on the Oracle Audit Vault Administrator's Guide, Release 10.2.3.2, it is not mentioning anywhere i the tool has the functionality to collect data from OS (Linux, WIN, Unix etc). This is the case right?
  Thanks

  Hi,
  Yes, you are correct. As of this release (10.2.3.2), Audit Vault can only collect audit trails from databases - Oracle, SQL Server, Sybase, and DB2 LUW. Operating System audit trails are not supported.
  Regards.

• Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

  Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

  4195bee8-4db0-4799-a674-18f89aa500cb wrote:
  i dont have access to My Oracle Support can u send text or html of document please?
  Moderator Action:
  No they cannot send you a document that is available only to those with access to MOS.
  That would violate the conditions of having such service contract credentials.
  Asking someone to violate such privileges is a serious offense and could get that other person's organization banned from all support and all their support contracts cancelled.
  Your post is locked.
  Your duplicate post that you placed into the Audit Vault forum space has been removed (it had no responses).
  This thread which you had placed in the Solaris 10 forum space is moved to the Audit Vault forum space.
  That's the proper location for Audit Vault questions.

• Audit Vault and DB Firewall Design

  I have and application (JAVA Based) connected to the database 11g using JDBC,
  I am going to implement Audit Vault and DB firewall R12 for three reasons:
  1. monitoring the traffic
  2. blocking un wanted SQL statements.
  3. blocking un wanted IPs/Users
  Our two Physcial servers that will be used for Audit Vault and DB Firewalls contain two NIC each.
  My Questions:
  1.  How to put these two servers in our network to be able to mointor as well block traffic, we don't need to change anything to our exisiting network configuration.
  2.  How to DB Firewall will block unwanted incomming traffic from the JAVA application to our database.
  please any usefull documents, links, ideas, network design
  I tried official Oracle Document, it is useless

  hi,
  1. if you plan to block sql using the firewall you will need 3 NICs in the firewall appliance since apart from the management interface you will need to setup a bridge (with 2 NICs) to physically route the traffic through the firewall, this also requires you to patch the appliance properly inside your datacenter between the protected database and the client or middle tier servers, so you can't do  this w/o changing anything in your nw configuration.
  2. you will need to compile a whitelist based on what your trusted applications are doing normally, this is an iterative process, then the firewall will be able to block sql not in the whitelist (replace it with something like select 1 from dual), since the only physical network path from the java clients to  the secured target db goes via the bridge
  Comment: so if you have a chance: pull one NIC out of the AV server (it only needs 1) and plug it into the firewall appliance.
  greetings,
  Harm ten Napel