ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Test the Oracle database connection string used by DLP Enforce

book

Article ID: 160251

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Oracle Standard Edition 2

Issue/Introduction

Need steps to test the Oracle database connection string found in the the jdbc.properties file on the Symantec Data Loss Prevention (DLP) Enforce server to ensure the elements within the connection string are correct.

Resolution

Connecting to Oracle:

Various ways to use sqlplus:

  • SQLPlus /nolog - provides access to utilize sqlplus.  The "/nolog" parameter means "start sqlplus, but do not log into a database"
  • SQLPlus bleep/[email protected] -  means start sqlplus, log into database as defined in tnsnames.ora under alias "blorp", using database account "bleep" and password "blop"
  • SQLPlus bleep/blop - means start sqlplus and log into database as defined either by default (the case of when the database is local) or using environment variables and defaults.  The environment variable ORACLE_SID provides the database name, the host is the local machine and the port is, by default, 1521.
  • SQLPlus bleep - means start sqlplus and connect to default database using account "bleep".  Then prompt for password.  The advantage here is that the password is not displayed as typed.

 

Steps to test the connection to the DLP database using SQLPlus using the connection elements found in the jdbc.properties file.

  1. Go to \Symantec\DataLossPrevention\EnforceServer\15.x\Protect\config on the Enforce server.
  2. Open Jdbc.properties in a text editor such as notepad and look for the parameter "jdbc.dbalias.oracle-thin".  This string is how DLP connects to the Oracle DB.
  3. Copy the string from this parameter starting with "@", all the way to the end of the line:  
    • example:
      • @(description=(address=(host=localhost)(protocol=tcp)(port=1521))(connect_data=(sid=protect)))
  4. Put either of the following into a SQLPlus login command to connect to the database:‚Äč
    • SQLPlus conn [email protected](description=(address=(host=localhost)(protocol=tcp)(port=1521))(connect_data=(sid=protect)))
    • SQLPlus conn protect/<password>@(description=(address=(host=localhost)(protocol=tcp)(port=1521))(connect_data=(sid=protect)))  -- This option includes the <password>.
  5. A successful connection indicates the SQLPlus string has all the elements necessary to connect to the Oracle database.

Note: However, that this test does not prove that JDBC is able to connect to the database.

Finally, using tnsping does not mean that you can connect to the database. It merely means that you can connect to the listener for the database.

Additional Information

A tnsname.ora entry can be modified to become a jdbc.properties entry, like so:

Take a tnsnames.ora entry:

PROTECT2 =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 10.66.193.149)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = protect)
    )
  )

Remove the alias line:

  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 10.66.193.149)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = protect)
    )
  )

Remove all (ALL) spaces:

(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=10.66.193.149)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=protect)))

Put an "@" in front of it and it's ready for jdbc.properties.