Guides
ChangelogStatus PageAPI ExplorerAPI ReferenceCLI ReferenceBlogIMPACT 2025
Start typing to search…

Oracle DB

What is Oracle DB?

Oracle DB is a high-performance, scalable, and secure relational database management system designed for enterprise applications. It provides advanced features such as robust data security, comprehensive backup and recovery options, and powerful analytics capabilities. Organizations choose Oracle DB for its ability to handle large volumes of data, support complex transactions, and ensure high availability and reliability.

Why Connect Oracle DB to Monte Carlo?

Integrating Monte Carlo with Oracle DB allows you to monitor your data assets through custom SQL monitors, which can be created in either the UI wizard and/or programmatically via monitors as code (API/SDK too). These monitors can be used to generate notifications (incidents) to relevant stakeholders and circuit break pipelines.

After connecting Oracle here is what you can expect to see:

Volume:

Our volume monitors are active by default. By collecting metadata on your tables, Monte Carlo's machine learning algorithm can set automatic thresholds to alert when a table has gone too long without a change in size or when an abnormal amount of rows are added or deleted.

A user can choose to set the thresholds if they do not want to use the ones calculated by our machine learning algorithm, this is done by clicking the Edit threshold button.

Monitor & Lineage Support

Below are the monitors & lineage support for the Oracle Integration today. Please reach out to your Monte Carlo representative if you have requirements for additional monitors.

CategoryMonitor / Lineage CapabilitiesSupport
Table MonitorFreshness✅ (via opt-in row count*)
Table MonitorVolume
Table MonitorSchema Changes
Metric MonitorMetric
Metric MonitorComparison
Validation MonitorCustom SQL
Validation MonitorValidation
Job MonitorQuery performance
LineageLineage

*freshness monitors are available via user opt-in for each table. These monitors would run count(*) queries for each table to detect freshness anomalies.

Connecting to Oracle DB

Now that we know the value connecting Oracle DB to Monte Carlo can bring, here are the necessary steps to set up the integration.

📘

Prerequisites

To create a service account, you will need admin credentials to your Oracle database.

This guide explains how to create a read-only service account for Monte Carlo in your Oracle DB. Once your service account is created, you can onboard the Oracle integration using the Monte Carlo UI.

If you require connecting to Oracle using SSL, you will need to use our CLI tool. After creating a service user, please see here for more instructions.

1. Create a read-only service account

Please run the SQL snippet below on your Oracle database to create a read-only service account for Monte Carlo

CREATE USER montecarlo IDENTIFIED BY '<PASSWORD>';
GRANT CREATE SESSION to montecarlo;

/* 
Grant access to all tables and views. Repeat for all relevant tables (or schemas).
Select permissions are necessary to create assets and custom SQL monitors. 
*/
GRANT SELECT ANY TABLE TO montecarlo;
-- or
GRANT SELECT ON <SCHEMA>.<TABLE> TO montecarlo;
-- ... repeating for each table.
-- or, only available in Oracle 23c+:
-- GRANT SELECT ON ANY TABLE ON SCHEMA <schema> TO 'montecarlo';

2a. Onboard Oracle Integration using Monte Carlo UI

With the service user created, you can add Oracle integration using our onboarding wizard.

  • Deployment: [Optional] If you have multiple deployments already in your Monte Carlo account, choose the deployment you want to use for this integration. If you do not have multiple deployments, this field will not be shown.
  • Integration name: The user-friendly name for this integration.
  • Host: The host of the Oracle database, (e.g. oracledb.xxxxxxxxxx.us-east-2.rds.amazonaws.com)
  • Port: The SQL port of the Oracle database, typically 1521.
  • Username: The username of the service account you created in Step 1.
  • Password: The password of the service account you created in Step 1.
  • Database: The Oracle database name that Monte Carlo will monitor.

When you click Add, Monte Carlo will run a series of validations to ensure we are able to reach the Oracle database and have the permissions required to collect metadata. If validation failures will be surfaced so you can address them before trying again.


2b. Onboard Oracle Integration using SSL

📘

Prerequisites

Requires creating a service account, as outlined here.

Monte Carlo supports SSL encrypted connections to Oracle databases, including:

  • Server certificate verification (one-way SSL) - validates the Oracle server's identity using a CA certificate

SSL configuration is supported via the command-line interface (CLI) for both creating new connections and updating existing ones.

📘

CLI Version Requirement

Oracle SSL support requires CLI version v0.147.0 or later.

You can find all available options for configuring an Oracle connection in the CLI documentation:

  • add-oracle - Create a new Oracle connection with SSL
  • update-oracle - Update an existing Oracle connection, including SSL configuration

Examples of SSL Authentication

  • Server Authentication. To verify the identity of the Oracle server, use the add-oracle command specifying the CA certificate (--ssl-ca). The CA certificate ensures that the server's identity is verified.

SSL Verification Options

Monte Carlo provides fine-grained control over SSL certificate verification:

OptionDefaultDescription
--ssl-verify-identityNot set (backend default)Verifies that the server's certificate hostname matches the connection target. Set to true to enable or false to disable. Requires --ssl-ca.
--ssl-verify-certNot set (backend default)Validates the server's certificate chain against the provided CA certificate. Set to true to enable or false to disable. Requires --ssl-cert.
--skip-cert-verificationfalseSkips ALL SSL verification (both certificate and hostname). Use only for testing - not recommended for production.

