Oracle LogMiner的使用实例代码

logminer介绍

logminer是用于oracle日志挖掘的利器。

百科解释:

logminer 是oracle公司从产品8i以后提供的一个实际非常有用的分析工具,使用该工具可以轻松获得oracle 重做日志文件(归档日志文件)中的具体内容,logminer分析工具实际上是由一组pl/sql包和一些动态视图组成,它作为oracle数据库的一部分来发布,是oracle公司提供的一个完全免费的工具。

本文主要演示logminer的使用,直观展示logminer的作用。

环境:oracle 11.2.0.4 rac

1.查询当前日志组

使用sys用户查询oracle数据库的当前日志组:

--1.current log
sql> select * from v$log;

 group# thread# sequence#  bytes blocksize members arc status   first_change# first_time next_change# next_time
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
   1   1   29 52428800  512   2 yes inactive    1547838 25-jun-17   1547840 25-jun-17
   2   1   30 52428800  512   2 no current    1567897 27-jun-17  2.8147e+14 27-jun-17
   3   2   25 52428800  512   2 no current    1567902 27-jun-17  2.8147e+14
   4   2   24 52428800  512   2 yes inactive    1567900 27-jun-17   1567902 27-jun-17

这里当前日志(current)是:

thread 1 sequence 30

thread 2 sequence 25

2.业务用户插入操作

模拟业务用户jingyu插入t2表数据:

--2.业务用户插入操作
sqlplus jingyu/jingyu@jyzhao
sql> select count(1) from t2;

 count(1)
----------
   0

sql> insert into t2 select rownum, rownum, rownum, dbms_random.string('b',50) from dual connect by level <= 100000 order by dbms_random.random;
commit;

100000 rows created.

sql> 
commit complete.
sql> select count(1) from t2;

 count(1)
----------
 100000

3.归档日志切换

为了区分每个日志的不同操作,这里对数据库进行手工归档切换,模拟现实中实际的归档切换。

--3.模拟归档日志切换
sql> alter system archive log current;

system altered.

sql> select * from v$log;

 group# thread# sequence#  bytes blocksize members arc status   first_change# first_time next_change# next_time
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
   1   1   31 52428800  512   2 no current    1572517 27-jun-17  2.8147e+14
   2   1   30 52428800  512   2 yes active     1567897 27-jun-17   1572517 27-jun-17
   3   2   25 52428800  512   2 yes active     1567902 27-jun-17   1572521 27-jun-17
   4   2   26 52428800  512   2 no current    1572521 27-jun-17  2.8147e+14

4.业务用户插入操作

模拟业务用户jingyu删除t2表部分数据:

--4.业务用户删除操作

sql> delete from t2 where id < 10000;

9999 rows deleted.

sql> commit;

commit complete.

sql> select count(1) from t2;

 count(1)
----------
  90001

5.归档日志切换

为了区分每个日志的不同操作,这里对数据库进行手工归档切换,模拟现实中实际的归档切换。

--5.模拟归档日志切换
sql> alter system archive log current;

system altered.

sql> select * from v$log;

 group# thread# sequence#  bytes blocksize members arc status   first_change# first_time next_change# next_time
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
   1   1   31 52428800  512   2 yes active     1572517 27-jun-17   1574293 27-jun-17
   2   1   32 52428800  512   2 no current    1574293 27-jun-17  2.8147e+14
   3   2   27 52428800  512   2 no current    1574296 27-jun-17  2.8147e+14
   4   2   26 52428800  512   2 yes active     1572521 27-jun-17   1574296 27-jun-17

6.业务用户更新操作

模拟业务用户jingyu更新t2表部分数据:

--6.业务用户更新操作
sql> update t2 set contents = 'xxx' where id > 99998;

 
2 rows updated.

sql> commit;

commit complete.

