1.日志挖掘
1.1补充日志命令(日志中有了rowid)
alter databaseadd supplemental logdata;
1.2基于DML的日志挖掘
例子:SCOTT下UPDATE某记录,我想挖掘出这个操作的时间以及SCN,如
update emp set sal=9000;
步骤:
1.2.1查看当前redo日志
col member for a40
select v1.group#,v1.sequence#,v1.first_change#,v1.status,v2.member
from v$log v1,v$logfile v2
where v1.group#=v2.group#
order by 1;
结果:
GROUP# SEQUENCE# FIRST_CHANGE# STATUS MEMBER
-------------------- ------------- ---------------- ----------------------------------------
1 7 1346456 CURRENT /u01/oradata/mike/redo01.log
1 7 1346456 CURRENT /u01/oradata/mike/redo01b.log
2 5 1346098 INACTIVE /u01/oradata/mike/redo02b.log
2 5 1346098 INACTIVE /u01/oradata/mike/redo02.log
3 6 1346283 INACTIVE /u01/oradata/mike/redo03b.log
3 6 1346283 INACTIVE /u01/oradata/mike/redo03.log
6 rows selected.
1.2.2使用当前日志建立分析列表
Exec sys.dbms_logmnr.add_logfile(logfilename=>'/u01/oradata/mike/redo01.log');
1.2.3使用数据字典进行日志分析
如果没有数据字典,使用dbms_logmnr.dict_from_online_catalog选项参数,意思是从指定的dbms_logmnr.add_logfile或重做日志中找到数据字典。
exec sys.dbms_logmnr.start_logmnr(options=>sys.dbms_logmnr.dict_from_online_catalog);
1.2.4查看分析结果
select scn,to_char(timestamp,'yyyy-mm-dd hh24:mi:ss'),sql_redo,sql_undo
from v$logmnr_contents
where seg_name='EMP'and seg_owner='SCOTT';
结果:
---------- -------------------
SQL_REDO
----------------------------------------------------------------------------------------------------
SQL_UNDO
----------------------------------------------------------------------------------------------------
1352504 2013-06-20 11:26:38
update "SCOTT"."EMP"set "SAL"= '9000'where "SAL"= '2800'and ROWID= 'AAASb2AAEAAAACXAAA';
update "SCOTT"."EMP"set "SAL"= '2800'where "SAL"= '9000'and ROWID= 'AAASb2AAEAAAACXAAA';
1352504 2013-06-20 11:26:38
update "SCOTT"."EMP"set "SAL"= '9000'where "SAL"= '2800'and ROWID= 'AAASb2AAEAAAACXAAB';
update "SCOTT"."EMP"set "SAL"= '2800'where "SAL"= '9000'and ROWID= 'AAASb2AAEAAAACX………
1.2.5结束logmnr
exec dbms_logmnr.end_logmnr;
1.3基于DDL的日志挖掘
1.3.1数据字典在归档日志中
1.3.1.1将数据字典归档到日志
execute dbms_logmnr_d.build(options=>dbms_logmnr_d.store_in_redo_logs);
1.3.1.2做DDL操作
SCOTT用户下删除表test;
drop table test;
1.3.1.3查看redo日志和archive日志
select group#,sequence#,statusfrom v$log;
结果:
GROUP# SEQUENCE# STATUS
-------------------- ----------------
1 13 INACTIVE
2 14 CURRENT
3 12 INACTIVE
select name,dictionary_begin,dictionary_endfrom v$archived_log;
结果:
NAME DIC DIC
----------------------------------------------------------------------------------- ---
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_3_8w4proqh_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_4_8w4psx1j_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_5_8w4q3sol_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_6_8w4qc0yo_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_7_8w564nnh_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_8_8w56c7gz_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_9_8w56d13f_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_10_8w56mrcn_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_11_8w5bskbb_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_12_8w5bstfx_.arc YES YES
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_13_8w5byo0v_.arc NO NO
11 rows selected.
