代码改变世界

监听服务管理

2012-12-19 19:02  潇湘隐者  阅读(9276)  评论(1编辑  收藏  举报

如果你想管理(启动、关闭等)ORACLE数据库的监听服务,在Windows/Linux平台,你都可以通过lsnrctl命令来实现,下面

我们主要讲一下如何用lsnrctl命令来管理监听服务(我在两台数据库(不同平台、不同版本)分别操作,暂且叫为服务器A、

服务器B):

1:查看服务监听命令的详细帮助信息

服务器A:Red Hat Enterprise Linux Server release 6.0 (Santiago) ORACLE 10

[oracle@DB-Server ~]$ lsnrctl

LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 04-JUL-2012 12:10:13

Copyright (c) 1991, 2005, Oracle. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> help

The following operations are available

An asterisk (*) denotes a modifier or extended command:

start stop status

services version reload

save_config trace spawn

change_password quit exit

set* show*

服务器B:WINDOW平台 ORACLE 11

LSNRCTL> help

以下操作可用

星号 (*) 表示修改符或扩展命令:

start stop status

services version reload

save_config trace change_password

quit exit set*

show*

对比10g与11g,可以发现11g少了spawn命令

参数

参数功能描述

start

启动指定的监听服务:start [<listener_name>] : start listener

stop

停止指定的监听服务:stop [<listener_name>] : stop listener

status

查看指定的监听服务状态:status [<listener_name>] : get the status of listener

services

列举出服务的一个汇总表及为每个协议服务处理程序所建立和拒绝的连接信息个数

:service [<listener_name>] : get the service information of the listener

version

查看监听服务版本信息:version [<listener_name>] : get the version information of the listener

reload

重启监听服务:reload [<listener_name>] : reload the parameter files and SIDs

save_config

保存修改监听配置的信息到参数文件:save_config [<listener_name>]: saves configuration changes to parameter file

trace

打开监听器的跟踪特性:trace OFF | USER | ADMIN | SUPPORT [<listener_name>] : set tracing to the specified level

spawn

产生一个以listener.ora文件中的别名运行的程序:

spawn [<listener_name>] <spawn_alias> [<(ARGUMENTS='arg0, arg1,...')>]

change_password

修改关闭监听服务的秘密:change_password [<listener_name>]: changes the password of the listener

quit

退出tnsrctl命令:quit | exit : exit LSNRCTL

exit

退出tnsrctl命令:quit | exit : exit LSNRCTL

set

设置监听服务的配置

show

显示一些参数配置信息

2:启动指定的监听服务

服务器A:

LSNRCTL> start LISTENER

Starting /database/product/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 10.2.0.1.0 - Production

System parameter file is /database/product/dbhome_1/network/admin/listener.ora

Log messages written to /database/product/dbhome_1/network/log/listener.log

Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))

Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=DB-Server)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

STATUS of the LISTENER

------------------------

Alias LISTENER

Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production

Start Date 05-JUL-2012 10:38:14

Uptime 0 days 0 hr. 0 min. 0 sec

Trace Level off

Security ON: Local OS Authentication

SNMP OFF

Listener Parameter File /database/product/dbhome_1/network/admin/listener.ora

Listener Log File /database/product/dbhome_1/network/log/listener.log

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=DB-Server)(PORT=1521)))

Services Summary...

Service "PLSExtProc" has 1 instance(s).

Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...

Service "WGODS" has 1 instance(s).

Instance "WGODS", status UNKNOWN, has 1 handler(s) for this service...

The command completed successfully

服务器B:

LSNRCTL> start LISTENER

启动tnslsnr: 请稍候...

TNSLSNR for 32-bit Windows: Version 11.2.0.1.0 - Production

系统参数文件为E:\app\kerry\product\11.2.0\dbhome_1\network\admin\listener.ora

写入e:\app\kerry\diag\tnslsnr\kerry-PC\listener\alert\log.xml的日志信息

监听: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))

LISTENER 的 STATUS

------------------------

别名 LISTENER

版本 TNSLSNR for 32-bit Windows: Version 11.2.0.1.0 - Production

启动日期 05-7月 -2012 10:37:49

正常运行时间 0 天 0 小时 0 分 5 秒

跟踪级别 off

安全性 ON: Local OS Authentication

SNMP OFF

监听程序参数文件 E:\app\kerry\product\11.2.0\dbhome_1\network\admin\listener.ora

监听程序日志文件 e:\app\kerry\diag\tnslsnr\kerry-PC\listener\alert\log.xml

监听端点概要...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))

服务摘要..

服务 "CLRExtProc" 包含 1 个实例。

实例 "CLRExtProc", 状态 UNKNOWN, 包含此服务的 1 个处理程序...

服务 "orcl.20.32.106" 包含 1 个实例。

实例 "ORCL", 状态 UNKNOWN, 包含此服务的 1 个处理程序...

