记一次使用logmnr查找操作人流程

经常遇到开发的需求,帮我查一下是谁修改了表里面的记录,是谁对表进行了DDL操作,此类问题可以使用logmnr解决

1.根据操作时间定位归档日志

SELECT name FROM V$ARCHIVED_LOG WHERE CREATOR='ARCH' AND FIRST_TIME BETWEEN TO_DATE('','') AND TO_DATE('','');

2.将归档日志加载进logmnr

EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxx/xxx/1_158827_757933172.dbf');
-- 如果要卸载
EXEC  SYS.DBMS_LOGMNR.REMOVE_LOGFILE('/xxx/xxx/1_158827_757933172.dbf');

3.打开logmnr

EXEC  SYS.DBMS_LOGMNR.START_LOGMNR(OPTIONS=>16);

4.从视图根据条件查找

SELECT * FROM V$LOGMNR_CONTENTS  WHERE TABLE_NAME='XXXXXX' AND OPERATION='DELETE';

5.关闭logmnr

exec  SYS.DBMS_LOGMNR.END_LOGMNR;

但是从上面得到的信息中,发现OS_USERNAME和MACHINE_NAME是空的,没有这两个我们是没有办法定位到人的,而这两个为空的原因是这个人很早就登录了,做操作是之后才做的,所以他的登录信息需要从之前的归档里面查找。但是因为一上午产生的归档特别多,为了不对生产库产生影响,我决定在DG库里面把归档scp到测试库,在测试库里面使用logmnr进行挖掘。但是因为测试库里面没有对应的数据字典,所以用logmnr出来的东西里面对象都会变成数字,所以我们需要根据SESSION#和SERIAL#进行查找

6.查找操作者的SESSION#和SERIAL#

从上面的第四步就可以找到,分别是23001和42363

7.将归档scp到测试库

8.在测试库重复logmnr过程,这里打开logmnr的时候不要加options=>16参数,不然会报错DBID不一样

EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158827_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158828_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158829_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158830_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158831_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158832_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158833_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158834_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158835_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158836_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158837_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158838_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158839_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158840_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158841_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158842_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158843_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158844_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158845_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.ADD_LOGFILE('/xxxxxx/xxxxxx/1_158846_757933172.dbf');
EXEC  SYS.DBMS_LOGMNR.START_LOGMNR();
SELECT /*+rule*/* FROM V$LOGMNR_CONTENTS WHERE SESSION#= 23001 and SERIAL#=42363;
exec  SYS.DBMS_LOGMNR.END_LOGMNR;

 

posted @ 2019-09-09 17:40  monkey6  阅读(265)  评论(0编辑  收藏  举报