oracle logmnr 日志挖掘一例
来源:互联网 发布:逆战源码 编辑:程序博客网 时间:2024/05/21 17:23
1. 执行删除操作
SQL> drop table t ;
Table dropped.
SQL> select * from tab ;
TNAME TABTYPE CLUSTERID
------------------------------ ------- ----------
BIN$wWGJJd0UCrDgRAAMKRcWyg==$0 TABLE
TTS SYNONYM
TTSS SYNONYM
SQL> purge table t;
Table purged.
使用logmnr来挖掘日志中的信息
2. 查看操作目录
SQL> show parameter utl_file_dir
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
utl_file_dir string
没有指定,那么指定一个文件夹用来存放logmnr的字典文件
-bash-3.00$ mkdir /gwrs/logmnr
SQL> alter system set utl_file_dir='/gwrs/logmnr' scope=spfile ;
System altered.
重启一下数据库
-bash-3.00$ srvctl stop database -d prod
-bash-3.00$ srvctl start database -d prod
3. 建立字典文件
SQL> execute dbms_logmnr_d.build ('dict.ora','/gwrs/logmnr',dbms_logmnr_d.store_in_flat_file);
PL/SQL procedure successfully completed.
4. 分析日志
将可能相关的日志都加入分析
begin
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_35_7wjflz93_.arc',options=>dbms_logmnr.new) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_31_7wjfngtq_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_32_7wjfnkbr_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_36_7wjgg4dh_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_37_7wjlnoxr_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_38_7wjmwbcs_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_33_7wjmwjfj_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.start_logmnr(dictfilename=>'/gwrs/logmnr/dict.ora');
end ;
/
5. 分析操作记录
注意, 这里的logmnr记录日志只在本次会话中生效,如果需要在其他会话分析这些日志需要创建一个表来保存它
create table logmnr_tmp tablespace users as select * from v$logmnr_contents ;
接下来就可以分析日志了。
SQL> col seg_name for a10
SQL> col sql_redo for a50
SQL> col seg_owner for a10
SQL> col table_name for a10
select scn , timestamp , seg_owner, seg_name , table_name , sql_redo from logmnr_tmp where table_name='T' ;
SCN TIMESTAMP SEG_OWNER SEG_NAME TABLE_NAME SQL_REDO
---------- --------- ---------- ---------- ---------- --------------------------------------------------
1823865 01-JUN-12 DEX T T ALTER TABLE "DEX"."T" RENAME TO "BIN$wWGJJd0UCrDgR
AAMKRcWyg==$0" ;
1823868 01-JUN-12 DEX T T drop table t AS "BIN$wWGJJd0UCrDgRAAMKRcWyg==$0"
;
1823953 01-JUN-12 DEX T T purge table "BIN$wWGJJd0UCrDgRAAMKRcWyg==$0" ;
如果发现username , os_username , machine_name 等为unknow 或者 null 的状态 这是一个bug 当你重复执行同一个logmnr使用相同的参数的时候就可能会出现这种状况(第一次不会)BUG:10129774
链接地址 https://support.oracle.com/CSP/main/article?cmd=show&type=BUG&id=10129774
打补丁 10129774
或者提前使用补充日志
我们再来试一下
SQL> alter database add supplemental log data;
Database altered.
SQL> set time on
15:00:41 SQL>
15:01:16 SQL> select log_mode, supplemental_log_data_min from v$database;
LOG_MODE SUPPLEME
------------ --------
ARCHIVELOG YES
15:02:18 SQL> create table t (x int primary key ) ;
Table created.
