Thursday, June 5, 2014

Audit parameters. What do they mean - short description



When managing your audit trail, you will need to be familiar with these settings. Here is a short description of what they mean.
SQL> SELECT NAME, VALUE FROM V$PARAMETER WHERE NAME LIKE '%audit%';

NAME VALUE
audit_sys_operations TRUE
audit_file_dest /u01/oracle/admin/slyt/adump
audit_syslog_level  
audit_trail DB_EXTENDED

  • AUDIT_TRAIL
    When set to "DB", Oracle directs audit records to the database audit trail (the SYS.AUD$ table), except for mandatory and SYS audit records, which are always written to the operating system audit trail.

    When set to "DB,EXTENDED", oracle behaves as it would when AUDIT_TRAIL=DB, but also enables you to capture the SQL statement used in the action that was audited.

    When set to "NONE", standard auditing is disabled

    When set to "OS", Oracle directs all audit records to an operating system file.

    When set to "XML", Oracle writes to the operating system audit record file in XML format

    When set to "XML, EXTENDED", oracle behaves as it would with "AS AUDIT_TRAIL=XML", but also includes SQL text and SQL bind information

  • AUDIT_SYS_OPERATIONS
    Enables or disables the auditing of top-level operations, which are SQL statements directly issued by users when connecting with SYSDBA or SYSOPER privileges.

  • AUDIT_FILE_DEST
    specifies the operating system directory into which the audit trail is written when the AUDIT_TRAIL initialization parameter is set to os, xml, or xml,extended. It is also the location to which mandatory auditing information is written and, if so specified by the AUDIT_SYS_OPERATIONS initialization parameter, audit records for user SYS.

  • AUDIT_SYSLOG_LEVEL
    Allows SYS and standard OS audit records to be written to the system audit log using the SYSLOG utility


    Note: when you set the audit_trail parameter in the spfile, DO NOT use qotation marks around the values: Incorrect:
    alter system set audit_trail='DB,EXTENDED' scope=spfile;
    
    ORA-00096: invalid value DB,EXTENDED for parameter audit_trail, must be from among extended, xml, none, os, db
    

    Correct:
    alter system set audit_trail=db,extended scope=spfile;
    
    System altered.
    
  • Tuesday, June 3, 2014

    How to use the slibclean utility on AIX to clean up unused modules in memory

    On AIX, oracle will leave links to library usage in memory.

    This can prevent you from for example applying a patch using opatch.
    To clean up, use the slibclean utility, as demonstrated below:

    First, check for unused links by using the genld and genkld utilities:
    root@myserver> genld -l | grep /u01/oracle/product/11204
    root@myserver> genkld | grep /u01/oracle/product/11204
    
    Output will be similar to the following:
    900000002fb6000    141a3 /u01/oracle/product/11204/lib/libdbcfg11.so
    900000002f9e000    17eb6 /u01/oracle/product/11204/lib/libclsra11.so
    9000000036f6000   20ef63 /u01/oracle/product/11204/lib/libocrb11.so
    900000002efd000    a0f25 /u01/oracle/product/11204/lib/libocr11.so
    900000003055000   6a0dc1 /u01/oracle/product/11204/lib/libhasgen11.so
    900000002dcf000     cb95 /u01/oracle/product/11204/lib/libocrutl11.so
    900000002dcd000     1d7d /u01/oracle/product/11204/lib/libskgxn2.so
    900000010ba7000  2ddd1de /u01/oracle/product/11204/lib/libttsh11.so
    900000002a64000    1701f /u01/oracle/product/11204/lib/libons.so
    900000002a7c000   3508c9 /u01/oracle/product/11204/lib/libnnz11.so
    90000000cb99000  400d9b5 /u01/oracle/product/11204/lib/libolapapi11.so
    900000002173000     c05e /u01/oracle/product/11204/lib/libcorejava.so
    90000000211d000    5597d /u01/oracle/product/11204/lib/libxdb.so
    900000002007000     125f /u01/oracle/product/11204/lib/libodm11.so
    900000001f37000    cf4de /u01/oracle/product/11204/lib/libskgxp11.so
    
    Then clean up:
    root@myserver> slibclean
    
    Links are now gone:
    root@myserver> genkld | grep /u01/oracle/product/11204
    root@myserver>
    

    How to check progress of a long running statistics gathering job

    If you have a long-running statistics job running, you can check it from v$session_longops:

    For example, you execute:
    SQL> EXECUTE dbms_stats.gather_dictionary_stats;
    PL/SQL procedure successfully completed.
    

