Oracle Audit Vault allows monitoring of auditing information from multiple databases in a single centralized location. The key steps to implement Oracle Audit Vault are: 1. Download the Audit Vault software and install it on a server. 2. Register databases as hosts and deploy agents to these databases to capture and send audit records. 3. Configure audit settings in the databases to define what activities to audit. 4. Access the Audit Vault console to view reports, alerts, and retrieve audit records from registered databases.

1. Oracle Audit Vault installation and implementation steps:
Introduction
Oracle Audit Vault is a security product that gathers auditing information from remote databases and
store them in a single centralized warehouse database. Suppose you have different machine in a
different database, that’s time really tough to monitor what happens in different database at a time. By
using an audit vault system you can monitor every database in a single dashboard and you can apply
policies which alerts you and provide you desires report.
Another Key feature is once audit vault system ready you cannot enter audit database, because system
is totally intact, you cannot login putty or other ssh, enter the system you can see only below screen
Audit vault itself has different types of reports like Activity reports, Alert reports, user privileges report,
stored procedure audit reports.
Oracle Audit vault raise alerts any types of suspicious transactions.
Capture before/after values from transaction logs.
Automated cleanup of Oracle database audit data on source systems, no need to manage the audit
database.

2. Installation:
Download Audit Vault Software
A. Download Media
1. Download media from https://edelivery.oracle.com/.
· Open a web browser.
· Type https://edelivery.oracle.com/ in the address bar.
· Press "<Enter>" key.
· Click on "Sign In / Register" button.
2. Login to edelivery
Sign In / Register button redirects to the login screen.
· Provide login username and password.
· Click on Sign in button to login.

3. 3. Search Required Media
· In Product pack select Oracle Database.
· In Platform select Linux x86-64.
· Select "Oracle Audit Vault and Database Firewall 12.1.1 Media Pack for Linux x86-64".
· Click on "Go" button to search.
4. Download Media
· Click on "Download" button next to "Oracle Audit Vault and Database Firewall (12.1.1.1.0) - Server"
to download Audit Vault Server.
· Click on "Download" button next to "Oracle Audit Vault and Database Firewall (12.1.1.1.0) - Database
Firewall" to download Database Firewall. I will cover this in my next post.

4. Prerequisites
1. Laptop/PC
· Latest and fast processors
· At least 8GB memory, but I am using 1.5GB memory
· Windows 64 bit
· At least 120GB Hardisk , rather than 120GB storage you can installed Audit vault server.
Host Machine (Windows 10)
IP Address : 172.25.200.1
Subnet Mask : 255.255.255.0
AV server (virtual Box, installed Oracle Linux 6)
IP Address : 172.25.200.10
Subnet Mask : 255.255.255.0
Attached media in virtual Box machine
After startup the Virtual Box this screen come in type install , hit enter key

6. I stuck here cause I assign 52GB for this , that’s why I will add 120GB disk and re-run the installation
again.
Installation in Progress

8. Applying Configuration
· Wait until the installer goes to next screen.
Enter Installation Passphrase
· Enter a strong passphrase.
This passphrase will be used later to change other system passwords. It is recommended to
note the password securely for future reference.
NOTE: The passphrase should be 8 characters or more and contains an uppercase, lowercase, digit and
punctuation. If this policy is violated then following message will be displayed.

9. Enter password: Ucbl_123

10. Refreshing link state
Server will automatically refresh the link state and redirect to next screen.
Select Management Interface
After Enter the machine IP 172.25.200.55, reboot machine

13. Login in Oracle Audit vault Server :
https://172.25.200.55/console/
Oracle Audit Vault has Two Schema
One is AVADMIN where you can do all types of administrator job.
Another is AVAUDITOR which helped you to monitor audit information.
Implementation Audit Server in a database and monitor the activity
Step1: Register a host
Host Name: SolarisM1
IP address: 172.25.200.10
Service: PRIPDB
Register the host

14. Save the host
Step 2: Download agent

15. Click download agent
Copy this jar file in below location
Step 3: deploy agent.jar in hosts
Java –jar agent.jar –d agent

16. Step 4: Now activate the agent
./agentctl activate
Step 5: Now activate it from console. You find agent version
Step 6: Now start the agent with generated KEY
bash-3.2$ ./agentctl start -k OR61-LH3O-KWUA-YSNW-5JDA

17. Step 7: create Audit user in database avcol
Setup
SQL>
@/export/home/oracle/app/oracle/product/agent/av/plugins/com.oracle.av.plugin.oracle/config/oracl
e_user_setup.sql avcol setup
Step 8: secured target setup

18. Step 9: add Audit trail
Step 10: start audit trail

19. Step 11: audit enable basak.employee;
SQL> conn sys@PRIPDB as sysdba
Enter password:
Connected.
SQL> audit all on basak.employee;
Audit succeeded.
Step 12: retrieve audit settings using avauditor user
Download report monitor the activity