15:02:32 SQL> drop table t purge ;
Table dropped.
begin
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_36_7wjtbo2y_.arc',options=>dbms_logmnr.new) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_46_7wjtbsns_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.start_logmnr(dictfilename=>'/gwrs/logmnr/dict.ora');
end ;
/
create table log_tmp tablespace users as select * from v$logmnr_contents ;
15:15:59 SQL> set lines 150
15:13:15 SQL> col username for a20
15:15:50 SQL> col os_username for a10
15:15:50 SQL> col machine_name for a10
15:15:50 SQL> col sql_redo for a50
15:15:51 SQL> select username , os_username , machine_name , sql_redo from logmnr_tmp where table_name='T' ;
USERNAME OS_USERNAM MACHINE_NA SQL_REDO
-------------------- ---------- ---------- --------------------------------------------------
DEX oracle sol1 create table t (x int primary key ) ;
DEX oracle sol1 drop table t purge ;
ok 了, 再执行一次看一下bug是否依旧存在。
15:16:11 SQL> exec dbms_logmnr.end_logmnr() ;
begin
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_36_7wjtbo2y_.arc',options=>dbms_logmnr.new) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_46_7wjtbsns_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.start_logmnr(dictfilename=>'/gwrs/logmnr/dict.ora');
end ;
/
15:17:53 SQL> select username , os_username , machine_name , sql_redo from v$logmnr_contents where table_name='T' ;
USERNAME OS_USERNAM MACHINE_NA SQL_REDO
-------------------- ---------- ---------- --------------------------------------------------
DEX oracle sol1 create table t (x int primary key ) ;
DEX oracle sol1 drop table t purge ;
ok 没有问题。
SQL> drop table t ;
Table dropped.
SQL> select * from tab ;
TNAME TABTYPE CLUSTERID
------------------------------ ------- ----------
BIN$wWGJJd0UCrDgRAAMKRcWyg==$0 TABLE
TTS SYNONYM
TTSS SYNONYM
SQL> purge table t;
Table purged.
使用logmnr来挖掘日志中的信息
2. 查看操作目录
SQL> show parameter utl_file_dir
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
utl_file_dir string
没有指定,那么指定一个文件夹用来存放logmnr的字典文件
-bash-3.00$ mkdir /gwrs/logmnr
SQL> alter system set utl_file_dir='/gwrs/logmnr' scope=spfile ;
System altered.
重启一下数据库
-bash-3.00$ srvctl stop database -d prod
-bash-3.00$ srvctl start database -d prod
3. 建立字典文件
SQL> execute dbms_logmnr_d.build ('dict.ora','/gwrs/logmnr',dbms_logmnr_d.store_in_flat_file);
PL/SQL procedure successfully completed.
4. 分析日志
将可能相关的日志都加入分析
begin
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_35_7wjflz93_.arc',options=>dbms_logmnr.new) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_31_7wjfngtq_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_32_7wjfnkbr_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_36_7wjgg4dh_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_37_7wjlnoxr_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_38_7wjmwbcs_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_33_7wjmwjfj_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.start_logmnr(dictfilename=>'/gwrs/logmnr/dict.ora');
end ;
/
5. 分析操作记录
注意, 这里的logmnr记录日志只在本次会话中生效,如果需要在其他会话分析这些日志需要创建一个表来保存它
create table logmnr_tmp tablespace users as select * from v$logmnr_contents ;
接下来就可以分析日志了。
SQL> col seg_name for a10
SQL> col sql_redo for a50
SQL> col seg_owner for a10
SQL> col table_name for a10
select scn , timestamp , seg_owner, seg_name , table_name , sql_redo from logmnr_tmp where table_name='T' ;
SCN TIMESTAMP SEG_OWNER SEG_NAME TABLE_NAME SQL_REDO
---------- --------- ---------- ---------- ---------- --------------------------------------------------
1823865 01-JUN-12 DEX T T ALTER TABLE "DEX"."T" RENAME TO "BIN$wWGJJd0UCrDgR
AAMKRcWyg==$0" ;
1823868 01-JUN-12 DEX T T drop table t AS "BIN$wWGJJd0UCrDgRAAMKRcWyg==$0"
;
1823953 01-JUN-12 DEX T T purge table "BIN$wWGJJd0UCrDgRAAMKRcWyg==$0" ;
如果发现username , os_username , machine_name 等为unknow 或者 null 的状态 这是一个bug 当你重复执行同一个logmnr使用相同的参数的时候就可能会出现这种状况(第一次不会)BUG:10129774
链接地址 https://support.oracle.com/CSP/main/article?cmd=show&type=BUG&id=10129774
打补丁 10129774
或者提前使用补充日志
我们再来试一下
SQL> alter database add supplemental log data;
Database altered.
