Using LogMiner to Analyze Redo Log Files(archived)

Posted: 九月 8, 2011 in Uncategorized


日志分析技术概述:作为Oracle DBA,我们有时候需要追踪数据误删除或用户的恶意操作情况,此时我们不仅需要查出执行这些操作的数据库账号,还需要知道操作是由哪台客户端(IP地址等)发出的。针对这些问题,一个最有效实用而又低成本的方法就是分析Oracle数据库的日志文件。本文将就Oracle日志分析技术做深入探讨

You direct LogMiner operations using the DBMS_LOGMNR and DBMS_LOGMNR_D PL/SQL packages, and retrieve data of interest using the V$LOGMNR_CONTENTS view, as follows:
1. Specify a LogMiner dictionary.
Use the DBMS_LOGMNR_D.BUILD procedure or specify the dictionary when you
start LogMiner (in Step 3), or both, depending on the type of dictionary you plan
to use.
2. Specify a list of redo log files for analysis.
Use the DBMS_LOGMNR.ADD_LOGFILE procedure, or direct LogMiner to create a
list of log files for analysis automatically when you start LogMiner (in Step 3).
Note: You must enable supplemental logging prior to generating
log files that will be analyzed by LogMiner.
When you enable supplemental logging, additional information is
recorded in the redo stream that is needed to make the information
in the redo log files useful to you. Therefore, at the very least, you
must enable minimal supplemental logging, as the following SQL
statement shows:
To determine whether supplemental logging is enabled, query the
V$DATABASE view, as the following SQL statement shows:
If the query returns a value of YES or IMPLICIT, minimal
supplemental logging is enabled. See Supplemental Logging on
page 17-21 for complete information about supplemental logging.
LogMiner Dictionary Files and Redo Log Files
Using LogMiner to Analyze Redo Log Files 17-5
3. Start LogMiner.
4. Request the redo data of interest.
Query the V$LOGMNR_CONTENTS view. (You must have the SELECT ANY
TRANSACTION privilege to query this view.)
5. End the LogMiner session.
Use the DBMS_LOGMNR.END_LOGMNR procedure.
You must have been granted the EXECUTE_CATALOG_ROLE role to use the LogMiner
PL/SQL packages and to query the V$LOGMNR_CONTENTS view.


Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s