Loading...

Knowledge Center


FAQs for Database Security: Database Activity Monitoring and Vulnerability Manager for Databases
Technical Articles ID:   KB72364
Last Modified:  2/19/2019
Rated:


Environment

McAfee Database Activity Monitoring (DAM) 5.x, 4.x
McAfee Vulnerability Manager for Databases (DVM) 5.x, 4.x

Summary

This article is a consolidated list of common questions and answers and is mainly intended for users who are new to the product, but can be of use to all users.

Contents
Compatibility Interaction between other products, software, or hardware.
Installation/Upgrade Information about installing, removing or upgrading/migrating, and backup.
Configuration Includes best practices, configuring, optimizing, and customizing.
Functionality Product features and functions, including scripting and reporting.

 
Compatibility

What are the operating system and CPU recommendations for the DAM server?
Install the DAM server on a dedicated server or virtual machine running the following:

  • Windows 2003 (or later)
  • Linux Redhat/CentOS 4 (or later)
Technical Support recommends a quad core CPU and at least 4 GB RAM.
 
 
Installation

How do I install DAM 5.x?
The following are the basic steps for installing DAM 5.x:

  1. Deploy extensions
  2. Implement workflow to monitor and manage database activity
  3. Install the DAM extension to manage DAM
  4. Deploy the sensor to a DBMS 
  5. Confirm sensor deployment

For detailed information, see the "Installation" section of the Database Activity Monitor 5.1.0 Product Guide (PD25200). 

What are the prerequisites for installing DAM 5.x?  
To install DAM 5.x, ePolicy Orchestrator (ePO) 4.6.3 (or later) is required with the following Extensions installed:

  • McAfee Database Activity Monitoring extension
  • McAfee Vulnerability Manager for Databases extension
  • McAfee Rogue Database Detection (RDD) extension 4.7 (or later)
  • McAfee Advanced Management Core extension
  • McAfee Agent 4.6.3 (or later)

    For more information, see the Database Activity Monitor 5.1.0 Product Guide (PD25200). 


How do I install Database Security?
Refer to the Database Security Installation Guide (PD26638).

What are the prerequisites for installing Database Security?
Refer to the "Installation Prerequisites and Default Installation Locations" section of the Database Security Installation Guide (PD26638).
 

Configuration

How do I configure operations in the Database Security console?
Refer to the "Configuring Operations in the Web Console" section of the Database Security Installation Guide (PD26638). 

 

Functionality

How does DAM work in an Oracle database sharing cluster?
The following are the two main modes of clustering for Oracle and how DAM functions with them:

  • RAC - Install the sensor on each node of the cluster. The management console identifies the DBMS as a cluster and assigns the relevant rules to all nodes. Each sensor monitors its own node, so you see all the activity.
     
  • Standby - Install a sensor on each node and the sensor will identify a failover automatically and start monitoring the active instance while keeping the same rules.

What languages are supported for generating reports in DAM? 
Currently, reports can be generated only in English.

Why does the report crash during generation?
The problem often occurs because of insufficient PermGen Java memory. For more details on how to resolve this, see KB77993.

What is a Database Instance?
Database Instance is a software application and related computer resource (CPU, storage, and network resource) that enables a user to collect information that is organized so that it can easily be accessed, managed, and updated. Specifically, a Database Instance refers not just to the database software, but to a complete environment that is uniquely identified by the memory structures and background processes used to access information in the database.

Database example:
A customer has two Oracle 10 instances running on a server. Two per-database licenses must be purchased.

NOTE: For the purpose of pricing, a Teradata instance equals 4 database instances.

In MS SQL, an instance can have multiple databases and in Oracle (up to Oracle12c where this changes) an instance can only have one database. However, there can be many instances pointing to the same database (as is the case in Oracle RAC).

How can I ensure that the change of the policy was already applied on the Sensor?

  1. Log on to the ePO console.
  2. Click System Tree.
  3. Select the specific DBMS and click DBMS Details.
  4. Check the applied policies for this DBMS.
  5. Verify the Last policy Hash and timestamp is identical to the sensor applied policy.


Is it okay if the Last Policy timestamp is later than the sensor applied timestamp?
Yes, it means that the policy was saved but changes were not applied. If the hashtag is identical, it is up-to-date.

What user account does the DAM sensor 5.x run as on UNIX/Linux systems?
DAM Sensor on Unix/Linux is multi-process. The main process runs as root. The Child processes that are used to monitor each instance of a database run as mfeagdbs.

How does DAM work in an Oracle database sharing cluster?
The two main modes of clustering for Oracle and how DAM functions with them are as follows:

  • RAC - install the sensor on each node of the cluster. The management console identifies the DBMS as a cluster and assigns the relevant rules to all nodes. Each sensor monitors its own node, so you see all the activity.
  • Standby - install a sensor on each node and the sensor identifies a failover automatically and starts monitoring the active instance while keeping the same rules.
 

Back to Contents

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.