Novell Documentation: NSure Audit - Preparing the Oracle Database

D.2 Preparing the Oracle Database

To prepare the Oracle database, you must create a tablespace and user account on the Oracle server. The naudit tablespace and auditusr account enable the Secure Logging Server to log data to Oracle.

The auditusr account must have access to the naudit tablespace. The naudit tablespace must have an unlimited quota.This setup is the minimum that is required in order to have the Secure Logging Server connect to the Oracle database.

Log in to the Oracle server:
1. On Windows, log in to the server as Administrator.
2. On Linux or Solaris, log in to the system as the Oracle user. If you are logged into X-Windows, open a terminal window, such as konsole, xterm, or gnome-terminal.
(Conditional) On Linux or Solaris, execute SQLPlus by completing the following:
1. Enter the following command:
```
$ORACLE_HOME/bin/sqlplus system@servername
```
  The username is system, and the servername is the database SID.
2. Specify the password when prompted.
(Conditional) On Windows, start SQLPlus by completing the following:
1. Click Start > Programs > Oracle-Orahome10 > Application Development > SQL PLUS.
  
  NOTE:The Oracle home name can vary depending on the Oracle configuration.
  
  If the Start menu option is not available, execute SQLPlus from the Oracle_Home/bin directory. For example, if the Oracle_Home directory is drive:\oracle\ora10, then type the following at the command prompt:
```
drive:\oracle\ora10\bin\sqlplus system@servername
```
2. Specify the username and password for the system account at the login dialog box.
3. Specify the host string, which is usually the database SID or the global dbname (the name of the server).
At the SQLPlus prompt, create the naudit tablespace by typing the following lines.
```
CREATE TABLESPACE naudit
```
```
DATAFILE '/var/opt/oracle/SERVERNAME/naudit.dbf'
```
```
SIZE 10M
```
```
AUTOEXTEND ON NEXT 10M
```
```
MAXSIZE 7500M;
```
Press Enter at the end of each line. The semicolon at the end of the last line notifies SQLPlus that the command is finished.

Note the following about the lines:
- The DATAFILE path depends on the platform being used, the database location, and installation options. On Windows, this is typically drive:\oracle\oradata\SERVERNAME. On SuSE® Linux, the DATAPATH is typically /var/opt/oracle/SERVERNAME.
- SERVERNAME usually matches the database SID set up during installation.
- MAXSIZE is optional. If you omit MAXSIZE, put the semicolon at the end of the AUTOEXTEND line.
NOTE:You do not need to create the database table; the Oracle driver, lgdora, automatically creates this table when the logging server first loads the current Channel object configuration in memory. For more information on the table structure, see Section 7.10.1, Oracle Channel Driver.
At the SQLPlus prompt, create the auditusr account by typing the following lines:
```
CREATE USER AUDITUSR
```
```
IDENTIFIED BY passwd
```
```
DEFAULT TABLESPACE naudit
```
```
TEMPORARY TABLESPACE TEMP;
```
Press Enter at the end of each line. The semicolon at the end of the last line notifies SQLPlus that the command is finished. Replace passwd with the appropriate password.

At the SQLPlus prompt, use the following commands to grant the auditusr account rights to connect to the database:

Command	Description
GRANT CREATE SESSION TO auditusr;	CREATE SESSION allows auditusr to connect to the database. This is required.
GRANT CREATE TABLE TO auditusr;	CREATE TABLE is required only to auto-create the table as defined in the log channel. This command is not required if the database administrator wants to create the table in advance. If auditusr is not given the CREATE TABLE right, it is reduced to the role of simply adding and inserting data. If you do not grant the CREATE TABLE right to auditusr, you might need to grant the GRANT SELECT, INSERT ON right as follows so auditusr can add and insert data in the table: GRANT SELECT, INSERT ON database_name to auditusr
ALTER USER auditusr QUOTA unlimited on naudit;	QUOTA unlimited allows infinite transactions. This is required.

Command

Description

GRANT CREATE SESSION TO auditusr;

CREATE SESSION allows auditusr to connect to the database.

This is required.

GRANT CREATE TABLE TO auditusr;

CREATE TABLE is required only to auto-create the table as defined in the log channel.

This command is not required if the database administrator wants to create the table in advance. If auditusr is not given the CREATE TABLE right, it is reduced to the role of simply adding and inserting data.

If you do not grant the CREATE TABLE right to auditusr, you might need to grant the GRANT SELECT, INSERT ON right as follows so auditusr can add and insert data in the table:

GRANT SELECT, INSERT ON database_name to auditusr

ALTER USER auditusr QUOTA unlimited on naudit;

QUOTA unlimited allows infinite transactions.

This is required.