LogMiner介紹
LogMiner是用于Oracle日志挖掘的利器。
百科解釋:
LogMiner 是Oracle公司從產(chǎn)品8i以后提供的一個(gè)實(shí)際非常有用的分析工具,使用該工具可以輕松獲得Oracle 重做日志文件(歸檔日志文件)中的具體內(nèi)容,LogMiner分析工具實(shí)際上是由一組PL/SQL包和一些動(dòng)態(tài)視圖組成,它作為Oracle數(shù)據(jù)庫的一部分來發(fā)布,是oracle公司提供的一個(gè)完全免費(fèi)的工具。
本文主要演示LogMiner的使用,直觀展示LogMiner的作用。
環(huán)境:Oracle 11.2.0.4 RAC
1.查詢當(dāng)前日志組
使用sys用戶查詢Oracle數(shù)據(jù)庫的當(dāng)前日志組:
--1.current log
SQL> select * from v$log;
GROUP# THREAD# SEQUENCE# BYTES BLOCKSIZE MEMBERS ARC STATUS FIRST_CHANGE# FIRST_TIME NEXT_CHANGE# NEXT_TIME
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
1 1 29 52428800 512 2 YES INACTIVE 1547838 25-JUN-17 1547840 25-JUN-17
2 1 30 52428800 512 2 NO CURRENT 1567897 27-JUN-17 2.8147E+14 27-JUN-17
3 2 25 52428800 512 2 NO CURRENT 1567902 27-JUN-17 2.8147E+14
4 2 24 52428800 512 2 YES INACTIVE 1567900 27-JUN-17 1567902 27-JUN-17
這里當(dāng)前日志(current)是:
thread 1 sequence 30
thread 2 sequence 25
2.業(yè)務(wù)用戶插入操作
模擬業(yè)務(wù)用戶jingyu插入T2表數(shù)據(jù):
--2.業(yè)務(wù)用戶插入操作
sqlplus jingyu/jingyu@jyzhao
SQL> select count(1) from t2;
COUNT(1)
----------
0
SQL> insert into t2 select rownum, rownum, rownum, dbms_random.string('b',50) from dual connect by level = 100000 order by dbms_random.random;
commit;
100000 rows created.
SQL>
Commit complete.
SQL> select count(1) from t2;
COUNT(1)
----------
100000
3.歸檔日志切換
為了區(qū)分每個(gè)日志的不同操作,這里對(duì)數(shù)據(jù)庫進(jìn)行手工歸檔切換,模擬現(xiàn)實(shí)中實(shí)際的歸檔切換。
--3.模擬歸檔日志切換
SQL> alter system archive log current;
System altered.
SQL> select * from v$log;
GROUP# THREAD# SEQUENCE# BYTES BLOCKSIZE MEMBERS ARC STATUS FIRST_CHANGE# FIRST_TIME NEXT_CHANGE# NEXT_TIME
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
1 1 31 52428800 512 2 NO CURRENT 1572517 27-JUN-17 2.8147E+14
2 1 30 52428800 512 2 YES ACTIVE 1567897 27-JUN-17 1572517 27-JUN-17
3 2 25 52428800 512 2 YES ACTIVE 1567902 27-JUN-17 1572521 27-JUN-17
4 2 26 52428800 512 2 NO CURRENT 1572521 27-JUN-17 2.8147E+14
4.業(yè)務(wù)用戶插入操作
模擬業(yè)務(wù)用戶jingyu刪除T2表部分?jǐn)?shù)據(jù):
--4.業(yè)務(wù)用戶刪除操作
SQL> delete from t2 where id 10000;
9999 rows deleted.
SQL> commit;
Commit complete.
SQL> select count(1) from t2;
COUNT(1)
----------
90001
5.歸檔日志切換
為了區(qū)分每個(gè)日志的不同操作,這里對(duì)數(shù)據(jù)庫進(jìn)行手工歸檔切換,模擬現(xiàn)實(shí)中實(shí)際的歸檔切換。
--5.模擬歸檔日志切換
SQL> alter system archive log current;
System altered.
SQL> select * from v$log;
GROUP# THREAD# SEQUENCE# BYTES BLOCKSIZE MEMBERS ARC STATUS FIRST_CHANGE# FIRST_TIME NEXT_CHANGE# NEXT_TIME
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
1 1 31 52428800 512 2 YES ACTIVE 1572517 27-JUN-17 1574293 27-JUN-17
2 1 32 52428800 512 2 NO CURRENT 1574293 27-JUN-17 2.8147E+14
3 2 27 52428800 512 2 NO CURRENT 1574296 27-JUN-17 2.8147E+14
4 2 26 52428800 512 2 YES ACTIVE 1572521 27-JUN-17 1574296 27-JUN-17
6.業(yè)務(wù)用戶更新操作
模擬業(yè)務(wù)用戶jingyu更新T2表部分?jǐn)?shù)據(jù):
--6.業(yè)務(wù)用戶更新操作
SQL> update T2 SET contents = 'xxx' where id > 99998;
2 rows updated.
SQL> commit;
Commit complete.
