Oracle Audit Vault 10.3
Oracle Audit Vault是甲骨文公司的数据库安全解决方案系列产品中的一员。
该产品系列包括:
Oracle Advanced Security
Oracle Database Vault
Oracle Label Security
Oracle Data Masking
Oracle Total Recall
(该系列产品旨在帮助企业透明的保护数据免于泄露的威胁;并且在不变更已有应用的情况下,满足法规要求。)
同时,Audit Vault也是甲骨文公司面向数据库审计与活动监控的全面解决方案,它提供了报告、预警以及合规性的完整功能,可以帮助企业保护所有企业数据库的同时,满足相关的法规的要求。
其中,合法性指的是:
满足美国萨班法案(Sarbanex-Oxley)、美国HIPAA法案(Health Insurance Portability and Accountability Act)、支付卡行业数据安全标准(PCI DSS)等法规对数据库活动的监控和审计要求。
通过Oracle Audit Vault,审计数据被自动的整合到一个高度安全的集中式数据存储库中。
该数据存储库基于Oracle的数据仓库技术。
在审计数据被整合后,可以根据企业的现状指定针对性的策略,以便进行实时的分析。
————————————————————
本文基于Oracle Audit Vault 10.3的版本,简要呈现在搭建Oracle Audit Vault架构的过程中需要注意的技术细节。
一、下载软件介质
下载Audit Vault,需要登录Oracle edelivery网站:
URL:edelivery.oracle.com
可以看到,当前最新版的Oracle AV的版本是:12.1.2.2.0。
这里,下载版本:10.3.0.0.0
其中,Server与Agent都需要下载。
如果访问不了该网站,或遇到区域限制的错误。
可以从以下分享下载:
Oracle Audit Vault Server 10.3.0.0.0 for Linux x86-64:
[V30686-01.zip][2.13 GB] http://t.cn/Rh32RRb
Oracle Audit Vault Agent 10.3.0.0.0 for Linux x86-64:
[V30687-01.zip][574.62 MB] http://t.cn/Rh32RqX
二、Oracle Audit Vault Server:Preinstallation
在正式安装Oracle Audit Vault软件之前,你需要以root用户登录系统,完成预配置的任务。
硬件需求:
1.最少1GB物理内存
2.对于SWAP的要求:
内存小于512MB,SWAP为物理内存大小的两倍。
内存在1GB到2GB之间,SWAP为物理内存大小的1.5倍。
内存在2GB到8GB之间,SWAP的大小和物理内存的大小一致。
内存超过8GB的时候,SWAP的大小为物理内存的0.75倍。
3./tmp挂载点最少400MB
4.Oracle Audit Vault Server的软件目录至少需要4GB
5.除了软件目录的空间,额外最少空出1.6GB用于Oracle Audit Vault审计数据库的数据存放。后期,随着数据的增大,数据空间的需求有很大可能超过1.6GB。
1 2 3 4 5 6 7 8 |
[root@avs ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 2.3G 11G 18% / /dev/sda3 1.5G 35M 1.4G 3% /tmp /dev/sda1 494M 17M 453M 4% /boot tmpfs 2.0G 0 2.0G 0% /dev/shm /dev/hdc 3.3G 3.3G 0 100% /iso [root@avs ~]# |
内存的状态:
1 2 3 4 5 6 7 8 9 10 |
[root@avs ~]# free -m total used free shared buffers cached Mem: 3947 946 3001 0 66 654 -/+ buffers/cache: 225 3722 Swap: 4094 0 4094 [root@avs ~]# [root@avs ~]# grep --color MemTotal /proc/meminfo MemTotal: 4042584 kB [root@avs ~]# [root@avs ~]# |
SWAP的状态:
1 2 3 |
[root@avs ~]# grep --color SwapTotal /proc/meminfo SwapTotal: 4192956 kB [root@avs ~]# |
配置Shared Memory Filesystem:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
[root@avs ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 2.3G 11G 18% / /dev/sda3 1.5G 35M 1.4G 3% /tmp /dev/sda1 494M 17M 453M 4% /boot tmpfs 2.0G 0 2.0G 0% /dev/shm /dev/hdc 3.3G 3.3G 0 100% /iso [root@avs ~]# [root@avs ~]# umount tmpfs [root@avs ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 2.3G 11G 18% / /dev/sda3 1.5G 35M 1.4G 3% /tmp /dev/sda1 494M 17M 453M 4% /boot /dev/hdc 3.3G 3.3G 0 100% /iso [root@avs ~]# [root@avs ~]# mount -t tmpfs shmfs -o size=2048m /dev/shm [root@avs ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 2.3G 11G 18% / /dev/sda3 1.5G 35M 1.4G 3% /tmp /dev/sda1 494M 17M 453M 4% /boot /dev/hdc 3.3G 3.3G 0 100% /iso shmfs 2.0G 0 2.0G 0% /dev/shm [root@avs ~]# |
配置好YUM:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[root@avs ~]# yum repolist Loaded plugins: security Cluster | 1.1 kB 00:00 primary.xml.gz | 4.0 kB 00:00 Cluster 9/9 ClusterStorage | 1.1 kB 00:00 primary.xml.gz | 5.5 kB 00:00 ClusterStorage 13/13 VT | 1.1 kB 00:00 primary.xml.gz | 6.5 kB 00:00 VT 17/17 Server | 1.1 kB 00:00 primary.xml.gz | 1.0 MB 00:00 Server 2969/2969 repo id repo name status Cluster Cluster enabled : 9 ClusterStorage ClusterStorage enabled : 13 Server Server enabled : 2,969 VT VT enabled : 17 repolist: 3,008 [root@avs ~]# |
软件包的安装:
yum install -y binutils* compat-libstdc++* elfutils-libelf* gcc* glibc* ksh libaio* libgcc* libstdc++* make numactl-devel* sysstat
文件:/etc/sysctl.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
[root@avs ~]# cat /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Controls the maximum size of a message, in bytes kernel.msgmnb = 65536 # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 # Oracle Audit Vault net.ipv4.ip_local_port_range = 9000 65500 fs.aio-max-nr = 1048576 fs.file-max = 6815744 kernel.shmall = 2097152 kernel.shmmax = 2069803008 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 net.ipv4.ip_local_port_range = 9000 65500 net.core.rmem_default = 262144 net.core.rmem_max = 4194304 net.core.wmem_default = 262144 net.core.wmem_max = 1048586 [root@avs ~]# |
