Loading...

Knowledge Center


FAQs for Database Security: Database Activity Monitoring and Vulnerability Manager for Databases
Technical Articles ID:   KB72364
Last Modified:  5/2/2019
Rated:


Environment

McAfee Database Activity Monitoring (DAM) 5.x, 4.x
McAfee Vulnerability Manager for Databases (DVM) 5.x, 4.x

Summary

Recent updates to this article
Date Update
May 2, 2019 Removed EOL products, updated links.

This article is a consolidated list of common questions and answers and is intended for users who are new to the product, but can be of use to all users.

Contents
Compatibility Interaction between other products, software, or hardware.
Installation/Upgrade Information about installing, removing or upgrading/migrating, and backup.
Configuration Includes best practices, configuring, optimizing, and customizing.
Functionality Product features and functions, including scripting and reporting.

 
Compatibility

What are the operating system and CPU recommendations for the DAM server?
Install the DAM server on a dedicated server or virtual machine running the following:

  • Windows 2003 (or later)
  • Linux Redhat/CentOS 4 (or later)
Technical Support recommends a quad core CPU and at least 4 GB RAM.
 
 
Installation

How do I install DAM 5.x?
The following are the basic steps for installing DAM 5.x:

  1. Deploy extensions
  2. Implement workflow to monitor and manage database activity
  3. Install the DAM extension to manage DAM
  4. Deploy the sensor to a DBMS 
  5. Confirm sensor deployment

For detailed information, see the "Installation" section of the Database Activity Monitor Product Guide (PD26642).

What are the prerequisites for installing DAM 5.x?  
To install DAM 5.x, ePolicy Orchestrator (ePO) 4.6.3 (or later) is required with the following Extensions installed:

  • McAfee Database Activity Monitoring extension
  • McAfee Vulnerability Manager for Databases extension
  • McAfee Rogue Database Detection (RDD) extension 4.7 (or later)
  • McAfee Advanced Management Core extension
  • McAfee Agent 4.6.3 (or later)

    For more information, see the Database Activity Monitor Product Guide (PD26642). 


How do I install Database Security?
See the Database Security Installation Guide (PD26638).

What are the prerequisites for installing Database Security?
See the "Installation Prerequisites and Default Installation Locations" section of the Database Security Installation Guide (PD26638).
 

Configuration

How do I configure operations in the Database Security console?
See the "Configuring Operations in the Web Console" section of the Database Security Installation Guide (PD26638). 

 

Functionality

How does DAM work in an Oracle database sharing cluster?
The following are the two main modes of clustering for Oracle and how DAM functions with them:

  • RAC - Install the sensor on each node of the cluster. The management console identifies the DBMS as a cluster and assigns the relevant rules to all nodes. Each sensor monitors its own node, so you see all activity.
     
  • Standby - Install a sensor on each node and the sensor identifies a failover automatically and starts monitoring the active instance while keeping the same rules.

What languages are supported for generating reports in DAM? 
Currently, reports can be generated only in English.

Why does the report crash during generation?
The problem often occurs because of insufficient PermGen Java memory. For more details about how to resolve this issue, see KB77993.

What is a Database Instance?
Database Instance is a software application and related computer resource (CPU, storage, and network resource) that enables a user to collect information that is organized. This organization allows you to easily access, manage, and update the information. Specifically, a Database Instance refers not just to the database software, but to a complete environment that is uniquely identified by the memory structures and background processes used to access information in the database.

Database example:
A customer has two Oracle 10 instances running on a server. Two per-database licenses must be purchased.

NOTE: For pricing, a Teradata instance equals 4 database instances.

In MS SQL, an instance can have multiple databases and in Oracle, up to Oracle12c, an instance can only have one database. (In Oracle12c, an instance only having one database changes.) But, there can be many instances pointing to the same database (as is the case in Oracle RAC).

How can I ensure that the change of the policy was already applied on the Sensor?

  1. Log on to the ePO console.
  2. Click System Tree.
  3. Select the specific DBMS and click DBMS Details.
  4. Check the applied policies for this DBMS.
  5. Verify that the Last policy Hash and time stamp are identical to the sensor applied policy.


Is it okay if the Last Policy time stamp is later than the sensor applied time stamp?
Yes, it means that the policy was saved but changes were not applied. If the hashtag is identical, it is up to date.

What user account does the DAM sensor 5.x run as on UNIX/Linux systems?
DAM Sensor on Unix/Linux is multi-process. The main process runs as root. The Child processes that are used to monitor each instance of a database run as mfeagdbs.

How does DAM work in an Oracle database sharing cluster?
The two main modes of clustering for Oracle and how DAM functions with them are as follows:

  • RAC - install the sensor on each node of the cluster. The management console identifies the DBMS as a cluster and assigns the relevant rules to all nodes. Each sensor monitors its own node, so you see all activity.
  • Standby - install a sensor on each node and the sensor identifies a failover automatically and starts monitoring the active instance while keeping the same rules.
 

Back to Contents

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.