Shell: extract more from listener.log (分析oracle监听日志)
最近遇到了两起数据库连接数不足的问题, 通常都会预留一些会话增加的情况, 但在一些特殊情况下如连接风暴(logon storm), 如果在监听中没有做rate限流,对数据库来说巨大的冲击可能会导致数据库Hang 或 ora-20 或ora-18 错误。 对于Hang并伴有进程数不足的情况,AWR、ASH 都可能无法升成,甚至数据库都无法登录或做SSD 都不成功, 这时候LISTENER.LOG 就成了“破案”时关键的线索。 下面记录分享一些分析listener.log的一些脚本.(Note:在不同UNIX下可能稍有变化)
统计一天内每小时的session请求数
# fgrep "13-JAN-2015 " anbob_listener.log |fgrep "establish" |awk '{print $1 " " $2}' |awk -F: '{print $1 }' |sort |uniq -c|sort -n 2978 13-JAN-2015 00 2883 13-JAN-2015 01 3025 13-JAN-2015 02 2181 13-JAN-2015 03 2131 13-JAN-2015 04 2269 13-JAN-2015 05 1843 13-JAN-2015 06 2133 13-JAN-2015 07 3195 13-JAN-2015 08 4446 13-JAN-2015 09 4849 13-JAN-2015 10 4527 13-JAN-2015 11 3527 13-JAN-2015 12 3507 13-JAN-2015 13 4005 13-JAN-2015 14 4256 13-JAN-2015 15 4523 13-JAN-2015 16 4566 13-JAN-2015 17 5288 13-JAN-2015 18 4921 13-JAN-2015 19 4020 13-JAN-2015 20 3315 13-JAN-2015 21 2418 13-JAN-2015 22 2227 13-JAN-2015 23
指定的一小时每分钟session请求数
# fgrep "13-JAN-2015 11:" anbob_listener.log |fgrep "establish" |awk '{print $1 " " $2}' |awk -F: '{print $1 ":" $2 }' |sort |uniq -c|sort -n 94 13-JAN-2015 11:00 44 13-JAN-2015 11:01 80 13-JAN-2015 11:02 119 13-JAN-2015 11:03 56 13-JAN-2015 11:04 127 13-JAN-2015 11:05 68 13-JAN-2015 11:06 66 13-JAN-2015 11:07 58 13-JAN-2015 11:08 67 13-JAN-2015 11:09 103 13-JAN-2015 11:10 53 13-JAN-2015 11:11 88 13-JAN-2015 11:12 ...
指定的一小时每秒session请求数
# fgrep "13-JAN-2015 11:30" anbob_listener.log |fgrep "establish" |awk '{print $1 " " $2}' |awk -F: '{print $1 ":" $2 ":" $3 }' |sort |uniq -c|sort -n 7 13-JAN-2015 11:30:00 3 13-JAN-2015 11:30:01 4 13-JAN-2015 11:30:02 4 13-JAN-2015 11:30:03 7 13-JAN-2015 11:30:04 2 13-JAN-2015 11:30:05 1 13-JAN-2015 11:30:06 8 13-JAN-2015 11:30:08 2 13-JAN-2015 11:30:09 3 13-JAN-2015 11:30:10 1 13-JAN-2015 11:30:11 ...
指定的一小时内每分钟连接创建失败数
#fgrep "11-JAN-2015 11:" anbob_listener.log |awk '{ if ( $NF != 0 ) print $0 }'|awk '{print $1 " " $2}' |awk -F: '{print $1 ":" $2 }' |sort |uniq -c|sort -n 474 11-JAN-2015 11:38 10 11-JAN-2015 11:39
指定的一小时内每IP请求数
#fgrep "11-JAN-2015 11:" anbob_listener.log|fgrep "establish"|awk -F* '{print $3}'|awk -F= '{ print $4}'|sed -e 's/......$//g'|sort |uniq -c|sort -n 1 136.142.26.139 2 136.142.10.212 2 136.142.21.171 8 136.142.21.172 13 136.142.26.133 13 136.142.29.17 14 136.142.29.20 18 136.142.26.35 23 136.142.29.29 ...
指定的分钟内每IP请求数
#fgrep "11-JAN-2015 11:30" anbob_listener.log|fgrep "establish"|awk -F* '{print $3}'|awk -F= '{ print $4}'|sed -e 's/......$//g'|sort |uniq -c|sort -n 1 136.142.26.35 1 136.142.29.149 1 136.142.29.156 1 136.142.29.17 2 136.142.30.189 3 136.142.26.133 4 136.142.26.136 4 136.142.29.157 7 136.142.29.20 9 136.142.29.22 10 136.142.26.34 ...