文件:/etc/security/limits.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
[root@avs ~]# cat /etc/security/limits.conf # /etc/security/limits.conf # #Each line describes a limit for a user in the form: # #<domain> <type> <item> <value> # #Where: #<domain> can be: # - an user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit # #<type> can have the two values: # - "soft" for enforcing the soft limits # - "hard" for enforcing hard limits # #<item> can be one of the following: # - core - limits the core file size (KB) # - data - max data size (KB) # - fsize - maximum filesize (KB) # - memlock - max locked-in-memory address space (KB) # - nofile - max number of open files # - rss - max resident set size (KB) # - stack - max stack size (KB) # - cpu - max CPU time (MIN) # - nproc - max number of processes # - as - address space limit # - maxlogins - max number of logins for this user # - maxsyslogins - max number of logins on the system # - priority - the priority to run user process with # - locks - max number of file locks the user can hold # - sigpending - max number of pending signals # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to # - rtprio - max realtime priority # #<domain> <type> <item> <value> # #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 # End of file # Oracle Audit Vault oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536 oracle soft stack 10240 [root@avs ~]# |
创建用户与用户组:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@avs ~]# groupadd oinstall [root@avs ~]# groupadd dba [root@avs ~]# groupadd oper [root@avs ~]# useradd -g oinstall -G dba,oper oracle [root@avs ~]# id oracle uid=500(oracle) gid=500(oinstall) groups=500(oinstall),501(dba),502(oper) [root@avs ~]# passwd oracle Changing password for user oracle. New UNIX password: BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@avs ~]# [root@avs ~]# |
设置Oracle用户的环境变量:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
[root@avs ~]# cat /home/oracle/.bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH # Oracle Audit Vault TMP=/tmp TMPDIR=/tmp export TMP TMPDIR ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE ORACLE_HOME=$ORACLE_BASE/product/10.3.0/avs_1; export ORACLE_HOME ORACLE_HOSTNAME=avs; export ORACLE_HOSTNAME ORACLE_SID=avs; export ORACLE_SID PATH=/usr/sbin:$PATH; export PATH PATH=$ORACLE_HOME/bin:$PATH; export PATH LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH [root@avs ~]# |
创建目录结构:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[root@avs ~]# mkdir /u01 [root@avs ~]# chown -R oracle.oinstall /u01/ [root@avs ~]# ll -d /u01/ drwxr-xr-x 2 oracle oinstall 4096 Oct 3 04:52 /u01/ [root@avs ~]# [root@avs ~]# su - oracle [oracle@avs ~]$ env | grep --color ORACLE_BASE ORACLE_BASE=/u01/app/oracle [oracle@avs ~]$ env | grep --color ORACLE_HOME ORACLE_HOME=/u01/app/oracle/product/10.3.0/avs_1 [oracle@avs ~]$ [oracle@avs ~]$ mkdir -p $ORACLE_BASE [oracle@avs ~]$ mkdir -p $ORACLE_HOME [oracle@avs ~]$ [oracle@avs ~]$ tree /u01/ /u01/ `-- app `-- oracle `-- product `-- 10.3.0 `-- avs_1 5 directories, 0 files [oracle@avs ~]$ |
文件:/etc/hosts
1 2 3 4 5 6 7 8 |
[root@avs ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. # Localhost 127.0.0.1 localhost # Public: eth0 192.168.56.161 avs [root@avs ~]# |
三、Oracle Audit Vault Server:Installation
上传介质:
解压介质:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
[root@avs ~]# cd /software [root@avs software]# ll total 2239148 -rw-r--r-- 1 root root 2290640807 Oct 3 04:58 V30686-01.zip [root@avs software]# unzip V30686-01.zip (输出... ...etc) inflating: av/Disk1/stage/cvu/cv/cvdata/pluggable.xsd creating: av/Disk1/stage/cvu/cv/admin/ inflating: av/Disk1/stage/cvu/cv/admin/cvu_config inflating: av/Disk1/stage/cvu/cvu_prereq.xml inflating: av/Disk1/runInstaller inflating: av/labels.txt [oracle@avs software]$ ll total 2239152 drwxr-xr-x 3 oracle oinstall 4096 Jan 19 2012 av -rwxrwxrwx 1 root root 2290640807 Oct 3 04:58 V30686-01.zip [oracle@avs software]$ cd av/ [oracle@avs av]$ ll total 8 drwxr-xr-x 5 oracle oinstall 4096 Jan 19 2012 Disk1 -rw-rw-r-- 1 oracle oinstall 2505 Jan 19 2012 labels.txt [oracle@avs av]$ cd Disk1/ [oracle@avs Disk1]$ ll total 20 drwxr-xr-x 4 oracle oinstall 4096 Jan 19 2012 install drwxrwxr-x 2 oracle oinstall 4096 Jan 19 2012 response -rwxr-xr-x 1 oracle oinstall 7150 Jan 19 2012 runInstaller drwxr-xr-x 14 oracle oinstall 4096 Jan 19 2012 stage [oracle@avs Disk1]$ |