    Check progress with:
    SQL> select sofar, totalwork,units,start_time,time_remaining,message  
         from v$session_longops
         where opname = 'Gather Dictionary Schema Statistics';
    
    SOFAR  TOTALWORK UNITS                START_TIM TIME_REMAINING MESSAGE
    ---------- ---------- -------------------- --------- -------------- ------------------------------------------------
           423        423 Objects              03-JUN-14              0 Gather Dictionary Schema Statistics: Dictionary Schema : 423 out of 423 Objects done
    

    Monday, June 2, 2014

    How to solve "unknown nfs status return value: -1" when trying to mount an NFS drive on AIX on Linux

    My error:
    [root@mylinuxserver/]# mount -o nfsvers=2 -o nolock mynfsserver:/u01/software /myshare
    mount: mynfsserver:/u01/software failed, reason given by server: unknown nfs status return value: -1
    
    Solution: Add the client's ip-address and the name to the NFS servers /etc/hosts file, then retry the mount command.

    Share is now mounted and usable:
    [root@mylinuxserver/]# df -h -F nfs
    Filesystem            Size  Used Avail Use% Mounted on
    mynfsserver:/u01/software     705G  654G   52G  93% /myshare
    
    Apparently the error can also be overcome by making sure the client is set up with "reversed lookup" in your DNS server.
    In other words, nslookup should be able to resolve both the hostname of the client and the ip address of the client.

    How to display Linux kernel and version information

    List full distribution name:
    [root@myserver/]# cat /etc/redhat-release
    Red Hat Enterprise Linux Server release 5.2 (Tikanga)
    
    List kernel version:
    [root@myserver/]# cat /proc/version
    Linux version 2.6.18-92.el5xen (brewbuilder@ls20-bc2-13.build.redhat.com) (gcc version 4.1.2 20071124 (Red Hat 4.1.2-41)) #1 SMP Tue Apr 29 13:31:30 EDT 2008
    
    List processor type:
    [root@myserver/]# uname -p
    x86_64
    
    List all:
    root@myserver/]# uname -a
    Linux myserver.mydomain.com 2.6.18-92.el5xen #1 SMP Tue Apr 29 13:31:30 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
    

    From RHEL 7, you can use "hostnamectl":
    [root@myhost ~]# hostnamectl
       Static hostname: myhost.mydomain.com
             Icon name: computer-vm
               Chassis: vm
            Machine ID: ******
               Boot ID: ******
        Virtualization: vmware
      Operating System: Red Hat Enterprise Linux Server 7.8 (Maipo)
           CPE OS Name: cpe:/o:redhat:enterprise_linux:7.8:GA:server
                Kernel: Linux 3.10.0-1127.19.1.el7.x86_64
          Architecture: x86-64
    
    The contributor slm gives a good explaination on the background for hostnamectl in this article on stackexchange.com

    Wednesday, May 28, 2014

    How to recreate the control file and rename the database and the datafiles

    To change a database name or file names, it can be practical to recreate the control file, and in some cases your only option.

    In this example, I will rename a database and its file structure from "OID11UI" to "OID11U1".

    Start by generating a file which holds the current layout of all the database's files:
    SQL> alter database backup controlfile to trace as '/u01/oracle/product/11204/dbs/cntr_trace.sql' resetlogs;
    
    Database altered.
    
