Oracle Audit Vault is aptly named; the Oracle Audit Vault is a vault in which data about audit logs is placed, and it is based on two key concepts. First, Oracle Audit Vault is designed to secure data at its source. Second, Oracle Audit Vault is designed to be a data warehouse for audit data.
The Oracle Audit Vault by itself does not generate audit data. Before the Oracle Audit Vault can be used, standard auditing needs to be first enabled in the source databases. Once auditing is enabled in the source databases, the Oracle Audit Vault collects the log and audit data, but does not replicate, copy and/or collect the actual data. This design premise of securing audit data at the source and not replicating it differentiates the Oracle Audit Vault from other centralized logging solutions.
Once log and audit data is generated in source databases, Oracle Audit Vault agents are installed on the source database(s) to collect the log and audit data and send it to the Audit Vault server. By removing the log and audit data from the source system and storing it in the secure Audit Vault server, the integrity of the log and audit can be ensured and proven that it has not been tampered with. The Oracle Audit Vault is designed to be a secure data warehouse of information of log and audit data.
Application Log and Audit Data
For applications, a key advantage to the Audit Vault’s secure-at-the-source approach is that the Oracle Audit Vault is transparent. To use the Oracle Audit Vault with applications such as the Oracle E-Business Suite or SAP, standard Oracle database auditing only needs to be enabled on the application log and audit tables. While auditing the application audit tables might seem duplicative, the advantage is that the integrity of the application audit data can be ensured (proven that it has not been tampered with) while not having to replicate or copy the application log and audit data.
For example, the Oracle E-Business Suite has the ability to log user login attempts, both successful and unsuccessful. To protect the E-Business Suite login audit tables, standard Oracle database auditing first needs to be enabled. An Oracle Audit Vault agent will then collect information about the E-Business Suite login audit tables. If any deletes or updates occur to these tables, the Audit Vault would then alert and report the incident. The Audit Vault is transparent to the Oracle E-Business Suite, no patches are required for the Oracle E-Business Suite to be used with the Oracle Audit Vault.
Figure 1 Secure At-Source for Application Log and Audit data
Figure 2 Vault of Log and Audit Data
If you have questions, please contact us at mailto:firstname.lastname@example.org