== Purpose ====
Enable customers to return to a "fresh start" as far as collected data is concerned
but maintaining configuration metadata.
Prerequisites
Any persons following this document must understand that following the steps
outlined below will result in data loss. If you wish to restore data in future,
Oracle recommends completeing a full backup of the system by following Note
1556200.1.
You must enable SSH access to the Audit Vault Server before proceeding.
You must know the support and root user passwords.
You must be able to login as a user with Super Admin privileges.
You must be able to login as a user with Super Auditor privileges.
Details
1. Stop Audit Trails and Enforcement Points
1.1. Login to the Audit Vault Server user interface as an avadmin
1.2. Navigate to the Secured Targets page
1.3. Click on the Audit Trails link and stop all Audit Trails
1.4. Click on the Enforcement Points link and stop all Enforcement Points
2. Copy the purge-avs-package.sql file - attached to SR - to the Audit Vault Server
scp remote_host:remote_path/purge-avs-package.sql /home/oracle/.
3. Login to the Audit Vault Server database
3.1. Open connection to the Audit Vault Server as 'root' user either via SSH or the
console
3.2. Become oracle user
su - oracle
3.3. Login to the database
sqlplus / as sysdba
4. Unlock avsys user
alter user avsys identified by Oracle_123 account unlock;
5. Load the purge_avs package from purge-avs-package.sql into the database
sqlplus avsys/Oracle_123
set serveroutput on size 1000000
set trimspool on
set long 5000
set linesize 1000
set pagesize 9999
@purge-avs-package.sql
�6. Check to see which tablespaces have been archived and/or are offline. These must
be brought back online before attempting the purging (step 9).
execute purge_avs.offline_tablespaces;
(you may see output similar to below)
Tablespace: AV_ILM_0540_0546 filename
+EVENTDATA/dbfwdb/datafile/av_ilm_0540_0546.264.853499147 is offline
Tablespace: AV_ILM_0540_0552 filename
+EVENTDATA/dbfwdb/datafile/av_ilm_0540_0552.261.853499053 is offline
Tablespace: AV_ILM_0540_0625 filename
+EVENTDATA/dbfwdb/datafile/av_ilm_0540_0625.275.865976447 is offline
Tablespace: AV_ILM_0541_0547 filename
+EVENTDATA/dbfwdb/datafile/av_ilm_0541_0547.277.868201949 is offline
Tablespace: AV_ILM_0534_0546 filename
/var/lib/oracle/dbfw/ilm_staging/AV_ILM_0534_0546 is offline
Tablespace: AV_ILM_0535_0541 filename
/var/lib/oracle/dbfw/ilm_staging/AV_ILM_0535_0541 is offline
Tablespace: AV_ILM_0535_0547 filename
/var/lib/oracle/dbfw/ilm_staging/AV_ILM_0535_0547 is offline
Tablespace: AV_ILM_0536_0542 filename
/var/lib/oracle/dbfw/ilm_staging/AV_ILM_0536_0542 is offline
Tablespaces listed as being in /var/lib/oracle/dbfw/ilm_staging/ are tablespaces
which have been archived.
7. Copy all the archived tablespaces back to the Audit Vault Server and place in
the same directory, file ownership must be "oracle:oinstall". If the files are
owned by root, the following steps will fail. You do not have to run an archive
restore job in the Audit Vault server UI, a simple copy is sufficient.
8. Bring all the offline tablespaces back online
execute purge_avs.bring_tbsp_online;
8.1. Verify all tablespace files are restored and online by checking
purge_avs.offline_tablespaces as in step 8. If no filenames are returned proceed to
the next step.
9. Data can now be purged from the Audit Vault server.
*** IMPORTANT ***
Unless you have created a backup of the data using Note 1556200.1 , once this step
is completed all existing data in the Audit Vault Server repository will be lost.
execute purge_avs.purge_data;
10. Delete old tablespaces
execute purge_avs.drop_ilm_tablespaces;
11. The steps in this section are optional - if you do not wish to clear any of the
following, proceed to step 12.
11.1. Clean up old alerts
execute purge_avs.clean_alerts;
�11.2. Clean up custom reports
execute purge_avs.clean_reports;
11.3. Clean up Firewall policies and associated cluster data. Before doing so, you
must login to the AVS UI as an AVAUDITOR and configure all Secured Targets which
have Enforcement Points configured to use one of the built-in policies (Pass all;
Unique; Log sample;Log all; Log all - no mask; Unique - no mask)
execute purge_avs.clean_fw_policies;
12. Re-initialise Audit Vault Server
12.1. Delete the purge_avs package
DROP PACKAGE purge_avs;
12.2. Reboot Audit Vault Server
(probably not necessary but at the very least it should relock the avsys account
and of course restart the DB)
12.3. Login to the Audit Vault Server user interface as an avadmin
12.4. Navigate to the Secured Targets page
12.5. Click on the Audit Trails link and start all Audit Trails
12.6. Click on the Enforcement Points link and start all Enforcement Points