调用OUI:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[oracle@avs Disk1]$ pwd /software/av/Disk1 [oracle@avs Disk1]$ ll total 20 drwxr-xr-x 4 oracle oinstall 4096 Jan 19 2012 install drwxrwxr-x 2 oracle oinstall 4096 Jan 19 2012 response -rwxr-xr-x 1 oracle oinstall 7150 Jan 19 2012 runInstaller drwxr-xr-x 14 oracle oinstall 4096 Jan 19 2012 stage [oracle@avs Disk1]$ export DISPLAY=192.168.56.1:0.0 [oracle@avs Disk1]$ xhost + access control disabled, clients can connect from any host [oracle@avs Disk1]$ [oracle@avs Disk1]$ ./runInstaller Starting Oracle Universal Installer... Preparing to launch Oracle Universal Installer from /tmp/OraInstall2014-10-03_05-09-40AM. Please wait ... [oracle@avs Disk1]$ [oracle@avs Disk1]$ |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
[root@avs software]# /u01/app/oraInventory/orainstRoot.sh Changing permissions of /u01/app/oraInventory. Adding read,write permissions for group. Removing read,write,execute permissions for world. Changing groupname of /u01/app/oraInventory to oinstall. The execution of the script is complete. [root@avs software]# [root@avs software]# /u01/app/oracle/product/10.3.0/avs_1/root.sh Performing root user operation for Oracle 11g The following environment variables are set as: ORACLE_OWNER= oracle ORACLE_HOME= /u01/app/oracle/product/10.3.0/avs_1 Enter the full pathname of the local bin directory: [/usr/local/bin]: Copying dbhome to /usr/local/bin ... Copying oraenv to /usr/local/bin ... Copying coraenv to /usr/local/bin ... Creating /etc/oratab file... Entries will be added to the /etc/oratab file as needed by Database Configuration Assistant when a database is created Finished running generic part of root script. Now product-specific root actions will be performed. Finished product-specific root actions. [root@avs software]# |
1 2 3 4 5 6 7 8 9 10 |
[root@avs ~]# su - oracle [oracle@avs ~]$ avctl show_av_status Oracle Audit Vault 10g Database Control Release 10.3.0.0.0 Copyright (c) 2006, 2011 Oracle Corporation. All rights reserved. https://avs:1158/av Oracle Audit Vault 10g is running. ------------------------------------ Logs are generated in directory /u01/app/oracle/product/10.3.0/avs_1/av/log [oracle@avs ~]$ |
四、Oracle Audit Vault Agent
接下来安装Oracle Audit Vault Agent。
Agent需要安装在目标数据库服务器。
在本环境中,目标数据库服务器为:ora10g,IP地址为:192.168.56.158。
该主机的基本情况如下:
ora10g)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
[root@ora10g ~]# hostname ora10g [root@ora10g ~]# [root@ora10g ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:3E:7F:00 inet addr:192.168.56.158 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe3e:7f00/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:588814 errors:0 dropped:0 overruns:0 frame:0 TX packets:132409 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:801819377 (764.6 MiB) TX bytes:60179753 (57.3 MiB) Base address:0x2000 Memory:fd5c0000-fd5e0000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:26507 errors:0 dropped:0 overruns:0 frame:0 TX packets:26507 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:11399242 (10.8 MiB) TX bytes:11399242 (10.8 MiB) [root@ora10g ~]# [root@ora10g ~]# [root@ora10g ~]# ps -ef | grep ora_ oracle 18464 1 0 22:25 ? 00:00:00 ora_pmon_orcl oracle 18466 1 0 22:25 ? 00:00:00 ora_psp0_orcl oracle 18468 1 0 22:25 ? 00:00:00 ora_mman_orcl oracle 18470 1 0 22:25 ? 00:00:00 ora_dbw0_orcl oracle 18472 1 0 22:25 ? 00:00:00 ora_lgwr_orcl oracle 18474 1 0 22:25 ? 00:00:00 ora_ckpt_orcl oracle 18476 1 0 22:25 ? 00:00:00 ora_smon_orcl oracle 18478 1 0 22:25 ? 00:00:00 ora_reco_orcl oracle 18480 1 0 22:25 ? 00:00:00 ora_cjq0_orcl oracle 18482 1 0 22:25 ? 00:00:00 ora_mmon_orcl oracle 18484 1 0 22:25 ? 00:00:00 ora_mmnl_orcl oracle 18486 1 0 22:25 ? 