logminer介绍
logminer是用于oracle日志挖掘的利器。
百科解释:
logminer 是oracle公司从产品8i以后提供的一个实际非常有用的分析工具,使用该工具可以轻松获得oracle 重做日志文件(归档日志文件)中的具体内容,logminer分析工具实际上是由一组pl/sql包和一些动态视图组成,它作为oracle数据库的一部分来发布,是oracle公司提供的一个完全免费的工具。
本文主要演示logminer的使用,直观展示logminer的作用。
环境:oracle 11.2.0.4 rac
1.查询当前日志组
使用sys用户查询oracle数据库的当前日志组:
--1.current log sql> select * from v$log; group# thread# sequence# bytes blocksize members arc status first_change# first_time next_change# next_time ---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------ 1 1 29 52428800 512 2 yes inactive 1547838 25-jun-17 1547840 25-jun-17 2 1 30 52428800 512 2 no current 1567897 27-jun-17 2.8147e+14 27-jun-17 3 2 25 52428800 512 2 no current 1567902 27-jun-17 2.8147e+14 4 2 24 52428800 512 2 yes inactive 1567900 27-jun-17 1567902 27-jun-17
这里当前日志(current)是:
thread 1 sequence 30
thread 2 sequence 25
2.业务用户插入操作
模拟业务用户jingyu插入t2表数据:
--2.业务用户插入操作
sqlplus jingyu/jingyu@jyzhao
sql> select count(1) from t2;
count(1)
----------
0
sql> insert into t2 select rownum, rownum, rownum, dbms_random.string('b',50) from dual connect by level <= 100000 order by dbms_random.random;
commit;
100000 rows created.
sql>
commit complete.
sql> select count(1) from t2;
count(1)
----------
100000
3.归档日志切换
为了区分每个日志的不同操作,这里对数据库进行手工归档切换,模拟现实中实际的归档切换。
--3.模拟归档日志切换 sql> alter system archive log current; system altered. sql> select * from v$log; group# thread# sequence# bytes blocksize members arc status first_change# first_time next_change# next_time ---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------ 1 1 31 52428800 512 2 no current 1572517 27-jun-17 2.8147e+14 2 1 30 52428800 512 2 yes active 1567897 27-jun-17 1572517 27-jun-17 3 2 25 52428800 512 2 yes active 1567902 27-jun-17 1572521 27-jun-17 4 2 26 52428800 512 2 no current 1572521 27-jun-17 2.8147e+14
4.业务用户插入操作
模拟业务用户jingyu删除t2表部分数据:
--4.业务用户删除操作 sql> delete from t2 where id < 10000; 9999 rows deleted. sql> commit; commit complete. sql> select count(1) from t2; count(1) ---------- 90001
5.归档日志切换
为了区分每个日志的不同操作,这里对数据库进行手工归档切换,模拟现实中实际的归档切换。
--5.模拟归档日志切换 sql> alter system archive log current; system altered. sql> select * from v$log; group# thread# sequence# bytes blocksize members arc status first_change# first_time next_change# next_time ---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------ 1 1 31 52428800 512 2 yes active 1572517 27-jun-17 1574293 27-jun-17 2 1 32 52428800 512 2 no current 1574293 27-jun-17 2.8147e+14 3 2 27 52428800 512 2 no current 1574296 27-jun-17 2.8147e+14 4 2 26 52428800 512 2 yes active 1572521 27-jun-17 1574296 27-jun-17
6.业务用户更新操作
模拟业务用户jingyu更新t2表部分数据:
--6.业务用户更新操作 sql> update t2 set contents = 'xxx' where id > 99998; 2 rows updated. sql> commit; commit complete.
7.归档日志切换
为了区分每个日志的不同操作,这里对数据库进行手工归档切换,模拟现实中实际的归档切换。
--7.模拟归档日志切换 sql> alter system archive log current; system altered. sql> select * from v$log; group# thread# sequence# bytes blocksize members arc status first_change# first_time next_change# next_time ---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------ 1 1 33 52428800 512 2 no current 1575480 27-jun-17 2.8147e+14 2 1 32 52428800 512 2 yes active 1574293 27-jun-17 1575480 27-jun-17 3 2 27 52428800 512 2 yes active 1574296 27-jun-17 1575458 27-jun-17 4 2 28 52428800 512 2 no current 1575458 27-jun-17 2.8147e+14
8.确认需要分析的日志
确认之后需要使用logminer分析的日志:
--8.确认需要分析的日志 thread# 1 sequence# 30 thread# 2 sequence# 25 这部分日志肯定是有记录插入操作 thread# 1 sequence# 31 thread# 2 sequence# 26 这部分日志肯定是有记录删除操作 thread# 1 sequence# 32 thread# 2 sequence# 27 这部分日志肯定是有记录更新操作
9.备份归档日志
将相关的归档都copy备份出来:
--9. 将相关的归档都copy备份出来
run {
allocate channel dev1 device type disk format '/tmp/backup/arc_%h_%e_%t';
backup as copy archivelog sequence 30 thread 1;
backup as copy archivelog sequence 31 thread 1;
backup as copy archivelog sequence 32 thread 1;
backup as copy archivelog sequence 25 thread 2;
backup as copy archivelog sequence 26 thread 2;
backup as copy archivelog sequence 27 thread 2;
release channel dev1;
}
备份出来的归档日志文件如下:
[oracle@jyrac1 backup]$ ls -lrth total 17m -rw-r----- 1 oracle asmadmin 2.3m jun 27 21:50 arc_1_30_947800247 -rw-r----- 1 oracle asmadmin 591k jun 27 21:50 arc_1_31_947800249 -rw-r----- 1 oracle asmadmin 143k jun 27 21:50 arc_1_32_947800250 -rw-r----- 1 oracle asmadmin 9.5m jun 27 21:50 arc_2_25_947800251 -rw-r----- 1 oracle asmadmin 3.6m jun 27 21:50 arc_2_26_947800253 -rw-r----- 1 oracle asmadmin 77k jun 27 21:50 arc_2_27_947800254
10.使用logminer分析
使用logminer分析归档日志:
--使用logminer分析归档日志
--应该有插入操作的日志
begin
dbms_logmnr.add_logfile('/tmp/backup/arc_1_30_947800247');