命令执行成功

LSNRCTL> top

NL-00853: 未定义的 命令 "top"。请尝试 "help"

3:停止监听服务

服务器A:

LSNRCTL> stop

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

The command completed successfully

服务器B:

LSNRCTL> stop

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))

命令执行成功

4:查看监听服务状态

服务器A:

clip_image001[4]

服务器B:

clip_image002[4]

clip_image003[4]

5:查看监听服务版本

服务器A:

LSNRCTL> version

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=DB-Server)(PORT=1521))

TNSLSNR for Linux: Version 10.2.0.1.0 - Production

TNS for Linux: Version 10.2.0.1.0 - Production

Unix Domain Socket IPC NT Protocol Adaptor for Linux: Version 10.2.0.1.0 - Production

Oracle Bequeath NT Protocol Adapter for Linux: Version 10.2.0.1.0 - Production

TCP/IP NT Protocol Adapter for Linux: Version 10.2.0.1.0 - Production,,

The command completed successfully

服务器B:

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))

TNSLSNR for 32-bit Windows: Version 11.2.0.1.0 - Production

TNS for 32-bit Windows: Version 11.2.0.1.0 - Production

Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 11.2.0.1.0 - Production

Windows NT Named Pipes NT Protocol Adapter for 32-bit Windows: Version 11.2.0.1.0 - Production

Windows NT TCP/IP NT Protocol Adapter for 32-bit Windows: Version 11.2.0.1.0 - Production,,

命令执行成功

6:查看监听服务信息

服务器A:

LSNRCTL> service

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

Services Summary...

Service "PLSExtProc" has 1 instance(s).

Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...

Handler(s):

"DEDICATED" established:0 refused:0

LOCAL SERVER

Service "WGODS" has 2 instance(s).

Instance "WGODS", status UNKNOWN, has 1 handler(s) for this service...

Handler(s):

"DEDICATED" established:0 refused:0

LOCAL SERVER

Instance "wgods", status READY, has 1 handler(s) for this service...

Handler(s):

"DEDICATED" established:1 refused:0 state:ready

LOCAL SERVER

Service "wgodsXDB" has 1 instance(s).

Instance "wgods", status READY, has 1 handler(s) for this service...

Handler(s):

"D000" established:0 refused:0 current:0 max:1022 state:ready

DISPATCHER <machine: DB-Server, pid: 31049>

(ADDRESS=(PROTOCOL=tcp)(HOST=DB-Server)(PORT=34792))

Service "wgods_XPT" has 1 instance(s).

Instance "wgods", status READY, has 1 handler(s) for this service...

Handler(s):

"DEDICATED" established:1 refused:0 state:ready

LOCAL SERVER

The command completed successfully

服务器B:

LSNRCTL> services

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))

服务摘要..

服务 "CLRExtProc" 包含 1 个实例。

实例 "CLRExtProc", 状态 UNKNOWN, 包含此服务的 1 个处理程序...

处理程序:

"DEDICATED" 已建立:0 已被拒绝:0

LOCAL SERVER

服务 "orcl.20.32.106" 包含 1 个实例。

实例 "ORCL", 状态 UNKNOWN, 包含此服务的 1 个处理程序...

处理程序:

"DEDICATED" 已建立:0 已被拒绝:0

LOCAL SERVER

命令执行成功

7:重启监听服务:此命令可以替代lsnrctl stop 和lsnrctl start,此命令可以在不用关闭监听服务命令的情况下,重新

读取listener.ora的配置,适合在修改监听服务文件后使用。

服务器A:

LSNRCTL> reload

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

The command completed successfully

服务器B:

LSNRCTL> reload

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))

命令执行成功

8:修改、设置监听服务密码

如果没有设置监听服务密码,则默认口令为空.

LSNRCTL> change_password

Old password:

New password: ******

Reenter new password: ******

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))

LISTENER的口令已更改

命令执行成功

LSNRCTL> change_password

Old password:

New password:

Reenter new password:

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

Password changed for LISTENER

The command completed successfully

LSNRCTL> set password

Password:

The command completed successfully

LSNRCTL> save_config

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

Saved LISTENER configuration parameters.

Listener Parameter File /database/product/dbhome_1/network/admin/listener.ora

Old Parameter File /database/product/dbhome_1/network/admin/listener.bak

The command completed successfully

此时,你检查listener.ora,你会发现文件里面多了下面加密的密码

clip_image004[4]

将该项删除后,保存listener.ora文件,即可取消lsnrctl的加密密码;

#----ADDED BY TNSLSNR 18-DEC-2012 17:28:17---

PASSWORDS_LISTENER = 1BAF8FABBD6810D3

#--------------------------------------------

这个设置在ORACLE 9i版本中有效,在10g版本中,即使设置密码后,依然可以不用输入密码停止监听服务,因为In Oracle 10, the TNSListener is secure out of the box and there should not be a need to set a listener password as in older versions of the Oracle listener.