7.歸檔日志切換
為了區(qū)分每個(gè)日志的不同操作,這里對(duì)數(shù)據(jù)庫進(jìn)行手工歸檔切換,模擬現(xiàn)實(shí)中實(shí)際的歸檔切換。
--7.模擬歸檔日志切換
SQL> alter system archive log current;
System altered.
SQL> select * from v$log;
GROUP# THREAD# SEQUENCE# BYTES BLOCKSIZE MEMBERS ARC STATUS FIRST_CHANGE# FIRST_TIME NEXT_CHANGE# NEXT_TIME
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
1 1 33 52428800 512 2 NO CURRENT 1575480 27-JUN-17 2.8147E+14
2 1 32 52428800 512 2 YES ACTIVE 1574293 27-JUN-17 1575480 27-JUN-17
3 2 27 52428800 512 2 YES ACTIVE 1574296 27-JUN-17 1575458 27-JUN-17
4 2 28 52428800 512 2 NO CURRENT 1575458 27-JUN-17 2.8147E+14
8.確認(rèn)需要分析的日志
確認(rèn)之后需要使用LogMiner分析的日志:
--8.確認(rèn)需要分析的日志
thread# 1 sequence# 30
thread# 2 sequence# 25
這部分日志肯定是有記錄插入操作
thread# 1 sequence# 31
thread# 2 sequence# 26
這部分日志肯定是有記錄刪除操作
thread# 1 sequence# 32
thread# 2 sequence# 27
這部分日志肯定是有記錄更新操作
9.備份歸檔日志
將相關(guān)的歸檔都copy備份出來:
--9. 將相關(guān)的歸檔都copy備份出來
RUN {
allocate channel dev1 device type disk format '/tmp/backup/arc_%h_%e_%t';
backup as copy archivelog sequence 30 thread 1;
backup as copy archivelog sequence 31 thread 1;
backup as copy archivelog sequence 32 thread 1;
backup as copy archivelog sequence 25 thread 2;
backup as copy archivelog sequence 26 thread 2;
backup as copy archivelog sequence 27 thread 2;
release channel dev1;
}
備份出來的歸檔日志文件如下:
[oracle@jyrac1 backup]$ ls -lrth
total 17M
-rw-r----- 1 oracle asmadmin 2.3M Jun 27 21:50 arc_1_30_947800247
-rw-r----- 1 oracle asmadmin 591K Jun 27 21:50 arc_1_31_947800249
-rw-r----- 1 oracle asmadmin 143K Jun 27 21:50 arc_1_32_947800250
-rw-r----- 1 oracle asmadmin 9.5M Jun 27 21:50 arc_2_25_947800251
-rw-r----- 1 oracle asmadmin 3.6M Jun 27 21:50 arc_2_26_947800253
-rw-r----- 1 oracle asmadmin 77K Jun 27 21:50 arc_2_27_947800254
10.使用LogMiner分析
使用LogMiner分析歸檔日志:
--使用LogMiner分析歸檔日志
--應(yīng)該有插入操作的日志
begin
dbms_logmnr.add_logfile('/tmp/backup/arc_1_30_947800247');
dbms_logmnr.add_logfile('/tmp/backup/arc_2_25_947800251');
dbms_logmnr.start_logmnr(Options=>dbms_logmnr.dict_from_online_catalog);
end;
/
--應(yīng)該有刪除操作的日志
begin
dbms_logmnr.add_logfile('/tmp/backup/arc_1_31_947800249');
dbms_logmnr.add_logfile('/tmp/backup/arc_2_26_947800253');
dbms_logmnr.start_logmnr(Options=>dbms_logmnr.dict_from_online_catalog);
end;
/
--應(yīng)該有更新操作的日志
begin
dbms_logmnr.add_logfile('/tmp/backup/arc_1_32_947800250');
dbms_logmnr.add_logfile('/tmp/backup/arc_2_27_947800254');
dbms_logmnr.start_logmnr(Options=>dbms_logmnr.dict_from_online_catalog);
end;
/
查詢v$logmnr_contents
set lines 180 pages 500
col username format a8
col sql_redo format a50
select username,scn,timestamp,sql_redo from v$logmnr_contents where table_name='T2';
select username,scn,timestamp,sql_redo from v$logmnr_contents where username='JINGYU';
select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like '%JINGYU%';
select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'insert%JINGYU%';
select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'delete%JINGYU%';
select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like 'update%JINGYU%';
實(shí)驗(yàn)發(fā)現(xiàn),以u(píng)sername為條件無法查詢到相關(guān)記錄,最終確認(rèn)username都是unknown而不是真正執(zhí)行語句的業(yè)務(wù)用戶jingyu。
而挖掘出的日志sql_redo這個(gè)字段是完整的SQL,可以采用like的方式查詢,比如我分析更新操作的日志,就可以得到下面這樣的結(jié)果:
SQL> --應(yīng)該有更新操作的日志
SQL> begin
2 dbms_logmnr.add_logfile('/tmp/backup/arc_1_32_947800250');
3 dbms_logmnr.add_logfile('/tmp/backup/arc_2_27_947800254');
4 dbms_logmnr.start_logmnr(Options=>dbms_logmnr.dict_from_online_catalog);
5 end;
6 /
PL/SQL procedure successfully completed.