SQL> set time on
15:00:41 SQL>
15:01:16 SQL> select log_mode, supplemental_log_data_min from v$database;
LOG_MODE SUPPLEME
------------ --------
ARCHIVELOG YES
15:02:18 SQL> create table t (x int primary key ) ;
Table created.
15:02:32 SQL> drop table t purge ;
Table dropped.
begin
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_36_7wjtbo2y_.arc',options=>dbms_logmnr.new) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_46_7wjtbsns_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.start_logmnr(dictfilename=>'/gwrs/logmnr/dict.ora');
end ;
/
create table log_tmp tablespace users as select * from v$logmnr_contents ;
15:15:59 SQL> set lines 150
15:13:15 SQL> col username for a20
15:15:50 SQL> col os_username for a10
15:15:50 SQL> col machine_name for a10
15:15:50 SQL> col sql_redo for a50
15:15:51 SQL> select username , os_username , machine_name , sql_redo from logmnr_tmp where table_name='T' ;
USERNAME OS_USERNAM MACHINE_NA SQL_REDO
-------------------- ---------- ---------- --------------------------------------------------
DEX oracle sol1 create table t (x int primary key ) ;
DEX oracle sol1 drop table t purge ;
ok 了, 再执行一次看一下bug是否依旧存在。
15:16:11 SQL> exec dbms_logmnr.end_logmnr() ;
begin
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_2_36_7wjtbo2y_.arc',options=>dbms_logmnr.new) ;
dbms_logmnr.add_logfile(logfilename=>'/gwrs/PROD/archivelog/2012_06_01/o1_mf_1_46_7wjtbsns_.arc',options=>dbms_logmnr.addfile) ;
dbms_logmnr.start_logmnr(dictfilename=>'/gwrs/logmnr/dict.ora');
end ;
/
15:17:53 SQL> select username , os_username , machine_name , sql_redo from v$logmnr_contents where table_name='T' ;
USERNAME OS_USERNAM MACHINE_NA SQL_REDO
-------------------- ---------- ---------- --------------------------------------------------
DEX oracle sol1 create table t (x int primary key ) ;
DEX oracle sol1 drop table t purge ;
ok 没有问题。
- oracle logmnr 日志挖掘一例
- 在oracle中Logmnr进行日志挖掘
- Logmnr--日志挖掘器
- Oracle 10g LOGMNR挖掘日志很方便
- oracle学习之:使用logmnr工具挖掘日志
- LOGMNR挖掘日志与DUMP日志对比
- oracle 查看日志 LOGMNR 资料
- LOGMNR日志挖掘工具的使用
- [Logmnr]对重做日志进行数据挖掘
- [Logmnr]对归档日志进行数据挖掘
- 解析Oracle 10g中的Logmnr使用一例
- logmnr日志挖掘(sys且session可见其他用户看不到)
- Oracle logmnr
- ORACLE学习之路--使用LOGMNR查看数据库日志。
- Oracle的日志挖掘
- oracle 日志挖掘
- Oracle日志挖掘
- oracle 日志挖掘
- 中断之原理篇
- virtualbox如何打开用VMware安装的虚拟系统
- Http download like Video Stream?
- QLocalServer
- VS2008快捷方式
- oracle logmnr 日志挖掘一例
- C++语言复习一
- 属性特性copy和retain的区别
- windows XP编译Qt4.8.0错误
- CPU联盟潘榆文:百度侵权的大山虽然高不可攀,但我愿做愚公
- 【学习点滴-数据结构-二叉树】序列是否是二叉查找树的后序遍历结果
- Android页面跳转是如何传递参数的
- 各种微博分享按钮代码
- 类内部存储的东西:太简洁了----小话c++(5)