dbms_logmnr.add_logfile('/tmp/backup/arc_2_25_947800251');
dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
end;
/
--应该有删除操作的日志
begin
dbms_logmnr.add_logfile('/tmp/backup/arc_1_31_947800249');
dbms_logmnr.add_logfile('/tmp/backup/arc_2_26_947800253');
dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
end;
/
--应该有更新操作的日志
begin
dbms_logmnr.add_logfile('/tmp/backup/arc_1_32_947800250');
dbms_logmnr.add_logfile('/tmp/backup/arc_2_27_947800254');
dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
end;
/
查询v$logmnr_contents
set lines 180 pages 500 col username format a8 col sql_redo format a50 select username,scn,timestamp,sql_redo from v$logmnr_contents where table_name='t2'; select username,scn,timestamp,sql_redo from v$logmnr_contents where username='jingyu'; select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like '%jingyu%'; select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'insert%jingyu%'; select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'delete%jingyu%'; select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'update%jingyu%';
实验发现,以username为条件无法查询到相关记录,最终确认username都是unknown而不是真正执行语句的业务用户jingyu。
而挖掘出的日志sql_redo这个字段是完整的sql,可以采用like的方式查询,比如我分析更新操作的日志,就可以得到下面这样的结果:
sql> --应该有更新操作的日志
sql> begin
2 dbms_logmnr.add_logfile('/tmp/backup/arc_1_32_947800250');
3 dbms_logmnr.add_logfile('/tmp/backup/arc_2_27_947800254');
4 dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
5 end;
6 /
pl/sql procedure successfully completed.
sql> select count(1) from v$logmnr_contents;
count(1)
----------
388
sql> select username,scn,timestamp,sql_redo from v$logmnr_contents where username='jingyu';
no rows selected
sql> select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like '%jingyu%';
username scn timestamp
------------------------------ ---------- ------------
sql_redo
--------------------------------------------------------------------------------
unknown 1575420 27-jun-17
update "jingyu"."t2" set "contents" = 'xxx' where "contents" = 'yswgnnlclmywpslq
etvlgqjrkqieamoeyufnruqulvfrvpedrv' and rowid = 'aaavwvaagaaaahnabj';
unknown 1575420 27-jun-17
update "jingyu"."t2" set "contents" = 'xxx' where "contents" = 'whcwfozvljwhfwlj
dnvsmqtorgjffxyadiojzwjcddoyxaoqjg' and rowid = 'aaavwvaagaaaaoyaae';
sql>
至此,logminer基本的操作实验已完成。
附:与logminer有关的一些操作命令参考:
conn / as sysdba --安装logminer @$oracle_home/rdbms/admin/dbmslmd.sql; @$oracle_home/rdbms/admin/dbmslm.sql; @$oracle_home/rdbms/admin/dbmslms.sql; @$oracle_home/rdbms/admin/prvtlm.plb; --停止logmnr exec dbms_logmnr.end_logmnr --查询附加日志开启情况: select supplemental_log_data_min, supplemental_log_data_pk, supplemental_log_data_ui from v$database; --开启附加日志 alter database add supplemental log data; --取消补充日志 alter database drop supplemental log data (primary key) columns; alter database drop supplemental log data (unique) columns; alter database drop supplemental log data; --最后一个即为新的归档 select name,dest_id,thread#,sequence# from v$archived_log;
最后确认如果开启了附加日志,username就可以捕获到正确的值:
sql> set lines 180
sql> /
group# thread# sequence# bytes blocksize members arc status first_change# first_time next_change# next_time
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
1 1 35 52428800 512 2 yes inactive 1590589 27-jun-17 1591935 27-jun-17
2 1 36 52428800 512 2 no current 1591935 27-jun-17 2.8147e+14
3 2 29 52428800 512 2 yes inactive 1590594 27-jun-17 1591938 27-jun-17
4 2 30 52428800 512 2 no current 1591938 27-jun-17 2.8147e+14
1,36
2,30
sql> update t2 set contents =
2 'aaa' where id = 44449;
1 row updated.
sql> commit;
commit complete.
run {
allocate channel dev1 device type disk format '/tmp/backup/arc_%h_%e_%t';
backup as copy archivelog sequence 36 thread 1;
backup as copy archivelog sequence 30 thread 2;
release channel dev1;
}
begin
dbms_logmnr.add_logfile('/tmp/backup/arc_1_36_947808116');
dbms_logmnr.add_logfile('/tmp/backup/arc_2_30_947808118');
dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
end;
/
sql> select username,scn,timestamp,sql_redo from v$logmnr_contents where username='jingyu';
username scn timestamp
------------------------------ ---------- ------------
sql_redo
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
jingyu 1593448 27-jun-17
set transaction read write;
jingyu 1593448 27-jun-17
update "jingyu"."t2" set "contents" = 'aaa' where "contents" = 'wztsqzwyocndfksmnjqlolfubrdohcbmkxbhapjshcmwbyzjvh' and rowid = 'aaavwvaagaaaaclaal';
jingyu 1593450 27-jun-17
commit;
可以看到,开启了附加日志,就可以正常显示username的信息了。
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对www.887551.com的支持。