Oracle 日志挖掘(LogMiner)使用
Logminer依赖于2个包:DBMS_LOGMNR和DBMS_LOGMNR_D,Oracle 11g默认已安装
Logminer 基本使用步骤
<1>. Specify a LogMiner dictionary. 指定Logminer字典
<2>. Specify a list of redo log files for analysis. 指定需要挖掘的redo或者archivelog日志文件
<3>. Start LogMiner. 开始日志挖掘
<4>. Request the redo data of interest. 查询V$LOGMNR_CONTENTS获取挖掘的结果
<5>. End the LogMiner session. 结束日志挖掘
日志挖掘使用示例:
1.开启补全日志:
SQL> ALTER DATABASE ADD SUPPLEMENTAL LOG DATA;
2.找出需要挖掘的归档日志文件路径
SQL> SELECT NAME FROM V$ARCHIVED_LOGWHERE FIRST_TIME between to_date('2018-07-06 08:20:00','yyyy-mm-dd hh24:mi:ss') and to_date('2018-07-06 09:40:00','yyyy-mm-dd hh24:mi:ss') order by 1;
NAME
--------------------------------------------------------------------------------
/u01/app/archive/1_342433_904747849.dbf
/u01/app/archive/1_342434_904747849.dbf
/u01/app/archive/1_342435_904747849.dbf
3.指定Logminer字典 (三选一)
Oracle 11g 指定Logminer字典有三种方法
1.Using the Online Catalog 使用在线目录
2.Extracting a LogMiner Dictionary to the Redo Log Files 抽取字典到redo日志文件中
3.Extracting the LogMiner Dictionary to a Flat File 抽取字典到平面文件中(需要设置UTL_FILE_DIR参数,重启数据库,不推荐)
EXECUTE DBMS_LOGMNR.START_LOGMNR(OPTIONS => DBMS_LOGMNR.DICT_FROM_ONLINE_CATALOG);
OR
EXECUTE DBMS_LOGMNR_D.BUILD( OPTIONS=> DBMS_LOGMNR_D.STORE_IN_REDO_LOGS);
OR
EXECUTE DBMS_LOGMNR_D.BUILD('dictionary.ora', '/oracle/database/', DBMS_LOGMNR_D.STORE_IN_FLAT_FILE);
4.Logminer中添加归档日志文件
EXECUTE DBMS_LOGMNR.ADD_LOGFILE( LOGFILENAME => '/u01/app/archive/1_342433_904747849.dbf', OPTIONS => DBMS_LOGMNR.NEW);
继续添加日志:
EXECUTE DBMS_LOGMNR.ADD_LOGFILE( LOGFILENAME => '/u01/app/archive/1_342434_904747849.dbf', OPTIONS => DBMS_LOGMNR.ADDFILE);
EXECUTE DBMS_LOGMNR.ADD_LOGFILE( LOGFILENAME => '/u01/app/archive/1_342435_904747849.dbf', OPTIONS => DBMS_LOGMNR.ADDFILE);
查看添加的日志列表:
select filename from V$LOGMNR_LOGS;
5.开始日志挖掘 (三选一,与步骤3对应)
EXECUTE DBMS_LOGMNR.START_LOGMNR(OPTIONS => DBMS_LOGMNR.DICT_FROM_ONLINE_CATALOG);
OR
EXECUTE DBMS_LOGMNR.START_LOGMNR(OPTIONS => DBMS_LOGMNR.DICT_FROM_REDO_LOGS );
OR
EXECUTE DBMS_LOGMNR.START_LOGMNR(DICTFILENAME =>'/oracle/database/dictionary.ora');
6.获取挖掘结果
SELECT username AS USR, (XIDUSN || '.' || XIDSLT || '.' || XIDSQN) AS XID,
SQL_REDO, SQL_UNDO FROM V$LOGMNR_CONTENTS WHERE username IN ('HR', 'OE');
把挖取结果保存到指定表格中: create table logtab as select * from v$logmnr_contents;
7.结束日志挖掘
EXECUTE DBMS_LOGMNR.END_LOGMNR;