记一次使用logmnr查找操作人流程
经常遇到开发的需求,帮我查一下是谁修改了表里面的记录,是谁对表进行了DDL操作,此类问题可以使用logmnr解决
1.根据操作时间定位归档日志
SELECT name FROM V$ARCHIVED_LOG WHERE CREATOR='ARCH' AND FIRST_TIME BETWEEN TO_DATE('','') AND TO_DATE('','');
2.将归档日志加载进logmnr
EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxx/xxx/1_158827_757933172.dbf');
-- 如果要卸载
EXEC SYS.DBMS_LOGMNR.REMOVE_LOGFILE('/xxx/xxx/1_158827_757933172.dbf');
3.打开logmnr
EXEC SYS.DBMS_LOGMNR.START_LOGMNR(OPTIONS=>16);
4.从视图根据条件查找
SELECT * FROM V$LOGMNR_CONTENTS WHERE TABLE_NAME='XXXXXX' AND OPERATION='DELETE';
5.关闭logmnr
exec SYS.DBMS_LOGMNR.END_LOGMNR;
但是从上面得到的信息中,发现OS_USERNAME和MACHINE_NAME是空的,没有这两个我们是没有办法定位到人的,而这两个为空的原因是这个人很早就登录了,做操作是之后才做的,所以他的登录信息需要从之前的归档里面查找。但是因为一上午产生的归档特别多,为了不对生产库产生影响,我决定在DG库里面把归档scp到测试库,在测试库里面使用logmnr进行挖掘。但是因为测试库里面没有对应的数据字典,所以用logmnr出来的东西里面对象都会变成数字,所以我们需要根据SESSION#和SERIAL#进行查找
6.查找操作者的SESSION#和SERIAL#
从上面的第四步就可以找到,分别是23001和42363
7.将归档scp到测试库
8.在测试库重复logmnr过程,这里打开logmnr的时候不要加options=>16参数,不然会报错DBID不一样
EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158827_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158828_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158829_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158830_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158831_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158832_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158833_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158834_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158835_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158836_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158837_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158838_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158839_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158840_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158841_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158842_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158843_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158844_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158845_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158846_757933172.dbf'); EXEC SYS.DBMS_LOGMNR.START_LOGMNR(); SELECT /*+rule*/* FROM V$LOGMNR_CONTENTS WHERE SESSION#= 23001 and SERIAL#=42363; exec SYS.DBMS_LOGMNR.END_LOGMNR;