7.归档日志切换

为了区分每个日志的不同操作,这里对数据库进行手工归档切换,模拟现实中实际的归档切换。

--7.模拟归档日志切换
sql> alter system archive log current;

system altered.

sql> select * from v$log;

 group# thread# sequence#  bytes blocksize members arc status   first_change# first_time next_change# next_time
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
   1   1   33 52428800  512   2 no current    1575480 27-jun-17  2.8147e+14
   2   1   32 52428800  512   2 yes active     1574293 27-jun-17   1575480 27-jun-17
   3   2   27 52428800  512   2 yes active     1574296 27-jun-17   1575458 27-jun-17
   4   2   28 52428800  512   2 no current    1575458 27-jun-17  2.8147e+14

8.确认需要分析的日志

确认之后需要使用logminer分析的日志:

--8.确认需要分析的日志
thread# 1 sequence# 30
thread# 2 sequence# 25
这部分日志肯定是有记录插入操作

thread# 1 sequence# 31
thread# 2 sequence# 26
这部分日志肯定是有记录删除操作

thread# 1 sequence# 32
thread# 2 sequence# 27
这部分日志肯定是有记录更新操作

9.备份归档日志

将相关的归档都copy备份出来:

--9. 将相关的归档都copy备份出来
run {
allocate channel dev1 device type disk format '/tmp/backup/arc_%h_%e_%t';

backup as copy archivelog sequence 30 thread 1;
backup as copy archivelog sequence 31 thread 1;
backup as copy archivelog sequence 32 thread 1;
backup as copy archivelog sequence 25 thread 2;
backup as copy archivelog sequence 26 thread 2;
backup as copy archivelog sequence 27 thread 2;

release channel dev1;
}

备份出来的归档日志文件如下:

[oracle@jyrac1 backup]$ ls -lrth
total 17m
-rw-r----- 1 oracle asmadmin 2.3m jun 27 21:50 arc_1_30_947800247
-rw-r----- 1 oracle asmadmin 591k jun 27 21:50 arc_1_31_947800249
-rw-r----- 1 oracle asmadmin 143k jun 27 21:50 arc_1_32_947800250
-rw-r----- 1 oracle asmadmin 9.5m jun 27 21:50 arc_2_25_947800251
-rw-r----- 1 oracle asmadmin 3.6m jun 27 21:50 arc_2_26_947800253
-rw-r----- 1 oracle asmadmin 77k jun 27 21:50 arc_2_27_947800254

10.使用logminer分析

使用logminer分析归档日志:

--使用logminer分析归档日志
--应该有插入操作的日志
begin
 dbms_logmnr.add_logfile('/tmp/backup/arc_1_30_947800247');
 dbms_logmnr.add_logfile('/tmp/backup/arc_2_25_947800251');
 dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
end;
/

--应该有删除操作的日志
begin
 dbms_logmnr.add_logfile('/tmp/backup/arc_1_31_947800249');
 dbms_logmnr.add_logfile('/tmp/backup/arc_2_26_947800253');
 dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
end;
/

--应该有更新操作的日志
begin
 dbms_logmnr.add_logfile('/tmp/backup/arc_1_32_947800250');
 dbms_logmnr.add_logfile('/tmp/backup/arc_2_27_947800254');
 dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
end;
/

查询v$logmnr_contents

set lines 180 pages 500
col username format a8
col sql_redo format a50 
select username,scn,timestamp,sql_redo from v$logmnr_contents where table_name='t2'; 
select username,scn,timestamp,sql_redo from v$logmnr_contents where username='jingyu';

select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like '%jingyu%';

select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'insert%jingyu%';
select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'delete%jingyu%';
select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'update%jingyu%';

实验发现,以username为条件无法查询到相关记录,最终确认username都是unknown而不是真正执行语句的业务用户jingyu。

而挖掘出的日志sql_redo这个字段是完整的sql,可以采用like的方式查询,比如我分析更新操作的日志,就可以得到下面这样的结果:

sql> --应该有更新操作的日志
sql> begin
 2  dbms_logmnr.add_logfile('/tmp/backup/arc_1_32_947800250');
 3  dbms_logmnr.add_logfile('/tmp/backup/arc_2_27_947800254');
 4  dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
 5 end;
 6 /

pl/sql procedure successfully completed.