SQL> select count(1) from v$logmnr_contents;
COUNT(1)
----------
388
SQL> select username,scn,timestamp,sql_redo from v$logmnr_contents where username='JINGYU';
no rows selected
SQL> select username,scn,timestamp,sql_redo from v$logmnr_contents where sql_redo like '%JINGYU%';
USERNAME SCN TIMESTAMP
------------------------------ ---------- ------------
SQL_REDO
--------------------------------------------------------------------------------
UNKNOWN 1575420 27-JUN-17
update "JINGYU"."T2" set "CONTENTS" = 'xxx' where "CONTENTS" = 'YSWGNNLCLMYWPSLQ
ETVLGQJRKQIEAMOEYUFNRUQULVFRVPEDRV' and ROWID = 'AAAVWVAAGAAAAHnABj';
UNKNOWN 1575420 27-JUN-17
update "JINGYU"."T2" set "CONTENTS" = 'xxx' where "CONTENTS" = 'WHCWFOZVLJWHFWLJ
DNVSMQTORGJFFXYADIOJZWJCDDOYXAOQJG' and ROWID = 'AAAVWVAAGAAAAOYAAE';
SQL>
至此,LogMiner基本的操作實(shí)驗(yàn)已完成。
附:與LogMiner有關(guān)的一些操作命令參考:
conn / as sysdba
--安裝LOGMINER
@$ORACLE_HOME/rdbms/admin/dbmslmd.sql;
@$ORACLE_HOME/rdbms/admin/dbmslm.sql;
@$ORACLE_HOME/rdbms/admin/dbmslms.sql;
@$ORACLE_HOME/rdbms/admin/prvtlm.plb;
--停止logmnr
exec dbms_logmnr.end_logmnr
--查詢附加日志開啟情況:
select supplemental_log_data_min, supplemental_log_data_pk, supplemental_log_data_ui from v$database;
--開啟附加日志
alter database add supplemental log data;
--取消補(bǔ)充日志
alter database drop supplemental log data (primary key) columns;
alter database drop supplemental log data (unique) columns;
alter database drop supplemental log data;
--最后一個(gè)即為新的歸檔
select name,dest_id,thread#,sequence# from v$archived_log;
最后確認(rèn)如果開啟了附加日志,username就可以捕獲到正確的值:
SQL> set lines 180
SQL> /
GROUP# THREAD# SEQUENCE# BYTES BLOCKSIZE MEMBERS ARC STATUS FIRST_CHANGE# FIRST_TIME NEXT_CHANGE# NEXT_TIME
---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- ------------ ------------ ------------
1 1 35 52428800 512 2 YES INACTIVE 1590589 27-JUN-17 1591935 27-JUN-17
2 1 36 52428800 512 2 NO CURRENT 1591935 27-JUN-17 2.8147E+14
3 2 29 52428800 512 2 YES INACTIVE 1590594 27-JUN-17 1591938 27-JUN-17
4 2 30 52428800 512 2 NO CURRENT 1591938 27-JUN-17 2.8147E+14
1,36
2,30
SQL> update t2 set contents =
2 'aaa' where id = 44449;
1 row updated.
SQL> commit;
Commit complete.
RUN {
allocate channel dev1 device type disk format '/tmp/backup/arc_%h_%e_%t';
backup as copy archivelog sequence 36 thread 1;
backup as copy archivelog sequence 30 thread 2;
release channel dev1;
}
begin
dbms_logmnr.add_logfile('/tmp/backup/arc_1_36_947808116');
dbms_logmnr.add_logfile('/tmp/backup/arc_2_30_947808118');
dbms_logmnr.start_logmnr(Options=>dbms_logmnr.dict_from_online_catalog);
end;
/
SQL> select username,scn,timestamp,sql_redo from v$logmnr_contents where username='JINGYU';
USERNAME SCN TIMESTAMP
------------------------------ ---------- ------------
SQL_REDO
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
JINGYU 1593448 27-JUN-17
set transaction read write;
JINGYU 1593448 27-JUN-17
update "JINGYU"."T2" set "CONTENTS" = 'aaa' where "CONTENTS" = 'WZTSQZWYOCNDFKSMNJQLOLFUBRDOHCBMKXBHAPJSHCMWBYZJVH' and ROWID = 'AAAVWVAAGAAAACLAAL';
JINGYU 1593450 27-JUN-17
commit;
可以看到,開啟了附加日志,就可以正常顯示username的信息了。
總結(jié)
以上就是這篇文章的全部內(nèi)容了,希望本文的內(nèi)容對(duì)大家的學(xué)習(xí)或者工作能帶來一定的幫助,如果有疑問大家可以留言交流,謝謝大家對(duì)腳本之家的支持。
您可能感興趣的文章:- Oracle通過LogMiner實(shí)現(xiàn)數(shù)據(jù)同步遷移
- Oracle 日志挖掘(LogMiner)使用詳解
- 理解和使用Oracle 8i分析工具LogMiner
- 通過LogMiner實(shí)現(xiàn)Oracle數(shù)據(jù)庫同步遷移