使用Oracle 10g的Logminer挖掘日志
Logminer是oracle从8i开始提供的用于分析重做日志信息的工具,它包括DBMS_LOGMNR和DBMS_LOGMNR_D两个package,后边的D是字典的意思。它既能分析redo log file,也能分析归档后的archive log file。在分析日志的过程中需要使用数据字典,一般先生成数据字典文件后使用,10g版本还可以使用在线数据字典。
Logminer可以分析其它数据库的重做日志文件,但是必须使用重做日志所在数据库的数据字典,否则会出现无法识别的乱码。另外被分析数据库的操作系统平台最好和当前Logminer所在数据库的运行平台一样,且block size相同。
1、运行以下2个脚本安装logminer功能,一般数据库都已经安装好了:
p5b2@/u01/app/oracle/product/10.2/rdbms/admin$ ls -l dbmsl*
-rw-r--r-- 1 oracle oinstall 17246 Oct 27 2006 dbmslm.sql
-rw-r--r-- 1 oracle oinstall 4663 Oct 27 2006 dbmslmd.sql
2、要生成数据字典文件,首先要修改一个utl_file_dir参数,修改为*或者想存放数据字典文件位置的目录:
SQL> show parameter utl_file_dir
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
utl_file_dir stringSQL> alter system set utl_file_dir='*' scope=spfile;
System altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
3、生成数据字典文件
SQL> show parameter utl_file_dir
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
utl_file_dir string *
SQL> EXECUTE dbms_logmnr_d.build(dictionary_filename => 'dict20090625.dat',dictionary_location => '/orabak');PL/SQL procedure successfully completed.
4、可以先设置使用的表空间
SQL> EXECUTE DBMS_LOGMNR_D.SET_TABLESPACE('erp')
PL/SQL procedure successfully completed.
5、填加要分析的日志文件
SQL> EXECUTE DBMS_LOGMNR.ADD_LOGFILE(LogFileName=>'/orabak/testarch/1_89802_640266118.dbf',Options=>dbms_logmnr.new);
PL/SQL procedure successfully completed.
6、可以继续填加,用dbms_logmnr.removefile可以删除
SQL> EXECUTE DBMS_LOGMNR.ADD_LOGFILE(LogFileName=>'/orabak/testarch/1_89807_640266118.dbf',Options=>dbms_logmnr.addfile);
PL/SQL procedure successfully completed.
7、开始分析日志
SQL> execute dbms_logmnr.start_logmnr(dictfilename=>'/orabak/dict20090625.dat');
PL/SQL procedure successfully completed.
提取特定时间的日志:
dbms_logmnr.start_logmnr(dictfilename=>'/orabak/dict20090625.dat',
starttime=>to_date('2009-06-24 09:30:00','YYYY-MM-DD HH24:MI:SS'),
endtime=>to_date('2009-06-24 12:00:59','YYYY-MM-DD HH24:MI:SS'))
使用在线数据字典:
SQL> EXEC DBMS_LOGMNR.START_LOGMNR(OPTIONS => DBMS_LOGMNR.DICT_FROM_ONLINE_CATALOG);
PL/SQL procedure successfully completed.
8、查看结果
select timestamp,username,session#,sql_redo,operation from v$logmnr_contents;
9、结束分析,释放PGA内存资源
SQL> exec dbms_logmnr.end_logmnr;
PL/SQL procedure successfully completed.
注意,v$logmnr_contents内容保存了日志的内容,只在当前会话有效,如果想长期保存分析,可以在当前会话用create table tablename as select * from v$logmnr_contents语句来持久保存。
另外一个windows环境的测试:
SQL> desc v$logmnr_logs;
名称 是否为空? 类型
----------------------------------------- --------
LOG_ID NUMBER
FILENAME VARCHAR2(512)
LOW_TIME DATE
HIGH_TIME DATE
DB_ID NUMBER
DB_NAME VARCHAR2(8)
RESET_SCN NUMBER
RESET_SCN_TIME DATE
THREAD_ID NUMBER
THREAD_SQN NUMBER
LOW_SCN NUMBER
NEXT_SCN NUMBER
DICTIONARY_BEGIN VARCHAR2(3)
DICTIONARY_END VARCHAR2(3)
TYPE VARCHAR2(7)
BLOCKSIZE NUMBER
FILESIZE NUMBER
INFO VARCHAR2(32)
STATUS NUMBERSQL> select filename from v$logmnr_logs;
FILENAME
--------------------------------------------------------------------------------
E:ORACLEPRODUCT10.2.0DB_2DATABASEDB_RECOVERY_FILE_DESTARC26_666280390_1
E:ORACLEPRODUCT10.2.0DB_2DATABASEDB_RECOVERY_FILE_DESTARC27_666280390_1SQL> select log_id,low_scn,low_time,next_scn,high_time from v$logmnr_logs;
LOG_ID LOW_SCN LOW_TIME NEXT_SCN HIGH_TIME
---------- ---------- ------------------- ---------- -------------------
26 1576118 2008/09/26 12:56:37 1580527 2008/09/26 13:15:02
27 1580527 2008/09/26 13:15:02 1580563 2008/09/26 13:16:04SQL> exec dbms_logmnr.start_logmnr(dictfilename=>'E:\logmnrdict.ora',startscn=>1576118,endscn=>1580563);
SQL> select scn,timestamp , sql_redo from v$logmnr_contents where seg_owner='TEST' and seg_name='TT';