sql> select count(1) from v$logmnr_contents;

 count(1)
----------
  388

sql> select username,scn,timestamp,sql_redo from v$logmnr_contents where username='jingyu';

no rows selected

sql> select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like '%jingyu%';

username        scn timestamp
------------------------------ ---------- ------------
sql_redo
--------------------------------------------------------------------------------
unknown       1575420 27-jun-17
update "jingyu"."t2" set "contents" = 'xxx' where "contents" = 'yswgnnlclmywpslq
etvlgqjrkqieamoeyufnruqulvfrvpedrv' and rowid = 'aaavwvaagaaaahnabj';

unknown       1575420 27-jun-17
update "jingyu"."t2" set "contents" = 'xxx' where "contents" = 'whcwfozvljwhfwlj
dnvsmqtorgjffxyadiojzwjcddoyxaoqjg' and rowid = 'aaavwvaagaaaaoyaae';


sql> 

至此,logminer基本的操作实验已完成。

附:与logminer有关的一些操作命令参考:

conn / as sysdba
--安装logminer
@$oracle_home/rdbms/admin/dbmslmd.sql;
@$oracle_home/rdbms/admin/dbmslm.sql;
@$oracle_home/rdbms/admin/dbmslms.sql;
@$oracle_home/rdbms/admin/prvtlm.plb;

--停止logmnr
exec dbms_logmnr.end_logmnr
 
--查询附加日志开启情况:
select supplemental_log_data_min, supplemental_log_data_pk, supplemental_log_data_ui from v$database; 

--开启附加日志
alter database add supplemental log data;

--取消补充日志
alter database drop supplemental log data (primary key) columns;
alter database drop supplemental log data (unique) columns;
alter database drop supplemental log data;

--最后一个即为新的归档
select name,dest_id,thread#,sequence# from v$archived_log; 

最后确认如果开启了附加日志,username就可以捕获到正确的值:

sql> set lines 180
sql> /

 group# thread# sequence#  bytes blocksize members arc status   first_change# first_time next_change# next_time
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
   1   1   35 52428800  512   2 yes inactive    1590589 27-jun-17   1591935 27-jun-17
   2   1   36 52428800  512   2 no current    1591935 27-jun-17  2.8147e+14
   3   2   29 52428800  512   2 yes inactive    1590594 27-jun-17   1591938 27-jun-17
   4   2   30 52428800  512   2 no current    1591938 27-jun-17  2.8147e+14

1,36
2,30
sql> update t2 set contents = 
 2 'aaa' where id = 44449;

1 row updated.

sql> commit;

commit complete.

run {
allocate channel dev1 device type disk format '/tmp/backup/arc_%h_%e_%t';

backup as copy archivelog sequence 36 thread 1;
backup as copy archivelog sequence 30 thread 2;

release channel dev1;
}

begin
 dbms_logmnr.add_logfile('/tmp/backup/arc_1_36_947808116');
 dbms_logmnr.add_logfile('/tmp/backup/arc_2_30_947808118');
 dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
end;
/

sql> select username,scn,timestamp,sql_redo from v$logmnr_contents where username='jingyu';

username        scn timestamp
------------------------------ ---------- ------------
sql_redo
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
jingyu       1593448 27-jun-17
set transaction read write;

jingyu       1593448 27-jun-17
update "jingyu"."t2" set "contents" = 'aaa' where "contents" = 'wztsqzwyocndfksmnjqlolfubrdohcbmkxbhapjshcmwbyzjvh' and rowid = 'aaavwvaagaaaaclaal';

jingyu       1593450 27-jun-17
commit;

可以看到,开启了附加日志,就可以正常显示username的信息了。

总结

以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对www.887551.com的支持。

(0)
上一篇 2022年3月21日
下一篇 2022年3月21日

相关推荐