If you assign an Oracle Database Collector to a Monitored Asset, the Asset may be configured to collect log messages from the audit log of an Oracle database. In the Monitored Asset's properties, you can assign multiple Log Sources, and each Log Source represents a database instance or view. This topic explains how to add Log Sources to these Assets, as well as how to configure the Log Sources.
To work with the Log Sources assigned to a Monitored Asset with an Oracle Database Collector:
1. | In the side bar, select Resources >Configuration Manager. |
2. | In the side bar of the Configuration Manager, select Resources >Monitored Assets. |
TLC presents your Monitored Assets in the workspace table.
Tip |
You can sort, group, and filter the contents of tables. For more information, see Working with Tables). |
---|
3. | In the workspace, double-click the Monitored Asset. |
4. | In the Monitored Asset properties dialog, select the Log Sources tab. |
5. | To add a Log Source: |
a. | Click Add. |
b. | In the Log Source Name field, enter a name of your choosing. |
c. | Complete the Log Source properties dialog (see Table 55). |
d. | Click Test Connection to verify your settings. |
e. | Click OK. |
To change the properties of a Log Source:
a. | Double-click the Log Source and edit the Log Source properties dialog (see Table 55). |
b. | Click Test Connection to verify your settings. |
c. | Click OK. |
To define a schedule for the collection of log messages from a Log Source:
a. | In the Log Source properties dialog, select the Collection Schedule tab (see Table 55). |
b. | Enter the default Collection Interval. |
c. | Select the Collection Enabled check box for each day of the week on which you want TLC to collect log messages. |
d. | (Optional) To prevent the collection of log messages during a specific time period on a given day of the week, define a maintenance window with the Start and Duration fields for that day. For example, to create a maintenance window from 2AM-4AM on Thursdays, enter 2AM in the Start field and 2 hours as the Duration. |
Note |
A maintenance window can extend into the following day. For example, if the Collection Interval is 3 hours, TLC will collect log messages every 3 hours by default. If the Collection Enabled check box is selected for Saturday, the first collection on each Saturday would occur at 3AM. However, if a 6-hour maintenance window starts on Friday at 11PM, the window would extend to 5AM on Saturday morning. Therefore, TLC would not collect log messages from the Log Source at 3AM on Saturday morning. Instead, the first collection on Saturday would occur at 6AM. |
---|
To remove a Log Source, select the Log Source and click Delete.
To enable the collection of log messages from a Log Source, select the Log Source and clickEnable.
To disable a Log Source, select the Log Source and clickDisable.
6. | Once all Log Sources have been configured for the Asset, click OK to close the Monitored Asset properties dialog. |
Tab |
Description |
---|---|
Database Properties - Standard tab |
This tab defines the following properties for the Log Source (i.e. a database instance or view). Stored Procedure. The stored procedure with which TLC accesses the Log Source. IP address. The host name or IP address of the Monitored Asset. Username and Password. Login credentials for the Oracle user account with which TLC will authenticate. Tip: In the Asset Groups page of the Configuration Manager, you can change the password for all Monitored Assets in an Asset Group at the same time (see Working with Asset Groups). Max log messages per transaction. The maximum number of log messages that can be sent to TLC in a single batch. Oracle Security. 'Default' security requires a port number and System ID (SID) that identifies the Log Source, and 'Advanced (Encrypted DB)' employs Oracle Advanced Security. To configure 'Default' security: 1. Select Default. 2. In the Port field, enter the port by which the Log Source will send log messages to TLC. 3. In the SID field, enter the System ID (SID) that identifies the Log Source. 4. (Optional) In the Database Properties - Advanced tab, define further configuration parameters for connections between TLC and the Log Source. To configure 'Advanced (Encrypted DB)' security: 1. Select Advanced (Encrypted DB). 2. In the Network Service Name (NSN) field, enter the Oracle database's NSN. Important: To employ the 'Advanced (Encrypted DB)' setting, the following prerequisites must first be met: Oracle Advanced Security must be enabled on the Oracle server. The Oracle Client Library must be installed on the TLC Manager host system. The sqlnet.ora file must be configured for compatibility with the Oracle server. The tnsnames.ora file must be configured with the database's NSN and other relevant entries to support the connection between the database and the TLC Log Source. (All values in the tnsnames.ora file will override other settings, including the IP address specified in this tab.) For further details, see your Oracle Client Library documentation. |
Database Properties - Advanced tab |
This tab contains configuration parameters for connections between TLC and the Log Source. To display the description for a parameter at the bottom of the Advanced tab, select the parameter. Notes: The Advanced tab only appears if Default is selected for the Oracle Security setting in the Database Properties - Standard tab. TLC concatenates the values entered in the fields of the Standard and Advanced tabs to form a Connection String. Before saving the Log Source in the System Database, TLC encrypts the Connection String. To successfully save the encrypted string, the total number of characters entered in these tabs cannot exceed 700. Caution: Tripwire recommends that you do not change the default value for the Min Pool Size field of the Advanced tab. If this value is too large, it may result in system instability and excessive memory usage. |
Collection Schedule |
Defines the schedule for the collection of log messages from the Log Source. Collection Interval. The amount of time between the end of one collection and the beginning of the next. Collection Enabled. To enable the collection of log messages on a given day of the week, select this check box. Day of the Week. The day of the week (Monday, Tuesday, etc.). Maintenance Windows. (Optional) For each day of the week, you can define a single time period in which TLC will not attempt to collect log messages from the Log Source. |