00:00:00 ora_d000_orcl oracle 18488 1 0 22:25 ? 00:00:00 ora_s000_orcl oracle 18492 1 0 22:25 ? 00:00:00 ora_qmnc_orcl oracle 18550 1 0 22:25 ? 00:00:00 ora_q000_orcl oracle 18552 1 0 22:25 ? 00:00:00 ora_q001_orcl oracle 22432 1 0 22:34 ? 00:00:00 ora_j000_orcl root 22505 4130 0 22:35 pts/2 00:00:00 grep ora_ [root@ora10g ~]# su - oracle [oracle@ora10g ~]$ env | grep SID ORACLE_SID=edendb1 [oracle@ora10g ~]$ export ORACLE_SID=orcl [oracle@ora10g ~]$ sqlplus / as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Fri Oct 3 22:35:57 2014 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options SQL> select instance_name,status from v$instance; INSTANCE_NAME STATUS ---------------- ------------ orcl OPEN SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options [oracle@ora10g ~]$ lsnrctl start LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 03-OCT-2014 22:36:13 Copyright (c) 1991, 2005, Oracle. All rights reserved. TNS-01106: Listener using listener name LISTENER has already been started [oracle@ora10g ~]$ [oracle@ora10g ~]$ lsnrctl status LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 03-OCT-2014 22:36:17 Copyright (c) 1991, 2005, Oracle. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1))) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production Start Date 03-OCT-2014 22:20:52 Uptime 0 days 0 hr. 15 min. 24 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora Listener Log File /u01/app/oracle/product/11.2.0/dbhome_1/network/log/listener.log Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ora10g)(PORT=1521))) Services Summary... Service "PLSExtProc" has 1 instance(s). Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service... Service "orcl" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... Service "orclXDB" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... Service "orcl_XPT" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... The command completed successfully [oracle@ora10g ~]$ [oracle@ora10g ~]$ |
1. Audit Vault Server端的配置
在AVS的/etc/hosts表中添加对oradb的条目:
avs)
1 2 3 4 5 6 7 8 9 10 |
[root@avs ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. # Localhost 127.0.0.1 localhost # Public: eth0 192.168.56.161 avs 192.168.56.160 oradb 192.168.56.158 ora10g [root@avs ~]# |
然后再AVS端,通过“avca”添加目标主机:
avs)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
[root@avs ~]# su - oracle [oracle@avs ~]$ ps -ef | grep ora_ oracle 3386 3363 0 22:45 pts/1 00:00:00 grep ora_ [oracle@avs ~]$ export ORACLE_SID=avs [oracle@avs ~]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.3.0 Production on Fri Oct 3 22:45:54 2014 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to an idle instance. SQL> !lsnrctl start LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 03-OCT-2014 22:46:02 Copyright (c) 1991, 2011, Oracle. All rights reserved. Starting /u01/app/oracle/product/10.3.0/avs_1/bin/tnslsnr: please wait... TNSLSNR for Linux: Version 11.2.0.3.0 - Production System parameter file is /u01/app/oracle/product/10.3.0/avs_1/network/admin/listener.ora Log messages written to /u01/app/oracle/diag/tnslsnr/avs/listener/alert/log.xml Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=avs)(PORT=1521))) Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 11.2.0.3.0 - Production Start Date 03-OCT-2014 22:46:03 Uptime 0 days 0 hr. 0 min. 0 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /u01/app/oracle/product/10.3.0/avs_1/network/admin/listener.ora Listener Log File /u01/app/oracle/diag/tnslsnr/avs/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=avs)(PORT=1521))) The listener supports no services The command completed successfully SQL> startup ORACLE instance started. Total System Global Area 1653518336 bytes Fixed Size 2228904 bytes Variable Size 603983192 bytes Database Buffers 1040187392 bytes Redo Buffers 7118848 bytes Database mounted. Database opened. SQL> select instance_name,status from v$instance; INSTANCE_NAME STATUS ---------------- ------------ avs OPEN SQL> alter system register; System altered. SQL> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Oracle Label Security, OLAP, Data Mining, Oracle Database Vault and Real Application Testing options [oracle@avs ~]$ lsnrctl status LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 03-OCT-2014 22:47:09 Copyright (c) 1991, 2011, Oracle. All rights reserved. Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 11.2.0.3.0 - Production Start Date 03-OCT-2014 22:46:03 Uptime 0 days 0 hr. 1 min. 7 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /u01/app/oracle/product/10.3.0/avs_1/network/admin/listener.ora Listener Log File /u01/app/oracle/diag/tnslsnr/avs/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=avs)(PORT=1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=avs)(PORT=5707))(Presentation=HTTP)(Session=RAW)) Services Summary... Service "avs" has 1 instance(s). Instance "avs", status READY, has 1 handler(s) for this service... Service "avsXDB" has 1 instance(s). Instance "avs", status READY, has 2 handler(s) for this service... The command completed successfully [oracle@avs ~]$ [oracle@avs ~]$ avctl show_av_status Oracle Audit Vault 10g Database Control Release 10.3.0.0.0 Copyright (c) 2006, 2011 Oracle Corporation. All rights reserved. https://avs:1158/av Oracle Audit Vault 10g is not running. ------------------------------------ Logs are generated in directory /u01/app/oracle/product/10.3.0/avs_1/av/log [oracle@avs ~]$ avctl start_av Starting OC4J... OC4J started successfully. Oracle Audit Vault 10g Database Control Release 10.3.0.0.0 Copyright (c) 2006, 2011 Oracle Corporation. All rights reserved. https://avs:1158/av Oracle Audit Vault 10g is running. ------------------------------------ Logs are generated in directory /u01/app/oracle/product/10.3.0/avs_1/av/log [oracle@avs ~]$ [oracle@avs ~]$ avctl show_av_status Oracle Audit Vault 10g Database Control Release 10.3.0.0.0 Copyright (c) 2006, 2011 Oracle Corporation. All rights reserved. https://avs:1158/av Oracle Audit Vault 10g is running. ------------------------------------ Logs are generated in directory /u01/app/oracle/product/10.3.0/avs_1/av/log [oracle@avs ~]$ [oracle@avs ~]$ avca add_agent -agentname avagent -agenthost ora10g Enter agent user name: avagent_user1 Enter agent user password: Re-enter agent user password: Agent added successfully. [oracle@avs ~]$ [oracle@avs ~]$ |
2.Audit Vault Agent端的设置
在安装前,先查看下目标数据库的状态:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
SQL> select instance_name,status from v$instance; INSTANCE_NAME STATUS ---------------- ------------ orcl OPEN SQL> select * from v$option where parameter like '%Vault%'; PARAMETER VALUE ---------------------------------------- ------------ Oracle Database Vault FALSE SQL> |
(安装Agent,需要停掉实例:shutdown immediate)
修改oracle的环境变量,以满足Agent的要求:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
[oracle@ora10g software]$ cat ~/.bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH # Changed on: Fri Oct 3 21:48:58 CST 2014 # Oracle Database 11g RAC # Oracle Node1 ORACLE_SID=edendb1; export ORACLE_SID ORACLE_UNQNAME=edendb; export ORACLE_UNQNAME JAVA_HOME=/usr/local/java; export JAVA_HOME ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE #ORACLE_HOME=$ORACLE_BASE/product/11.2.0/dbhome_1; export ORACLE_HOME # Oracle Audit Vault Agent export ORACLE_HOME=$ORACLE_BASE/product/11.2.0/agenthome_1 ORACLE_PATH=/u01/app/common/oracle/sql; export ORACLE_PATH ORACLE_TERM=xterm; export ORACLE_TERM NLS_DATE_FORMAT="DD-MON-YYYY HH24:MI:SS"; export NLS_DATE_FORMAT TNS_ADMIN=$ORACLE_HOME/network/admin; export TNS_ADMIN ORA_NLS11=$ORACLE_HOME/nls/data; export ORA_NLS11 PATH=.:${JAVA_HOME}/bin:${PATH}:$HOME/bin:$ORACLE_HOME/bin PATH=${PATH}:/usr/bin:/bin:/usr/bin/X11:/usr/local/bin PATH=${PATH}:/u01/app/common/oracle/bin export PATH LD_LIBRARY_PATH=$ORACLE_HOME/lib LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$ORACLE_HOME/oracm/lib LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/lib:/usr/lib:/usr/local/lib export LD_LIBRARY_PATH CLASSPATH=$ORACLE_HOME/JRE CLASSPATH=${CLASSPATH}:$ORACLE_HOME/jlib CLASSPATH=${CLASSPATH}:$ORACLE_HOME/rdbms/jlib CLASSPATH=${CLASSPATH}:$ORACLE_HOME/network/jlib export CLASSPATH THREADS_FLAG=native; export THREADS_FLAG export TEMP=/tmp export TMPDIR=/tmp export ORACLE_HOSTNAME=ora10g #------------------------------------- [oracle@ora10g software]$ |
