Download Configuring the AV collection agent to utilize the bequeath protocol

Configuring the AV collection agent to utilize the bequeath protocol
Overview
In environments where an application resides on the same server as the database, it becomes
beneficial to utilize the bequeath protocol for connections between the application and the
server. The bequeath protocol is a SQL*Net protocol that is similar to the IPC protocol in that it
is only used for local connections (when client and server programs reside on the same server).
Bequeath protocol connections do not require a listener and can only establish Dedicated
Server connections. In addition to being dedicated connections, bequeath protocol
connections are also quicker than similar TCP/IP protocol connections. To illustrate the
efficiency of these types of connections, Oracle automatic storage management (ASM) utilizes
the bequeath protocol connections for its normal operations where it does not introduce any
network overhead to I/O operations.
NOTE – You should ONLY consider utilizing bequeath protocol connections in situations
where the applications reside on the SAME server as the database it is connecting to.
Configuring a bequeath protocol connection for the AV agent
1. Log into the AV console as the Audit Vault Administrator (AVADMIN) user.
2. At the Collectors admin screen, select the collectors that are on the server you are configuring, then
click Stop. Once the affected collectors have been stopped successfully, click on the Agents link at
the top left of the screen to go to the Agents management screen.
3. Select the agent on the server to by configured, then click Stop. Once the agent has been
successfully shut down, log out of the AV server console.
4. Open a terminal session to the server where the agent resides (which should be the same home of
the source database), and set the environment in the following manner, substituting the proper
paths where necessary:
ORACLE_HOME=/apps/oracle/product/10.2/avagent_1; export ORACLE_HOME
LD_LIBRARY_PATH=$ORACLE_HOME/lib; export LD_LIBRARY_PATH
PATH=$ORACLE_HOME/bin:/usr/local/bin:/usr/bin:/etc:/home/oracle/bin:/usr/kerberos/bin:/u
sr/local/bin:/bin:/usr/bin:/usr/X11R6/bin; export PATH
unset $TNS_ADMIN
unset $TWO_TASK
PS1="$HOST:\$PWD >"; export PS1
unset $ORACLE_SID
unset CLASSPATH
DISPLAY=localhost:10.0; export DISPLAY
5. Stop the OC4J process by executing “avctl stop_oc4j” at the command line
wsoosi03:/home/oracle >avctl stop_oc4j
AVCTL started
Stopping OC4J...
OC4J stopped successfully.
wsoosi03:/home/oracle >
6. Go to the $ORACLE_HOME/network/admin location and make a copy of the existing tnsnames.ora
file in case it is necessary to back out any changes made.
wsoosi03:/apps/oracle/product/10.2/avagent_1/network/admin >ls -l
total 24
drwxr-x--- 2 oracle dba 4096 Jul 25 16:29 avwallet
drwxr-x--- 2 oracle dba 4096 Jul 25 16:25 samples
-rw-r--r-- 1 oracle dba 172 Dec 26 2003 shrept.lst
-rw-r----- 1 oracle dba 332 Jul 25 16:29 sqlnet.ora
-rw-r----- 1 oracle dba 1421 Jul 30 08:33 tnsnames.ora
-rw-r----- 1 oracle dba 439 Jul 30 08:29 tnsnames.ora.20080730
wsoosi03:/apps/oracle/product/10.2/avagent_1/network/admin >cp tnsnames.ora
tansnames.bak
wsoosi03:/apps/oracle/product/10.2/avagent_1/network/admin >ls -l
total 28
drwxr-x--- 2 oracle dba 4096 Jul 25 16:29 avwallet
drwxr-x--- 2 oracle dba 4096 Jul 25 16:25 samples
-rw-r--r-- 1 oracle dba 172 Dec 26 2003 shrept.lst
-rw-r----- 1 oracle dba 332 Jul 25 16:29 sqlnet.ora
-rw-r----- 1 oracle dba 1421 Jul 30 09:00 tansnames.bak
-rw-r----- 1 oracle dba 1421 Jul 30 08:33 tnsnames.ora
-rw-r----- 1 oracle dba 439 Jul 30 08:29 tnsnames.ora.20080730
wsoosi03:/apps/oracle/product/10.2/avagent_1/network/admin >
7. Now that we have a backup plan, open the tnsnames.ora file. There should be only two connection
definitions present; one for the AV server (called AV by default), and one for the source database
(called SRCDB1 by default):
# begining of Audit Vault configuration
AV = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = wso-vorloav01.corp.omniamerican.org)(PORT = 1522))(CONNECT_DATA = (SERVICE_NAME =
av.corp.omniamerican.org)))
# end of Audit Vault configuration
# Alias for TRN1.CORP.OMNIAMERICAN.ORG
SRCDB1 =
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=wsoosi03.corp.omniamerican.org)(PORT=152
1))(CONNECT_DATA=(SERVICE_NAME=ORATRN1.corp.omniamerican.org)))
8. Comment out the definition for the source database by placing a pound sign (#) in front of it:
# begining of Audit Vault configuration
AV = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = wso-vorloav01.corp.omniamerican.org)(PORT = 1522))(CONNECT_DATA = (SERVICE_NAME =
av.corp.omniamerican.org)))
# end of Audit Vault configuration
# Alias for TRN1.CORP.OMNIAMERICAN.ORG
#SRCDB1 =
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=wsoosi03.corp.omniamerican.org)(PORT=152
1))(CONNECT_DATA=(SERVICE_NAME=ORATRN1.corp.omniamerican.org)))
9. Create a new source database connect string with the following format (you may want to preface
this entry with a comment in case of later administration questions):
#Added by J. Adams on 7/30/08 to utilize bequeath protocol
SRCDB1 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = BEQ)
(PROGRAM = /apps/oracle/product/10.2/db_3/bin/oracle)
(ARGV0 = ORATRN1)
(ARGS = '(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))')
(ENVS = 'ORACLE_HOME=/apps/oracle/product/10.2/db_3,ORACLE_SID=TRN1')
)
)
(CONNECT_DATA = (SID = TRN1))
)



For the PROGRAM argument, utilize the ORACLE_HOME location of the source
database, not the agent home.
For the ARGV0 argument, utilize the actual name of the database, obtained by querying
the name column from the v$database view in the database.
For the ORACLE_SID, and SID arguments, utilize the name of the listener instance for the
source database.
10. Once these changes are made, save the file and exit.
11. Test the new connect string by starting an SQL*Plus session and utilizing the new connect string to
try to connect to the source database:
wsoosi03:/home/oracle >sqlplus srctrn1@srcdb1
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Jul 30 09:27:06 2008
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Enter password:
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, Oracle Label Security, Data Mining, Oracle Database Vault
and Real Application Testing options
SQL>
12. If the connection was successful, execute “ps –ef | grep LOCAL | grep beq” at the command line and
you should see the connection process:
oracle 22362 1 0 09:27 ?
00:00:00 ORATRN1
(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))
13. From this point you can restart the agent and collectors.
a. Follow the instructions in step 5, but execute the command “avctl start_oc4j” to start the
OC4J process.
b. Log into the AV console as the Audit Vault Administrator (AVADMIN) user.
c. Follow the instructions in step 3, starting the agent instead of stopping it.
d. Follow the instructions in step 2, staring the collectors instead of stopping them.