Imperva Cyber Community

After looking closer at the interface being used to listen for Oracle traffic, it was found the interface was configured with an IPv6 address.
Currently, the agent will only discover and listen for traffic on interfaces with an IPv6 address.

As soon as the interface was configured with an IPv4 address and Oracle was configured to listen on that interface suing the IPv4 address, audit and event data was captured by the agent and reported on.

If you suspect this be an issue in your situation you can follow these steps to narrow down the problem.  This is an example for a non-Windows server, but the principle would be the same for a Windows server:

• From the CLI execute:  ifconfig –a >> iface.txt
• From the CLI execute:  more iface.txt
• Search for the word:  inet6
• You are looking for something like this:  inet6 addr: fe80::290:fbff:fe2b:5fb4/64 Scope:Link
• Then execute from the CLI: netstat –an | grep fe80::290
• If there is anything listening using this IPv6 address it will show up
• The above command resulted in the following for this example:  
  • tcp        0      0 fe80::290:fbff:fe2b:1512
  • So in this situation we see port 1512 being listened using the IPv6 address

NOTE: Only part of the IPv6 address is displayed by netstat so you need to search on the first octets only.

If it appears this is the issue then work with the Oracle DBA and assign an IPv4 address.

Have you run into this situation before? What additional obstacles have you faced with Database Activity Monitoring? 

If you've missed our previous Imperva Insights and want to explore all of the product expert advice we've been sharing, check it out here!