Documentation Center
AlienVault® USM Appliance™

Oracle JD Edwards EnterpriseOne

When you configure Oracle JD Edwards EnterpriseOne to send log data to USM Appliance, you can use the Oracle JD Edwards EnterpriseOne plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Oracle
Device Type Application
Connection Type Syslog
Data Source Name oracle-jde
Data Source ID 1899

Integrating Oracle JD Edwards EnterpriseONE

Before you configure the Oracle JD Edwards EnterpriseONE integration, you must have the IP Address of the USM Appliance Sensor.

To configure Oracle JD Edwards EnterpriseONE to send Syslog messages to USM Appliance

  1. Select audit classes to be sent to the audit_syslog plugin, and make the plugin active.

    # auditconfig -setplugin audit_syslog \

            active p_flags=lo,+as,-ss

    Note: - p_flags audit classes must be preselected as either system defaults or specified in the audit flags of a user or a rights profile. Records are not collected for a class that is not preselected.You can instruct the audit service to copy some or all of the audit records in the audit queue to the syslog utility. If you record both binary audit data and text summaries, the binary data provides a complete audit record, while the summaries filter the data for real-time review.

  2. Configure the syslog utility by adding an audit.notice entry to the syslog.conf file. (The entry includes the location of the log file.)

    # cat /etc/syslog.conf

    audit.notice /var/adm/auditlog

  3. Create the log file.

    # touch /var/adm/auditlog

  4. Set the log file's permissions to 640.

    # chmod 640 /var/adm/auditlog

  5. Check which system-log service instance is running on the system.

    # svcs system-log

    STATE STIME FMRI

    online Nov_27 svc:/system/system-log:default

    disabled Nov 27 svc:/system/system-log:rsyslog

  6. Refresh the configuration information for the active syslog service instance.

    # svcadm refresh system/system-log:default

  7. Refresh the audit service. On refresh, the audit service reads the changes to the audit plugin.

    # audit -s

  8. Specify audit classes for syslog output. In the following example, the syslog utility collects a subset of the preselected audit classes.

    # auditconfig -setnaflags lo,na

    # auditconfig -setflags lo,ss

    # usermod -K audit_flags=pf:no jdoe

    # auditconfig -setplugin audit_syslog \

    active p_flags=lo,+na,-ss,+pf

    The arguments to the auditconfig command instruct the system to collect all login/logout, non-attributable, and change of system state audit records. The audit_syslog plugin entry instructs the syslog utility to collect all logins, successful non-attributable events, and failed changes of system state. The binary utility collects successful and failed calls to the pfexec command. The syslog utility collects successful calls to the pfexec command.

    Note: Regularly archive the syslog log files. The audit service can generate extensive output. To manage the logs, see the logadm man page.

  9. To direct syslog audit records to USM Appliance, change the audit.notice entry in the syslog.conf file to point to the remote system. In this example, the name of the local system is sys1.1. The remote system is remote1.

    sys1.1 # cat /etc/syslog.conf

    audit.notice @<IP_address_of_USMAppliance>

    The audit.notice entry in the syslog.conf file on the remote1 system points to the log file.

    remote1 # cat /etc/syslog.conf

    audit.notice /var/adm/auditlog

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://docs.oracle.com/cd/E39579_01/html/E40215/gntks.html

For troubleshooting, refer to the vendor documentation:

http://www.oracle.com/webfolder/technetwork/tutorials/jdedwards/FAQ/FAQ_JDE%20Cloud.pdf