全天每小时每个IP请求数
fgrep "09-JAN-2015 " anbob_listener.log|fgrep "establish"|awk -F* '{print $1 " " $3}'|awk -F= '{ print $1 " " $4}'|sed -e 's/......$//g'| awk '{print $1 " " $2 " " $4}'|cut -b-14,21- |sort |uniq -c 1 09-JAN-2015 01 136.142.21.172 66 09-JAN-2015 01 136.142.21.85 11 09-JAN-2015 01 136.142.26.131 5 09-JAN-2015 01 136.142.26.133 21 09-JAN-2015 01 136.142.26.136 5113 09-JAN-2015 01 136.142.26.24 49 09-JAN-2015 01 136.142.26.34 6 09-JAN-2015 01 136.142.29.141 28 09-JAN-2015 01 136.142.29.148 49 09-JAN-2015 01 136.142.29.149 85 09-JAN-2015 01 136.142.29.150 2 09-JAN-2015 01 136.142.29.151 6 09-JAN-2015 01 136.142.29.156 6 09-JAN-2015 01 136.142.29.157 2 09-JAN-2015 01 136.142.29.162 58 09-JAN-2015 01 136.142.29.164 4 09-JAN-2015 01 136.142.29.17 4 09-JAN-2015 01 136.142.29.184 207 09-JAN-2015 01 136.142.29.192
指定时间指定主机上不同主机USER的请求统计
$ fgrep "04-JUL-2018 15:" listener.log|fgrep "
133.96.65.45" | awk -F= '$11 ~ /USER/ {print $12 }' | sed 's/).*$//'|sort|uniq -c|sort -n 10815 taskmon
指定时间指定条件的PROGRAM的请求统计
$ fgrep "01-NOV-2018 " listener.log|sed 's/^.*PROGRAM//;s/).*$//;s/^.*:...\*//;s/).*$//;s/\*.*$//'|sort|uniq -c|sort -n 1 sqlldr@kinjk3 2789 sqlplus 8025 sqlplus@kinjk3
Note:
PROGRAM=oracle的可能是DBLINK,有些使用sid连接的的可能program为空如hpux下面这条记录:
# hpux 01-NOV-2018 00:00:06 * (CONNECT_DATA=(SID=tbcsa1)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))) * (ADDRESS=(PROTOCOL=tcp)(HOST=133.96.65.86)(PORT=63438)) * establish * tbcsa1 * 0
收集白名单
从监听日志里分析白名单的IP段(注意:日志里只是当前保留的日志时间段的访问记录,并非全部。)
cd /oracle/app/grid/diag/tnslsnr/$(hostname)/listener/trace grep "establish" listener.log|awk -F* '{print $3}'|awk -F= '{print $4}'|sed -e 's/......$//g'|awk -F. '{print $1 "." $2 "." $3}'|sort|uniq | awk 'BEGIN{RS=EOF}{gsub(/\n/,".*,");print}'
SQL脚本
-- file: session_rpt.sql -- Purpose: To Collect all session information -- Author: weejar -- Copyright: (c) ANBOB - http://www.anbob.com.com - All rights reserved. -- version 2.6 col spoolname new_value spoolname select 'session_rpt_'||to_char(sysdate,'yyyymmdd') spoolname from dual; spool '&spoolname' prom list of sessions set lines 300 pages 1000 col current_time for a50 select 'anbob.com' author,to_char(sysdate,'yyyy-mm-dd hh24:mi:ss') current_time,instance_name,version,status,instance_role from v$instance / select * from v$resource_limit where RESOURCE_NAME in('processes','sessions'); col sid form 99999 col serial# form 99999 col spid form a6 col program heading 'program' for a25 trunc col username form a15 col osuser form a10 col idle form a30 heading "Idle" col terminal form a12 col logon_time form a18 col machine for a15 trunc col rn for 9999 col service_name for a30 set lines 150 pages 1000 break on report compute sum of cnt on report select username,status,count(*) cnt from v$session group by username,status order by 1 / select username,machine,count(*) cnt from v$session group by username,machine order by 1,2 / select username,machine,failed_over,count(*) cnt from v$session where failed_over='YES' group by username,machine,failed_over order by 1,2 / select server,status,count(*) from v$session group by server,status / select inst_id,service_name,count(*) cnt from gv$session group by inst_id,service_name order by 1,2 / select inst_id,pname,username,count(*) cnt from gv$process group by inst_id,pname,username / select machine,program,count(*) from v$session where type='USER' group by machine,program order by 1,2 / select machine,server,username, count(*) cnt from v$session -- where program like 'oracle@qdyy%(TNS V1-V3)' -- and machine in('qdyya1') group by machine,server,username / ttitle - center 'displays the top 50 longest idle times' skip 2 select a.* from ( select sid,serial#,username,status, to_char(logon_time,'dd-mm-yy hh:mi:ss') logon_time , floor(last_call_et/3600)||' hours ' || floor(mod(last_call_et,3600)/60)||' mins ' || mod(mod(last_call_et,3600),60)||' secs' idle , machine ,row_number() over(order by last_call_et desc ) rn from v$session where type='USER' ) a where rn<= 50 / ttitle off column event heading 'wait event' for a30 trunc ttitle - center 'displays active session' skip 2 select sid,serial#,username,event,program,MACHINE,sql_id,BLOCKING_SESSION from v$session where status='ACTIVE' and username is not null; ttitle off