Common scenarios:

  • AWS RDS with hostname mismatch: Set --ssl-verify-identity=false if connecting via a custom endpoint or IP address
  • Self-signed certificates in development: Use --skip-cert-verification for testing only
  • Standard production setup: Use defaults (verification enabled when certificates are provided)

Updating SSL Configuration

You can update SSL settings for an existing Oracle connection using the update-oracle command. This is useful when:

  • Enabling SSL on a connection that was previously created without SSL
  • Updating certificates (e.g., when certificates expire or are rotated)
  • Changing SSL verification settings
  • Disabling SSL on a connection
⚠️

Important: Port Requirements

Oracle uses different ports for SSL and non-SSL connections:

  • Port 1521: Standard TCP port for non-SSL connections
  • Port 2484: TCPS port for SSL/TLS encrypted connections

When updating SSL settings, you must also update the port accordingly:

  • Enabling SSL: Use port 2484 (or update from 1521 to 2484)
  • Disabling SSL: Use port 1521 (or update from 2484 to 1521)

Examples:

Enable SSL on an existing connection:

montecarlo integrations update-oracle \
  --connection-id <connection-uuid> \
  --ssl-ca /path/to/ca.pem \
  --port 2484

Disable SSL (remember to update the port):

montecarlo integrations update-oracle \
  --connection-id <connection-uuid> \
  --ssl-disabled=true \
  --port 1521

Update only SSL verification settings (port remains the same):

montecarlo integrations update-oracle \
  --connection-id <connection-uuid> \
  --ssl-verify-identity=false
⚠️

Important

SSL connections require Oracle's Thin mode (the default). Thick mode (which requires Oracle Client libraries) does not support SSL configuration.

SSL Limitations

LimitationDetails
Thin mode onlySSL connections only work in Oracle Thin mode (the default). Thick mode is not supported.
TLS VersionTLS 1.2 is recommended. TLS 1.3 support depends on your Oracle server configuration.
Cipher SuitesMonte Carlo supports cipher suites at OpenSSL security level 1, including SSL_RSA_WITH_AES_256_GCM_SHA384 and other TLS 1.2 compatible ciphers. This ensures compatibility with Oracle and other enterprise deployments.

SSL Troubleshooting

SSL Handshake Failure

  • Verify your Oracle server supports TLS 1.2
  • For RDS, ensure the Option Group has SQLNET.CIPHER_SUITE set to a GCM cipher suite (e.g., SSL_RSA_WITH_AES_256_GCM_SHA384)
  • Verify the CA certificate matches the server's certificate chain

Connection Timeout on Port 2484

  • Verify SSL is enabled on your Oracle instance
  • Check security group/firewall rules allow port 2484
  • For RDS, ensure the Option Group with SSL is applied and the instance was rebooted

Certificate Verification Failed

  • Ensure you're using the correct CA certificate for your Oracle server
  • For RDS, use the region-specific certificate bundle

FAQs

What is the minimum supported version?

Monte Carlo supports Oracle Database 12.1 and newer.

Are cloud variants of Oracle like AWS RDS supported?

Yes, AWS RDS for Oracle is supported, including SSL/TLS encrypted connections.

Is SSL supported?

Yes, Monte Carlo supports SSL connections to Oracle databases. See the Connect using SSL section for detailed configuration steps.

Is client certificate authentication (mTLS) supported?

No. For now we only support server certificate validation (one-way SSL) but if you are interested in mTLS, please reach out to us!

What hosting solutions are supported?

This integration supports any instance that is reachable from one of our hosting options. Please see the networking docs for more detail.

Why does my table not have volume (row count) metrics?

If the table is partitioned, we do not collect row count metrics automatically.

Oracle does not maintain live row counts for partitioned tables. Instead, row count information is only available when partition-level statistics are collected via the DBMS_STATS package. These statistics represent a snapshot of the table at the time they were gathered and can quickly become outdated.

Monte Carlo does not use row count metrics based on manually collected statistics. This is because relying on outdated row counts can lead to inaccurate anomaly thresholds and an increased risk of false positives or missed incidents.

If you would like volume monitoring enabled for a specific partitioned table, you can enable the opt-in volume monitor which will run a select count(*) on the table hourly to collect volume data. You can optionally add a where condition to reduce the amount of rows scanned.

How can I validate Monte Carlo has access to my assets?

After completing the Oracle integration setup, your Oracle assets should appear in the Monte Carlo Assets page between a few minutes and one hour. If you don't see your assets after this time period, you can run a validation test to troubleshoot the connection:

  1. Navigate to Settings → Integrations
  2. Find your Oracle integration and click on it
  3. Select the specific connection you want to test
  4. Click the Test button from the connection menu

This validation test will help identify any configuration issues that might be preventing your assets from appearing. When running the validation test, you should see all green checkmarks. If any errors are encountered, the system will provide specific steps to resolve them.

Are any schemas excluded from collection?

Yes. Monte Carlo automatically excludes the following system schemas from metadata collection:

  • ANONYMOUS
  • APPQOSSYS
  • AUDSYS
  • DBSFWUSER
  • DBSNMP
  • DIP
  • GSADMIN_INTERNAL
  • GSMCATUSER
  • GSMUSER
  • GGSYS
  • OUTLN
  • REMOTE_SCHEDULER_AGENT
  • RDSADMIN
  • SYS
  • SYS$UFM
  • SYSBACKUP
  • SYSDG
  • SYSKM
  • SYSRAC
  • SYSTEM
  • XDB
  • XS$NULL
  • CTXSYS

Updated about 15 hours ago