首先,将AVS的IP与主机名加入/etc/hosts。
1 2 3 4 5 6 7 8 9 10 |
[root@ora10g ~]# cat /etc/hosts # File: /etc/hosts, Changed by: Adamhuan # Changed on: Fri Oct 3 21:48:52 CST 2014 # Localhost 127.0.0.1 localhost # Public: eth0 192.168.56.158 ora10g 192.168.56.161 avs [root@ora10g ~]# |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
[root@oradb software]# su - oracle [oracle@ora10g ~]$ cd /software [oracle@ora10g software]$ ll total 588996 -rwxrwxrwx 1 root root 602534204 Oct 3 07:02 V30687-01.zip [oracle@ora10g software]$ du -sh * 576M V30687-01.zip [oracle@ora10g software]$ unzip V30687-01.zip (输出... ...etc。) inflating: avagent/Disk1/stage/UserActions/oracle.av.client/useractions.properties inflating: avagent/Disk1/stage/TopLevel_UserAction.properties inflating: avagent/Disk1/runInstaller [oracle@ora10g software]$ [oracle@ora10g software]$ ll total 589000 drwxr-xr-x 3 oracle oinstall 4096 Jan 19 2012 avagent -rwxrwxrwx 1 root root 602534204 Oct 3 07:02 V30687-01.zip [oracle@ora10g software]$ cd avagent/ [oracle@ora10g avagent]$ ll total 8 drwxr-xr-x 5 oracle oinstall 4096 Jan 19 2012 Disk1 -rw-rw-r-- 1 oracle oinstall 2505 Jan 19 2012 labels.txt [oracle@ora10g avagent]$ cd Disk1/ [oracle@ora10g Disk1]$ ll total 20 drwxrwxr-x 5 oracle oinstall 4096 Jan 19 2012 install drwxrwxr-x 2 oracle oinstall 4096 Jan 19 2012 response -rwxr-xr-x 1 oracle oinstall 7155 Jan 19 2012 runInstaller drwxr-xr-x 14 oracle oinstall 4096 Jan 19 2012 stage [oracle@ora10g Disk1]$ |
调用OUI:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[oracle@ora10g Disk1]$ ll total 20 drwxrwxr-x 5 oracle oinstall 4096 Jan 19 2012 install drwxrwxr-x 2 oracle oinstall 4096 Jan 19 2012 response -rwxr-xr-x 1 oracle oinstall 7155 Jan 19 2012 runInstaller drwxr-xr-x 14 oracle oinstall 4096 Jan 19 2012 stage [oracle@ora10g Disk1]$ export DISPLAY=192.168.56.1:0.0 [oracle@ora10g Disk1]$ xhost + access control disabled, clients can connect from any host [oracle@ora10g Disk1]$ ./runInstaller Starting Oracle Universal Installer... Checking Temp space: must be greater than 120 MB. Actual 7243 MB Passed Checking swap space: must be greater than 150 MB. Actual 1897 MB Passed Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed Preparing to launch Oracle Universal Installer from /tmp/OraInstall2014-10-03_07-17-33AM. Please wait ... [oracle@ora10g Disk1]$ [oracle@ora10g Disk1]$ |
1 2 3 4 5 6 7 |
[oracle@ora10g orcl]$ env | grep ORACLE_HOME ORACLE_HOME=/u01/app/oracle/product/11.2.0/agenthome_1 [oracle@ora10g orcl]$ avctl show_oc4j_status ------------------------------------ Agent is running ------------------------------------ [oracle@ora10g orcl]$ |
至此,Oracle Audit Vault Agent的软件就安装完成了。
五、注册
目标数据库:
1.创建用户
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
[oracle@ora10g ~]$ sqlplus / as sysdba SQL*Plus: Release 10.2.0.5.0 - Production on Sat Oct 4 02:13:10 2014 Copyright (c) 1982, 2010, Oracle. All Rights Reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> select instance_name,status from v$instance; INSTANCE_NAME STATUS ---------------- ------------ orcl OPEN SQL> SQL> create user av_source_user identified by oracle; User created. SQL> grant resource,connect to av_source_user; Grant succeeded. SQL> alter user av_source_user account unlock; User altered. SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options [oracle@ora10g ~]$ [oracle@ora10g ~]$ |
2.执行脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
[oracle@ora10g ~]$ sqlplus / as sysdba SQL*Plus: Release 10.2.0.5.0 - Production on Sat Oct 4 02:15:35 2014 Copyright (c) 1982, 2010, Oracle. All Rights Reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> select instance_name,status from v$instance; INSTANCE_NAME STATUS ---------------- ------------ orcl OPEN SQL> @/u01/app/oracle/product/11.2.0/agenthome_1/av/scripts/streams/source/zarsspriv.sql Enter value for 1: av_source_user Enter value for 2: setup Granting privileges to AV_SOURCE_USER ... Done. SQL> |
Value 1 输入你刚才建立的用户名.
