Accenture MDR Quick Start Guide for Oracle® Database

Owned by KM (Unlicensed)
Last updated: Aug 02, 2024 by Aparna Rr
9 min read

This quick start guide will help Accenture MDR customers configure Oracle® Database to allow log collection from the Log collection Platform (LCP).

 

The document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

NOTE: From version 21c, the Traditional Auditing will be deprecated and only Unified auditing will be supported. Traditional Auditing and XML Auditing are supported till version 19c. From version 21c Unified auditing will be supported.

Port Requirements

Table 1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

LCP

Oracle 

1521 (TCP)

Default port

Configuring Oracle Database

 Note: Oracle introduced 2 modes of auditing from Oracle version 12C. MDR collector supports only Mixed Mode Auditing. Please refer vendor documentation for more information.

  • Unified auditing - New auditing

  • Mixed mode auditing - This enables both traditional and unified auditing

 

The Oracle Database collector requires a read-only database user account to query events. You can set up Oracle Database user accounts in the following ways:

 

To create a read-only database user account using Oracle 10g or 11g Enterprise Manager

  1. Login to the Oracle Database as a user with permissions to create roles and users with Enterprise Manager.

  2. On the Database Instance page, click the Administration tab.

  3. Under Users & Privileges, click Roles.

  4. On the Roles page, click Create.

  5. On the Create Role page, in the Name field, type a new role name. For example, ReadOnlyRole.

  6. Click System Privileges, and then click Edit List.

  7. In the Available System Privileges list, select the privilege named SELECT.

  8. Do one of the following steps:

  • If Oracle Auditing is configured to use the Database Audit Trail, select the DBA_AUDIT_TRAIL view.

  • If Oracle Auditing is configured to use the XML Audit Trail, select the V_$XML_AUDIT_TRAIL view.

9. Click Move so that the privileges appear in the Selected System Privileges list.

10.Click OK and then click OK again to create the role.

11.Click the link Database Instance:database_name.

12.On the Administration tab, under Users & Privileges, click Users.

13.click Create.

14.On the Create User page, perform the following tasks in the order given:

  • In the Name field, type a username. For example, READONLYUSER.

  • In the Profile field, leave the value as DEFAULT.

  • In the Authentication field, leave the value as PASSWORD.

  • In the Enter Password and Confirm Password fields, type a password and confirm it.

  • In the Default Tablespace field, type a default table space for the user. For example, USERS.

  • In the Temporary Tablespace field, type a temporary table space for the user. For example, TEMP.

  • Click Roles.

  • On the Roles page, click Edit List.

  • In the Available Role list, select the role that you created in step4.

  • Click Move so that the role appears in the Selected Roles list.

  • Click OK and then click OK again to create the user with read-only access to the database tables.

To create a read-only database user account using Oracle 12c Enterprise Manager

  1. Login to the Oracle database as a user with permissions to create roles and users with Enterprise Manager.

  2. On the Database Instance page, click the Security tab.

  3. Under Security, click Roles.

  4. On the Roles page, click Create.

  5. On the Create Role page, in the Name field, type a new role name. For example, ReadOnlyRole.

  6. Click System Privileges and then click Edit List.

  7. In the Available System Privileges list, select the privilege named SELECT.

  8. Do one of the following steps:

  • If Oracle Auditing is configured to use the Database Audit Trail, select DBA view.

  • If Oracle Auditing is configured to use the XML Audit Trail, select Audit_Viewer view.

9.Click Move so that the privileges appear in the Selected System Privileges list.

10.Click OK and then click OK again to create the role.

11.Click the link Database Instance:database_name.

12.On the Security tab, under Users & Privileges, click Users.

13.Click Create.

14.On the Create User page, perform the following tasks in the order given:

  • In the Name field, type a user name. For example, READONLYUSER.

  • In the Profile field, leave the value as DEFAULT.

  • In the Authentication field, leave the value as PASSWORD.

  • In the Enter Password and Confirm Password fields, type a password and confirm it.

  • In the Default Tablespace field, type a default table space for the user. For example, USERS.

  • In the Temporary Tablespace field, type a temporary table space for the user. For example, TEMP.

  • Click Roles.

  • On the Roles page, click Edit List.

  • In the Available Role list, select the role that you created in step4.

  • Click Move so that the role appears in the Selected Roles list.

  • Click OK and then click OK again to create the user with read-only access to the database tables.

Note: For Oracle 12c Enterprise Manager, the username should start with c##parameter, for example c##read_only_user.

 

To create a read-only Oracle Database user account using SQLPlus

  1. To start SQLPlus without logging in to a database, at the command prompt, type the following: sqlplus /nolog;

  2. To connect as a system database administrator, at the SQLPlus prompt, type the following command: connect sys/password@SID as sysdba;

  3. To create a read-only user, at the SQLPlus prompt, type the following commands:

create user <read_only_user> identified by <password>;  grant connect to <read_only_user>;

4. Do one of the following steps:

  • If Oracle Auditing is configured to use Database Audit Trail, type the following command: 

grant select on DBA_AUDIT_TRAIL to <read_only_user>;

  • If Oracle Auditing is configured to use XML Audit Trail, type the following command: 

grant select on V_$XML_AUDIT_TRAIL to <read_only_user>;

​ 5. To grant select privileges for the database user, type the following commands:

6. Type the following commands:

 

  • If DBA_AUDIT_TRAIL is enabled, use following command : 

  • If XML_Audit_trail is enabled, use the following command: 

 

Note:

Users need to have execute permission on sys.utl_inaddr. To grant select privileges for the database user, type the following SQLPlus command:

 

To create a read-only Oracle database user by using SQLPlus for 21c:

  • To start SQLPlus without logging in to a database, at a command prompt, type the following: 

  • To connect as a system database administrator, at the SQLPlus prompt, type the following command: 

  • To create a read-only user, at the SQLPlus prompt, type the following commands:

  • To grant select privileges for the database user, type the following commands:

  • Type the following commands: 

To enable auditing in an Oracle Database

For Oracle Database to work with the collector, you must complete the following procedures in the order shown:

Please consult your Oracle Database administrator before you proceed with any Oracle-related procedures.

