Accenture MDR Quick Start Guide for Oracle® Database

This quick start guide will help Accenture MDR customers configure Oracle® Database to allow log collection from the Log collection Platform (LCP).

The document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

NOTE: From version 21c, the Traditional Auditing will be deprecated and only Unified auditing will be supported. Traditional Auditing and XML Auditing are supported till version 19c. From version 21c Unified auditing will be supported.

Port Requirements

Table 1-1: Port requirements for LCP communication.

Configuring Oracle Database

 Note: Oracle introduced 2 modes of auditing from Oracle version 12C. MDR collector supports only Mixed Mode Auditing. Please refer vendor documentation for more information.

• Unified auditing - New auditing

• Mixed mode auditing - This enables both traditional and unified auditing

The Oracle Database collector requires a read-only database user account to query events. You can set up Oracle Database user accounts in the following ways:

• For Oracle 10g or 11g Enterprise Manager, see To create a read-only database user account using Oracle 10g or 11g Enterprise Manager.

• For Oracle 12c Enterprise Manager, see To create a read-only database user account using Oracle 12c Enterprise Manager.

• For SQLPlus, see To create a read-only Oracle database user account.

• For SQLPlus 21c, To create a read-only Oracle database user by using SQLPlus for 21c

1. Login to the Oracle Database as a user with permissions to create roles and users with Enterprise Manager.

2. On the Database Instance page, click the Administration tab.

3. Under Users & Privileges, click Roles.

4. On the Roles page, click Create.

5. On the Create Role page, in the Name field, type a new role name. For example, ReadOnlyRole.

6. Click System Privileges, and then click Edit List.

7. In the Available System Privileges list, select the privilege named SELECT.

8. Do one of the following steps:

• If Oracle Auditing is configured to use the Database Audit Trail, select the DBA_AUDIT_TRAIL view.

• If Oracle Auditing is configured to use the XML Audit Trail, select the V_$XML_AUDIT_TRAIL view.

9. Click Move so that the privileges appear in the Selected System Privileges list.

10.Click OK and then click OK again to create the role.

11.Click the link Database Instance:database_name.

12.On the Administration tab, under Users & Privileges, click Users.

13.click Create.

14.On the Create User page, perform the following tasks in the order given:

• In the Name field, type a username. For example, READONLYUSER.

• In the Profile field, leave the value as DEFAULT.

• In the Authentication field, leave the value as PASSWORD.

• In the Enter Password and Confirm Password fields, type a password and confirm it.

• In the Default Tablespace field, type a default table space for the user. For example, USERS.

• In the Temporary Tablespace field, type a temporary table space for the user. For example, TEMP.

• Click Roles.

• On the Roles page, click Edit List.

• In the Available Role list, select the role that you created in step4.

• Click Move so that the role appears in the Selected Roles list.

• Click OK and then click OK again to create the user with read-only access to the database tables.

1. Login to the Oracle database as a user with permissions to create roles and users with Enterprise Manager.

2. On the Database Instance page, click the Security tab.

3. Under Security, click Roles.

4. On the Roles page, click Create.

5. On the Create Role page, in the Name field, type a new role name. For example, ReadOnlyRole.

6. Click System Privileges and then click Edit List.

7. In the Available System Privileges list, select the privilege named SELECT.

8. Do one of the following steps:

• If Oracle Auditing is configured to use the Database Audit Trail, select DBA view.

• If Oracle Auditing is configured to use the XML Audit Trail, select Audit_Viewer view.

9.Click Move so that the privileges appear in the Selected System Privileges list.

10.Click OK and then click OK again to create the role.

11.Click the link Database Instance:database_name.

12.On the Security tab, under Users & Privileges, click Users.

13.Click Create.

14.On the Create User page, perform the following tasks in the order given:

• In the Name field, type a user name. For example, READONLYUSER.

• In the Profile field, leave the value as DEFAULT.

• In the Authentication field, leave the value as PASSWORD.

• In the Enter Password and Confirm Password fields, type a password and confirm it.

• In the Default Tablespace field, type a default table space for the user. For example, USERS.

• In the Temporary Tablespace field, type a temporary table space for the user. For example, TEMP.

• Click Roles.

• On the Roles page, click Edit List.

• In the Available Role list, select the role that you created in step4.

• Click Move so that the role appears in the Selected Roles list.

• Click OK and then click OK again to create the user with read-only access to the database tables.

Note: For Oracle 12c Enterprise Manager, the username should start with c##parameter, for example c##read_only_user.