Oracle10g以后,设置Listener密码已经不是安全检查的必要条件了,因为默认在10g里面除了启动监听的用户之外,其它用户都无法停止Listener(还有另外一些lsnrctl的命令也同样被禁止了,比如trace, reload等),即使Listener没有设置密码。在默认情况下,启动Listener或者使用lsnrctl status命令查看监听状态,可以看到:Security ON: Password OR Local OS Authentication这表明Listener的安全机制使用了Password方式或者Local OS Authentication方式,在这种状态下,即使是设置了监听密码,对于启动监听的user来说,也仍然是不需要任何密码就可以停止监听的。

如果想去除这种安全机制,你可以在listener.ora下加上LOCAL_OS_AUTHENTICATION_[listener name]=OFF

[oracle@DB-Server admin]$ vi listener.ora

SID_LIST_LISTENER =

(SID_LIST =

(SID_DESC =

(SID_NAME = PLSExtProc)

(ORACLE_HOME = /database/product/dbhome_1)

(PROGRAM = extproc)

)

(SID_DESC =

(SID_NAME = WGODS)

(ORACLE_HOME = /database/product/dbhome_1)

(SID_NAME = wgods)

)

)

LISTENER =

(DESCRIPTION_LIST =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))

(ADDRESS = (PROTOCOL = TCP)(HOST = DB-Server)(PORT = 1521))

)

)

LOCAL_OS_AUTHENTICATION_LISTENER=OFF

#----ADDED BY TNSLSNR 18-DEC-2012 17:28:17---

PASSWORDS_LISTENER = 1BAF8FABBD6810D3

"listener.ora" 33L, 779C written

[oracle@DB-Server admin]$ lsnrctl

LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 19-DEC-2012 18:40:19

Copyright (c) 1991, 2005, Oracle. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> reload

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

The command completed successfully

LSNRCTL> stop

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

TNS-01169: The listener has not recognized the password

LSNRCTL> set password --输入密码,停止监听服务

Password:

The command completed successfully

LSNRCTL> stop

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))

The command completed successfully

9:set命令配置

参数

描叙

set password

 

set rawmode

设置rawmode

set displaymode

把lsnrctl工具的显示模式设置成RAW、COMPACT、NORMAL或VERBOSE

set trc_file

设置监听跟踪文件的名称

set trc_directory

设置监听器跟踪目录的名称

set trc_level

把跟踪级别设置为OFF、USER、ADMIN、SUPPORT模式

set log_file

显示或设置日志文件

set log_directory

设置日志目录位置

set log_status

设置是否为该监听器打开日志特性

set current_listener

设置当前监听器为指定监听器

set inbound_connect_timeout

设置参数指定的时间,在几秒钟内为客户完成网络连接已经建立后,其连接请求的监听

set startup_waittime

设置监听器等待响应lsnrctl 命令行工具中的一条STATUS命令的时间长度

set save_config_on_stop

在退出lsnrctl工具时保存对listener.ora文件的修改

set dynamic_registration

使用的DYNAMIC_REGISTRATION_listener_name的参数启用或禁用动态注册。当设置为on,听者接受动态登记;设置为关闭时,听者拒绝动态注册。静态注册不受影响

set enable_global_dynamic_endpoint

 

LSNRCTL> set

The following operations are available after set

An asterisk (*) denotes a modifier or extended command:

password rawmode

displaymode trc_file

trc_directory trc_level

log_file log_directory

log_status current_listener

inbound_connect_timeout startup_waittime

save_config_on_stop

LSNRCTL> help set password

set password : set the password for subsequent calls

LSNRCTL> help set current_listener

set|show current_listener [<listener_name>]: sets|shows current listener

9:保存配置信息:修改一些配置后,可以通过save_config保存到配置文件

LSNRCTL> save_config

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))

保存的LISTENER配置参数。

监听程序参数文件 E:\app\kerry\product\11.2.0\dbhome_1\network\admin\listener.ora

旧的参数文件E:\app\kerry\product\11.2.0\dbhome_1\network\admin\listener.bak

命令执行成功

LSNRCTL>

10:设置监听级别

11:spawn

12:退出监听服务器命令

LSNRCTL> exit

LSNRCTL> quit

13: 显示一些参数配置信息

参数

描叙

show rawmode

显示原始模式信息:显示关于STATUS和SERVICES的较详细信息(当它们被设置成ON时)。值:ON或OFF

show displaymode

显示模式信息

show rules

显示过滤规则信息

show trc_file

显示跟踪文件信息

show trc_directory

显示跟踪文件目录信息

show trc_level

显示跟踪级别

show log_file

查看日志文件信息

show log_direcotory

显示日志文件目录信息

show log_status

显示日志状态

show current_listener

显示当前监听服务名称

show inbound_connect_timeout

显示参数指定的时间,在几秒钟内为客户完成网络连接已经建立后,其连接请求的监听,

show startup_waitetime

显示监听器等待响应lsnrctl 命令行工具中的一条STATUS命令的时间长度

show snmp_visible

 

show save_config_on_stop

显示退出lsnrctl工具时是否保存对listener.ora文件的修改

show dynamic_registration

显示是否启用或禁用动态注册

show enable_global_dynamic_endpoint

 

show oracle_home

显示ORACLE主目录信息

show pid

显示ORACLE监听进程ID

clip_image005[4]

参考资料:

http://www.eygle.com/archives/2007/11/listener_security.html