 

To enable auditing in the Oracle 10g, 11g, or 12c database

  1. On the Oracle computer, start SQLPlus without connecting to a database by typing the following command

2. To connect to the database as a system administrator, at the SQL prompt, type the following command

  1. Do one of the following steps:

  • To configure Oracle Auditing to use Database audit trail, at the command prompt type the following command

  • To configure Oracle Auditing to use XML audit trail, at the command prompt type the following command

4. ​To shut down the database, type the following command: 

 

Note: Please consult a Oracle Database administrator before executing the above command. For Windows, restart Oracle services.

5. To restart the database, type the following command: startup

6. For Oracle 10g database, set up the audit events using the examples in the following website: http://www.oracle-base.com/articles/10g/Auditing_10gR2.php

7. For Oracle 11g database, set up the audit events using the examples in the following website: http://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_auditing.htm

8. For Oracle 12c database, set up the audit events using the examples in the following website: http://docs.oracle.com/database/121/DBSEG/audit_config.htm

  • To Enable unified auditing in the Oracle 21c

 To enable unified auditing:

  1. Log in to SQL*Plus as user SYS with the SYSDBA administrative privilege.

  2. Run the following query to find out if your database has been migrated to use unified auditing. Enter Unified Auditing in the case shown here.

    If the output for the VALUE column is FALSE, then complete the remaining steps in this section to migrate to unified auditing. If the output is TRUE, then unified auditing is enabled by-default.

  3. Stop the database.

    For single-instance installations, enter the following commands from SQL*Plus:

    For Windows systems, stop the Oracle service:

    For Oracle Real Application Clusters (Oracle RAC) installations, shut down each database instance as follows:

  4. Stop the listener. (Stopping the listener is not necessary for Oracle RAC and Grid Infrastructure listeners.)

    You can find the name of the listener by running the lsnrctl status command. The name is indicated by the Alias setting.

  5. Go to the $ORACLE_HOME/rdbms/lib directory.

  6. Enable the unified auditing executable.

    • UNIX: Run the following command:

    • Windows: Rename the %ORACLE_HOME%/bin/orauniaud12.dll.option file to %ORACLE_HOME%/bin/orauniaud12.dll.

  7. Restart the listener.

  8. Restart the database. Log in to SQL*Plus and then enter the STARTUP command as follows:

    For Windows systems, start the Oracle service again.

    For Oracle RAC installations, from a command line, restart the database as follows:

When using Windows, you can restart Oracle.

  1. Restart by typing the following command: startup

  2. For the Oracle 10g database, set up the audit events using the examples at the following Web site: http://www.oracle-base.com/articles/10g/Auditing_10gR2.php

  3. For the Oracle 11g database, set up the audit events using the examples at the following Web site: http://download.oracle.com/docs/cd/E11882_01/network.112/e16543/ auditing.htm#BCGIDBFI

To configure auditing for an Oracle 10g, 11g, or 12c database user account

Oracle Auditing is highly customizable and the design of an auditing policy may vary depending on your needs. The following procedure is one example of Oracle Auditing.

  1. At a command prompt, start SQLPlus without connecting to a database by typing the following command

2. To connect to the database as an administrator, at the SQL prompt, type the following command: 

3. To configure auditing for the database user, at the SQL prompt, type the following commands:

Adding support for 21c and Above

This step will be performed by Accenture MxDR team at the LCP.

  1. If the DB version is 21c and above then Traditional Auditing will be deprecated and Unified logging will be enabled.

  2. We need to copy the config.xml file to collector folder.

  3. Go to collector folder.

4. Rename the config.xml with config.xml.bak

5. Go to Utils folder.

6. Under Utils folder there will be a folder named “Unified_Auditing_21c".

7. Copy the file and paste it to collector directory with the below given command

8. Provide the proper permission and ownership to new config.xml

Creating New Request for Monitoring

Once the device is configured as outlined in the steps above and all network pre-requisites have been made, you are now ready to onboard it for MDR monitoring. To complete this process, submit a New Request via the MDR Portal at https://mss.accenture.com/. This new request should contain the following information:

  1. Reporting LCP Hostname/IP Address:

  2. Database Hostname/IP Address and Database port:

  3. User Name (Read-only):

  4. Password:

If you have any questions about this process, please contact your Onboarding Engineer or Service Manager.

LCP Configuration Parameters

Table 1-2: The Oracle Database event collector (DB - 3465) properties to be configured by MDR are shown in the table.

Property

Default Value

Description

Database URL

jdbc:oracle:thin:@<host IP>:<port>:<SID>

OR

jdbc:oracle:thin:@//<IP/HOST>:<port>/<Service_Name>

Example: jdbc:oracle:thin:@1.2.3.4:1521:orcl

OR

Ex : jdbc:oracle:thin:@//1.1.1.1:1521/orcl [where 1.1.1.1 -> Host IP , 1521 -> DB Connection Port and orcl -> Service Name]

NOTE : We are now supporting the connection string with service_name to connect to DB . Both connection strings [<SID> and <service_name>] will work irrespective of DB versions.

UserName

Custom Value

The username for the database account mentioned in the Pre-Installation Questionnaire (PIQ).

Password

Custom Value

The password for the database account mentioned in the PIQ

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.