日志挖掘 log miner
通过dbms_logmnr这个包把dml和ddl语句进行日志挖掘 (适用于调试、审计或者回退某个特定的事务。)
---------DML挖掘----------------
1.在scott用户下进行创建一个表t1: create table t1(id int,name char(10));
2.插入一条sql:inset into values(1,‘aaa‘);
3.提交:commit;
4.插入一条sql:inset into values(2,‘bbb‘); ##不提交
我们将通过归档日志和在线日志进行第二步操作和第四步操作进行挖掘
------------------------------
1.DML挖掘
1)添加database补充日志
SQL>ALTER DATABASE ADD SUPPLEMENTAL LOG DATA; ##为了避免日志遗漏,这步要先执行。
2)确定要分析的日志范围,添加日志,分析
SQL>execute dbms_logmnr.add_logfile(logfilename=>‘日志‘,options=>dbms_logmnr.new); ##提供第一个要加载的日志文件
execute dbms_logmnr.add_logfile(logfilename=>‘/u01/arch/arch_1_883490264_10.log‘,options=>dbms_logmnr.new); ##:现在,我们已经获得了第一个归档日志
说明:通过查看在线日志组,我们可以知道当前日志组是1号日志组。
第一步:[email protected] prod>select group#,sequence#,status from v$log;
GROUP# SEQUENCE# STATUS
---------- ---------- ----------------
1 10 CURRENT
2 8 INACTIVE
3 9 INACTIVE
第二步:[email protected] prod>alter system switch log; ##归档日志
第三步:[email protected] prod>select group#,sequence#,status from v$log; ##通过归档,我们将10号SEQUENCE的日志变成了active
GROUP# SEQUENCE# STATUS
---------- ---------- ----------------
1 10 ACTIVE
2 11 CURRENT
3 9 INACTIVE
第四步:[email protected] prod>select name from v$archived_log; ##得出/u01/arch/arch_1_883490264_10.log
NAME
-------------------------------------------
/u01/arch/arch_1_880581688_10.log
/u01/arch/arch_1_880581688_11.log
/u01/arch/arch_1_880581688_12.log
/u01/arch/arch_1_883490264_1.log
/u01/arch/arch_1_883490264_2.log
/u01/arch/arch_1_883490264_3.log
/u01/arch/arch_1_883490264_4.log
/u01/arch/arch_1_883490264_5.log
/u01/arch/arch_1_883490264_6.log
/u01/arch/arch_1_883490264_7.log
/u01/arch/arch_1_883490264_8.log
/u01/arch/arch_1_883490264_9.log
/u01/arch/arch_1_883490264_10.log
第五步:[email protected] prod>select group#,sequence#,status from v$log; ##进行查询,获得当前日志组为2号日志组
GROUP# SEQUENCE# STATUS
---------- ---------- ----------------
1 10 INACTIVE
2 11 CURRENT
3 9 INACTIVE
SQL>execute dbms_logmnr.add_logfile(logfilename=>‘追加日志‘,options=>dbms_logmnr.addfile); ##可以反复添加补充多个日志文件
execute dbms_logmnr.add_logfile(logfilename=>‘/u01/oradata/prod/redo02.log‘,options=>dbms_logmnr.addfile);
第六步:[[email protected] prod]$ pwd ##找到当前是2号日志组的日志文件 /u01/oradata/prod/redo02.log
/u01/oradata/prod
[[email protected] prod]$ ll
total 1674288
-rw-r--r-- 1 oracle oinstall 5426 Jan 8 23:26 con.trace
-rw-r----- 1 oracle oinstall 10076160 Jan 9 05:55 control01.ctl
-rw-r----- 1 oracle oinstall 10076160 Jan 9 05:55 control02.ctl
-rw-r----- 1 oracle oinstall 10076160 Jan 9 05:55 control03.ctl
-rw-r----- 1 oracle oinstall 104865792 Jan 9 05:12 example01.dbf
-rw-r----- 1 oracle oinstall 52429312 Jan 9 05:06 redo01.log
-rw-r----- 1 oracle oinstall 52429312 Jan 9 05:55 redo02.log
-rw-r----- 1 oracle oinstall 52429312 Jan 9 03:45 redo03.log
-rw-r----- 1 oracle oinstall 576724992 Jan 9 05:55 sysaux01.dbf
-rw-r----- 1 oracle oinstall 723525632 Jan 9 05:55 system01.dbf
-rw-r----- 1 oracle oinstall 30416896 Jan 9 05:44 temp01.dbf
-rw-r----- 1 oracle oinstall 10108672 Jan 9 05:55 undotbs01.dbf
-rw-r----- 1 oracle oinstall 5251072 Jan 9 05:20 users01.dbf
3)执行logmnr 分析
SQL>execute dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
4)查询分析结果,
SQL>select username,scn,timestamp,sql_redo from v$logmnr_contents where seg_name=‘表名‘;
5)关闭日志分析
SQL>execute dbms_logmnr.end_logmnr;