Value 2 有以下选择.这里我们选择SETUP.
SETUP: For the OSAUD and DBAUD collectors, and for policy management
REDO_COLL: For the REDO log collector; includes all privileges that are granted using the argument mode SETUP
3.目标库打开并注册数据库实例到监听器:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
[oracle@ora10g ~]$ lsnrctl status LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 04-OCT-2014 02:20:41 Copyright (c) 1991, 2010, Oracle. All rights reserved. Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 10.2.0.5.0 - Production Start Date 04-OCT-2014 02:20:25 Uptime 0 days 0 hr. 0 min. 16 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Log File /u01/app/oracle/product/11.2.0/dbhome_1/network/log/listener.log Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ora10g)(PORT=1521))) Services Summary... Service "orcl" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... Service "orclXDB" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... Service "orcl_XPT" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... The command completed successfully [oracle@ora10g ~]$ |
4.目标库设置参数“audit_trail”:
1 2 3 4 5 6 |
SQL> show parameter audit_trail NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ audit_trail string XML, EXTENDED SQL> |
5.Audit Vault Server,验证:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[oracle@avs ~]$ hostname avs [oracle@avs ~]$ whoami oracle [oracle@avs ~]$ avorcldb verify -src ora10g:1521:orcl -colltype ALL Enter Source user name: av_source_user Enter Source password: source ORCL verified for OS File Audit Collector collector source ORCL verified for Aud$/FGA_LOG$ Audit Collector collector parameter _JOB_QUEUE_INTERVAL is not set; recommended value is 1 parameter UNDO_RETENTION = 900 is not in recommended value range [3600 - ANY_VALUE] parameter GLOBAL_NAMES = false is not set to recommended value true ERROR: source database must be in ARCHIVELOG mode to use REDO LOG collector ERROR: set the above init.ora parameters to recommended/required values [oracle@avs ~]$ |
6.按照第五步反馈的错误修改目标库的设定:
参数
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
SQL> alter system set "_JOB_QUEUE_INTERVAL"=1 scope=spfile; System altered. SQL> alter system set UNDO_RETENTION=3600 scope=spfile; System altered. SQL> SQL> alter system set global_names=true scope=spfile; System altered. SQL> |
归档模式
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
SQL> archive log list; Database log mode No Archive Mode Automatic archival Disabled Archive destination /u01/app/oracle/product/11.2.0/dbhome_1/dbs/arch Oldest online log sequence 2 Current log sequence 4 SQL> SQL> shutdown immediate; Database closed. Database dismounted. ORACLE instance shut down. SQL> SQL> startup mount; ORACLE instance started. Total System Global Area 599785472 bytes Fixed Size 2098112 bytes Variable Size 163580992 bytes Database Buffers 427819008 bytes Redo Buffers 6287360 bytes Database mounted. SQL> SQL> alter database archivelog; Database altered. SQL> archive log list; Database log mode Archive Mode Automatic archival Enabled Archive destination /u01/app/oracle/product/11.2.0/dbhome_1/dbs/arch Oldest online log sequence 2 Next log sequence to archive 4 Current log sequence 4 SQL> alter database open; Database altered. SQL> |
7.再次在Audit Vault Server端执行检查,确认没有问题:
1 2 3 4 5 6 7 |
[oracle@avs ~]$ avorcldb verify -src ora10g:1521:orcl -colltype ALL Enter Source user name: av_source_user Enter Source password: source ORCL verified for OS File Audit Collector collector source ORCL verified for Aud$/FGA_LOG$ Audit Collector collector source ORCL verified for REDO Log Audit Collector collector [oracle@avs ~]$ |
8.在Audit Vault Server端注册目标库:
注册前,先查看目标库的状态
1 2 3 4 5 6 7 8 9 |
