cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Oracle inventory with least privilege using FlexNet Inventory Agent

I'm looking for input on executing Oracle inventory with the FlexNet Inventory Agent v13.2. A small program environment on Windows does not allow local OS authentication, and I came across the connection string to the Oracle DB in a trace and saw that it attempts to connect as sysdba, which is another no-go. 

I'm looking at utilizing the stand-alone Oracle inventory agent OraTrack as an alternative, but would like to know if the FlexNet Agent can be modified to connect to Oracle on Windows with a specific read only account, and not as sysdba.

System info: FNMS 2019 R1 on Windows Server 2016, Windows 2008 R2 target running Oracle 12.2.0.1, FlexNet Inventory Agent 13.2

(9) Replies
By Anonymous
Not applicable

Hey @Chenderson10  - Yeah this is definitely possible. There's a agent command line parameter called 'OracleInventoryUser' that you can use to have the agent run the introspection under that account. See page 332 in this guide for more info - 

https://helpnet.flexerasoftware.com/fnms/EN/WebHelp/PDF%20Documents/Cloud/GatheringFlexNetInventory.pdf

HTH,

Peter

@Anonymous Thanks for the reply. Looks like this only applies to UNIX-like systems. Any luck disabling InventoryAsSysdba in the Windows FlexNet Agent?

Hi Chenderson

Current inventory agent for windows platform does not support specifying oracle user to collect Oracle inventory data from Oracle database running on Windows OS. 

Other option is to use inventory beacon to connect directly to database through listener but I would not recommend that as it would not collect hardware LMS resources data required for LMS.

Hope this will help.

Aamer

@AamerSharif 

Agreed that the remote beacon inventory is not the way to go. 

I'm looking at the stand-alone Oracle inventory agent with a properly configured account outlined in these articles. 

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Oracle-Stand-alone-Inventory-Agent-for-FlexNet-Manager-Suite/ta-p/114277

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Script-to-create-an-Oracle-user-with-the-access-required-for/ta-p/1758

Appreciate any other ideas or advice.

Oracle Stand-alone Inventory Agent for FlexNet Manager Suite talks about standalone tool that connects remote using oracle user credentials to collect oracle database inventory data only.

Windows does not allow local OS authentication, and I came across the connection string to the Oracle DB in a trace and saw that it attempts to connect as sysdba, which is another no-go. 

Keeping the above constraints you mentioned above in mind, next option I can only suggest combination of remote oracle inventory (using beacon or ortrack) and general inventory using installed agent that will give you hardware and oracle database inventory but hardware LMS data will be missing.

Cheers,
Aamer

I know OraTrack is an older agent, but has anyone tested it on Windows Server 2016? If so, can you supply updated prereqs and config? I've successfully ran the agent to the point it produces an ndi file, but the following error is contained in the ndi file.
OLE DB provider for Provider=OraOLEDB.Oracle is not installed

Error 0x800a0e7a;Provider cannot be found. It may not be properly installed; occurred while attempting to access;ADODB.Connection

I have tested several ODBC DB and OLE DB drivers with no change in output.

Successfully generated a ndi for Oracle by reinstalling 11.2 ODAC 32 bit and then 11.2 instant client 32 bit (where I started in the first place). I copied the ndi to C:\ProgramData\Flexera Software\Incoming\Inventories and the file was consumed within a few minutes. I'm not seeing any additional Oracle evidence on the device at this time; just the hardware/software/file evidence and oracle discovery evidence reported by the FlexNet Inventory Agent. Reconcile completed at 2000 last night, but no additional Oracle data merged with the discovered device. Any thoughts?

Please verify your ORATRACK Log File to make sure that the connection and LMS Introspection was successful.

I assume that you ran the scripts to create the Oracle Database logon that has the proper credentials to run all of the LMS Scripts?

I followed the referenced steps/SQL script to create the read-only account. Inventory file is 1.3 MB, 2160 lines long. Any specific strings I should search for in the OraTrack log to verify the connection and LMS data is good?