1. To start SQLPlus without logging in to a database, at the command prompt, type the following: sqlplus /nolog;

2. To connect as a system database administrator, at the SQLPlus prompt, type the following command: connect sys/password@SID as sysdba;

3. To create a read-only user, at the SQLPlus prompt, type the following commands:

4. Do one of the following steps:

• If Oracle Auditing is configured to use Database Audit Trail, type the following command: 

• If Oracle Auditing is configured to use XML Audit Trail, type the following command: 

​ 5. To grant select privileges for the database user, type the following commands:

6. Type the following commands:

• If DBA_AUDIT_TRAIL is enabled, use following command : 

• If XML_Audit_trail is enabled, use the following command: 

Note:

Users need to have execute permission on sys.utl_inaddr. To grant select privileges for the database user, type the following SQLPlus command:

• To start SQLPlus without logging in to a database, at a command prompt, type the following: 

• To connect as a system database administrator, at the SQLPlus prompt, type the following command: 

• To create a read-only user, at the SQLPlus prompt, type the following commands:

• To grant select privileges for the database user, type the following commands:

• Type the following commands: 

To enable auditing in an Oracle Database

For Oracle Database to work with the collector, you must complete the following procedures in the order shown:

• Enable auditing in the Oracle Database. See “To enable auditing in the Oracle 10g, 11g, or 12c database”

• Enable auditing in the Oracle Database. See “To Enable unified auditing in the Oracle 21c”

• Configure auditing for a database user account. See “To configure auditing for an Oracle 10g, 11g, or 12c database user account”

• Adding support for 21c and Above

Please consult your Oracle Database administrator before you proceed with any Oracle-related procedures.

1. On the Oracle computer, start SQLPlus without connecting to a database by typing the following command

2. To connect to the database as a system administrator, at the SQL prompt, type the following command

1. Do one of the following steps:

• To configure Oracle Auditing to use Database audit trail, at the command prompt type the following command

• To configure Oracle Auditing to use XML audit trail, at the command prompt type the following command

4. ​To shut down the database, type the following command: 

Note: Please consult a Oracle Database administrator before executing the above command. For Windows, restart Oracle services.

5. To restart the database, type the following command: startup

6. For Oracle 10g database, set up the audit events using the examples in the following website: http://www.oracle-base.com/articles/10g/Auditing_10gR2.php

7. For Oracle 11g database, set up the audit events using the examples in the following website: http://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_auditing.htm

8. For Oracle 12c database, set up the audit events using the examples in the following website: http://docs.oracle.com/database/121/DBSEG/audit_config.htm

• To Enable unified auditing in the Oracle 21c

 To enable unified auditing:

1. Log in to SQL*Plus as user SYS with the SYSDBA administrative privilege.

2. Run the following query to find out if your database has been migrated to use unified auditing. Enter Unified Auditing in the case shown here.

   If the output for the VALUE column is FALSE, then complete the remaining steps in this section to migrate to unified auditing. If the output is TRUE, then unified auditing is enabled by-default.

3. Stop the database.

   For single-instance installations, enter the following commands from SQL*Plus:

   For Windows systems, stop the Oracle service:

   For Oracle Real Application Clusters (Oracle RAC) installations, shut down each database instance as follows:

4. Stop the listener. (Stopping the listener is not necessary for Oracle RAC and Grid Infrastructure listeners.)

   You can find the name of the listener by running the lsnrctl status command. The name is indicated by the Alias setting.

5. Go to the $ORACLE_HOME/rdbms/lib directory.

6. Enable the unified auditing executable.

   • UNIX: Run the following command:

   • Windows: Rename the %ORACLE_HOME%/bin/orauniaud12.dll.option file to %ORACLE_HOME%/bin/orauniaud12.dll.

7. Restart the listener.

8. Restart the database. Log in to SQL*Plus and then enter the STARTUP command as follows:

   For Windows systems, start the Oracle service again.

   For Oracle RAC installations, from a command line, restart the database as follows:

When using Windows, you can restart Oracle.

1. Restart by typing the following command: startup

2. For the Oracle 10g database, set up the audit events using the examples at the following Web site: http://www.oracle-base.com/articles/10g/Auditing_10gR2.php

3. For the Oracle 11g database, set up the audit events using the examples at the following Web site: http://download.oracle.com/docs/cd/E11882_01/network.112/e16543/ auditing.htm#BCGIDBFI

Oracle Auditing is highly customizable and the design of an auditing policy may vary depending on your needs. The following procedure is one example of Oracle Auditing.

1. At a command prompt, start SQLPlus without connecting to a database by typing the following command

2. To connect to the database as an administrator, at the SQL prompt, type the following command: 

3. To configure auditing for the database user, at the SQL prompt, type the following commands:

This step will be performed by Accenture MxDR team at the LCP.

1. If the DB version is 21c and above then Traditional Auditing will be deprecated and Unified logging will be enabled.

2. We need to copy the config.xml file to collector folder.

3. Go to collector folder.

4. Rename the config.xml with config.xml.bak

5. Go to Utils folder.

6. Under Utils folder there will be a folder named “Unified_Auditing_21c".

7. Copy the file and paste it to collector directory with the below given command

8. Provide the proper permission and ownership to new config.xml

Creating New Request for Monitoring

Once the device is configured as outlined in the steps above and all network pre-requisites have been made, you are now ready to onboard it for MDR monitoring. To complete this process, submit a New Request via the MDR Portal at https://mss.accenture.com/. This new request should contain the following information:

1. Reporting LCP Hostname/IP Address:

2. Database Hostname/IP Address and Database port:

3. User Name (Read-only):

4. Password:

If you have any questions about this process, please contact your Onboarding Engineer or Service Manager.

LCP Configuration Parameters

Table 1-2: The Oracle Database event collector (DB - 3465) properties to be configured by MDR are shown in the table.