SQL> col parameter for a40 SQL> col value for a13 SQL> select * from v$option where parameter like '%Vault%'; PARAMETER VALUE ---------------------------------------- ------------- Oracle Database Vault FALSE SQL> |
在AVS端执行注册:
1 2 3 4 5 6 7 8 9 10 11 |
[oracle@avs ~]$ avorcldb add_source -src ora10g:1521:orcl -srcname orcl -agentname avagent Enter Source user name: av_source_user Enter Source password: Adding source... Source added successfully. remember the following information for use in avctl Source name (srcname): orcl Credential stored successfully. Mapping Source to Agent... [oracle@avs ~]$ |
注册成功后,会在AVS端的tnsnames.ora中添加如下记录:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[oracle@avs ~]$ cat /u01/app/oracle/product/10.3.0/avs_1/network/admin/tnsnames.ora # tnsnames.ora Network Configuration File: /u01/app/oracle/product/10.3.0/avs_1/network/admin/tnsnames.ora # Generated by Oracle configuration tools. AVS = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = avs)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = avs) ) ) # Alias for orcl SRCDB1 = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ora10g)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=orcl))) [oracle@avs ~]$ |
9.注册Collector到Oracle Audit Vault Server。
如果使用的是OSAUD,那么需要在AVS端设置OS_FILE_MAX_SIZE
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
[oracle@avs ~]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.3.0 Production on Sat Oct 4 02:45:16 2014 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Oracle Label Security, OLAP, Data Mining, Oracle Database Vault and Real Application Testing options SQL> select instance_name,status from v$instance; INSTANCE_NAME STATUS ---------------- ------------ avs OPEN SQL> SQL> BEGIN 2 DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY( 3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS, 4 AUDIT_TRAIL_PROPERTY => DBMS_AUDIT_MGMT.OS_FILE_MAX_SIZE, 5 AUDIT_TRAIL_PROPERTY_VALUE => 204800); 6 END; 7 / PL/SQL procedure successfully completed. SQL> SQL> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Oracle Label Security, OLAP, Data Mining, Oracle Database Vault and Real Application Testing options [oracle@avs ~]$ |
(如果使用的是DBAUD和REDO,则可以跳过上面的配置。)
AVS端使用OSAUD添加Collector:
1 2 3 4 5 6 7 8 |
[oracle@avs ~]$ avorcldb add_collector -srcname orcl -agentname avagent -colltype OSAUD -orclhome /u01/app/oracle/product/11.2.0/dbhome_1 source orcl verified for OS File Audit Collector collector Adding collector... Collector added successfully. remember the following information for use in avctl Collector name (collname): OSAUD_Collector [oracle@avs ~]$ |
10.Agent端添加Credential:
1 2 3 4 5 6 7 8 9 10 |
[oracle@ora10g source]$ env | grep ORACLE_HOME ORACLE_HOME=/u01/app/oracle/product/11.2.0/agenthome_1 [oracle@ora10g source]$ avorcldb setup -srcname orcl Enter Source user name: av_source_user Enter Source password: adding credentials for user av_source_user for connection [SRCDB1] Credential stored successfully. updated tnsnames.ora with alias [SRCDB1] to source database verifying SRCDB1 connection using wallet [oracle@ora10g source]$ |
11.AVS端启动Collector:
1 2 3 4 5 6 7 |
[oracle@avs ~]$ env | grep ORACLE_HOME ORACLE_HOME=/u01/app/oracle/product/10.3.0/avs_1 [oracle@avs ~]$ [oracle@avs ~]$ avctl start_collector -collname OSAUD_Collector -srcname orcl Starting collector... Collector started successfully. [oracle@avs ~]$ |
登录Web App查看收集器(Collector)状态:
URL:https://192.168.56.161:1158/av
Login User:avadmin
至此,Oracle Audit Vault的安装于配置就完成了。
——————————————————————
Ending。
这个文档不算完美,因为安装到最后,虽然希望审计的目标数据库加入了AV,但AV没有启用成功,无法看到审计的条目。
列出的状态显示,审计系统为:“FALSE”。
查看网上关于“DISABLE/ENABLE Oracle Audit Vault”的相关资料的描述,与我面对的问题有所差异。
所以,对于这个问题,暂时还不知道原因是什么,以及如何解决。
您好,我想问一下我在安装的过程中最后一部启动collector的时候出现internal error,大佬有遇到过吗,我查了资料,官方文档说的是联系它们的产品服务