发现有一个归档日志中dictionary_begin和dictionary_end是YES,所以数据字典的信息在这个归档日志中,一会要加入分析队列。
1.3.1.4使用日志建立分析列表
首先把当前的redo文件加入分析列表:
execute dbms_logmnr.add_logfile(logfilename=>'/u01/oradata/mike/redo02.log',options=>dbms_logmnr.new);
然后把包含数据字典信息的归档日志也加进去:
execute dbms_logmnr.add_logfile(logfilename=>'/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_12_8w5bstfx_.arc',options=>dbms_logmnr.addfile);
1.3.1.5使用数据字典进行分析
execute sys.dbms_logmnr.start_logmnr(options=>sys.dbms_logmnr.dict_from_online_catalog);
1.3.1.6查看分析结果
selectscn,to_char(timestamp,'yyyy-mm-dd hh24:mi:ss'),sql_redo from v$logmnr_contents
where seg_name='TEST' andseg_owner='SCOTT';
结果:
SCN TO_CHAR(TIMESTAMP,'
-----------------------------
SQL_REDO
----------------------------------------------------------------------------------------------------
1384524 2013-06-20 15:14:59
ALTER TABLE"SCOTT"."TEST" RENAME TO"BIN$35G0QjKlCuLgRAgAJ3D0FA==$0" ;
1384527 2013-06-20 15:14:59
drop table test AS"BIN$35G0QjKlCuLgRAgAJ3D0FA==$0" ;
1.3.1.7结束logmnr
execdbms_logmnr.end_logmnr;
1.3.2数据字典在utl_file_dir中
1.3.2.1设置utl_file_dir
show parameter utl_file_dir
若为空,则设置一下值:
alter systemset utl_file_dir='/u01/logmnr'scope=spfile;
重启实例:
startup force
再次查看show parameter utl_file_dir
1.3.2.2创建数据字典到指定目录
execute dbms_logmnr_d.build(dictionary_filename=>'newdict.ora',dictionary_location=> '/u01/logmnr');
1.3.2.3查看当前redo日志和archive日志
select group#,sequence#,first_change#,statusfrom v$log;
结果:
GROUP# SEQUENCE# FIRST_CHANGE# STATUS
-------------------- ------------- ----------------
1 16 1389548 CURRENT
2 14 1384482 ACTIVE
3 15 1389541 ACTIVE
select name,dictionary_begin,dictionary_endfrom v$archived_log;
结果:
NAME DIC DIC
----------------------------------------------------------------------------------- ---
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_3_8w4proqh_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_4_8w4psx1j_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_5_8w4q3sol_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_6_8w4qc0yo_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_7_8w564nnh_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_8_8w56c7gz_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_9_8w56d13f_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_10_8w56mrcn_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_11_8w5bskbb_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_12_8w5bstfx_.arc YES YES
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_13_8w5byo0v_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_14_8w5klf20_.arc NO NO
/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_15_8w5klxm9_.arc NO NO
13 rows selected.
1.3.2.4做DDL操作
SCOTT用户下删除一个表
drop table test;
1.3.2.5将使用日志建立分析列表
因为在Drop一个表之前,我已经把数据字典信息写入到了/u01/logmnr/newdict.ora中,所以此时我只要将当前日志和几个归档日志加入分析列表即可。
execute dbms_logmnr.add_logfile(logfilename=>'/u01/oradata/mike/redo01.log',options=>dbms_logmnr.new);
execute dbms_logmnr.add_logfile(logfilename=>'/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_15_8w5klxm9_.arc',options=>dbms_logmnr.addfile);
execute dbms_logmnr.add_logfile(logfilename=>'/u01/fast_recovery_area/MIKE/archivelog/2013_06_20/o1_mf_1_14_8w5klf20_.arc',options=>dbms_logmnr.addfile);
1.3.2.6使用数据字典进行分析
execute dbms_logmnr.start_logmnr(dictfilename=>'/u01/logmnr/newdict.ora');
1.3.2.6查询查看分析结果
select scn,to_char(timestamp,'yyyy-mm-dd hh24:mi:ss'),sql_redo from v$logmnr_contents
where seg_name='TEST'and seg_owner='SCOTT';
结果:
SCN TO_CHAR(TIMESTAMP,'
-----------------------------
SQL_REDO
----------------------------------------------------------------------------------------------------
1384524 2013-06-20 15:14:59
ALTER TABLE"SCOTT"."TEST" RENAME TO"BIN$35G0QjKlCuLgRAgAJ3D0FA==$0" ;
1384527 2013-06-20 15:14:59
drop table test AS"BIN$35G0QjKlCuLgRAgAJ3D0FA==$0" ;
1389502 2013-06-20 17:06:50
create table test(id int) tablespace stu;
1389516 2013-06-20 17:07:00
insert into"SCOTT"."TEST"("ID") values ('99');
1389980 2013-06-20 17:18:56
ALTER TABLE"SCOTT"."TEST" RENAME TO"BIN$35G0QjKmCuLgRAgAJ3D0FA==$0" ;
1389982 2013-06-20 17:18:56
drop table test AS"BIN$35G0QjKmCuLgRAgAJ3D0FA==$0" ;
6 rows selected.
1.3.2.7结束logmnr
execdbms_logmnr.end_logmnr;
1.4日志挖掘总结
show parameter utl
alter system set utl_file_dir='/u01/logmnr'scope=spfile;(设置参数并重启实例)
startup force
execute dbms_logmnr_d.build(options=>dbms_logmnr_d.store_in_redo_logs);(数据字典信息归档到日志)
executedbms_logmnr_d.build('dict.ora','/u01/logmnr',options=>dbms_logmnr_d.store_in_flat_file);(数据字典信息归档到指定目录)
executedbms_logmnr_d.build(dictionary_filename => 'mcdict.ora',dictionary_location=> '/u01/logmnr');(创建数据字典到指定目录)
executedbms_logmnr.add_logfile(logfilename=>'',options=>dbms_logmnr.new);(将日志加入分析列表)
executedbms_logmnr.add_logfile(logfilename=>'',options=>dbms_logmnr.addfile);
executedbms_logmnr.start_logmnr(dictfilename=>'/u01/logmnr/dict.ora');(使用指定路径的数据字典分析)
executesys.dbms_logmnr.start_logmnr(options=>sys.dbms_logmnr.dict_from_online_catalog);(使用日志中的数据字典分析)
select xxx from v$logmnr_contents wherexxx;(查询挖掘后的信息)
exec dbms_logmnr.end_logmnr;(结束挖掘)