    The generated file typically look like this:
    STARTUP NOMOUNT
    CREATE CONTROLFILE REUSE DATABASE "OID11UI" RESETLOGS  NOARCHIVELOG
        MAXLOGFILES 16
        MAXLOGMEMBERS 3
        MAXDATAFILES 100
        MAXINSTANCES 8
        MAXLOGHISTORY 292
    LOGFILE
      GROUP 1 '/u02/oradata/OID11UI/redo01.log'  SIZE 50M BLOCKSIZE 512,
      GROUP 2 '/u02/oradata/OID11UI/redo02.log'  SIZE 50M BLOCKSIZE 512,
      GROUP 3 '/u02/oradata/OID11UI/redo03.log'  SIZE 50M BLOCKSIZE 512
    -- STANDBY LOGFILE
    DATAFILE
      '/u02/oradata/OID11UI/system01.dbf',
      '/u02/oradata/OID11UI/sysaux01.dbf',
      '/u02/oradata/OID11UI/undotbs01.dbf',
      '/u02/oradata/OID11UI/users01.dbf'
    CHARACTER SET WE8MSWIN1252
    ;
    -- Database can now be opened zeroing the online logs.
    ALTER DATABASE OPEN RESETLOGS;
    -- Commands to add tempfiles to temporary tablespaces.
    -- Online tempfiles have complete space information.
    -- Other tempfiles may require adjustment.
    ALTER TABLESPACE TEMP ADD TEMPFILE '/u02/oradata/OID11UI/temp01.dbf'
         SIZE 20971520  REUSE AUTOEXTEND ON NEXT 655360  MAXSIZE 32767M;
    -- End of tempfile additions.
    
    Exchange the word "REUSE" against the word "SET":
    CREATE CONTROLFILE SET DATABASE "OID11U1"
    

    Optionally, on the first line, add a pointer to a correct parameter file:
    STARTUP NOMOUNT PFILE='/u01/oracle/product/11204/dbs/initOID11U1.ora'
    
    Change all references to "OID11UI" (the old name):
    STARTUP NOMOUNT PFILE='/u01/oracle/product/11204/dbs/initOID11U1.ora'
    CREATE CONTROLFILE SET DATABASE "OID11U1" RESETLOGS  NOARCHIVELOG
        MAXLOGFILES 16
        MAXLOGMEMBERS 3
        MAXDATAFILES 100
        MAXINSTANCES 8
        MAXLOGHISTORY 292
    LOGFILE
      GROUP 1 '/u02/oradata/OID11U1/redo01.log'  SIZE 50M BLOCKSIZE 512,
      GROUP 2 '/u02/oradata/OID11U1/redo02.log'  SIZE 50M BLOCKSIZE 512,
      GROUP 3 '/u02/oradata/OID11U1/redo03.log'  SIZE 50M BLOCKSIZE 512
    -- STANDBY LOGFILE
    DATAFILE
      '/u02/oradata/OID11U1/system01.dbf',
      '/u02/oradata/OID11U1/sysaux01.dbf',
      '/u02/oradata/OID11U1/undotbs01.dbf',
      '/u02/oradata/OID11U1/users01.dbf'
    CHARACTER SET WE8MSWIN1252
    ;
    -- Database can now be opened zeroing the online logs.
    ALTER DATABASE OPEN RESETLOGS;
    -- Commands to add tempfiles to temporary tablespaces.
    -- Online tempfiles have complete space information.
    -- Other tempfiles may require adjustment.
    ALTER TABLESPACE TEMP ADD TEMPFILE '/u02/oradata/OID11U1/temp01.dbf'
         SIZE 20971520  REUSE AUTOEXTEND ON NEXT 655360  MAXSIZE 32767M;
    -- End of tempfile additions.
    
    Change the folder name that oracle uses:
    usu0oid01:OID11UI>cd /u02/oradata
    usu0oid01:OID11UI>mv OID11UI OID11U1
    
    Change the control_files directive in the parameter file:
    Before
    *.control_files='/u02/oradata/OID11UI/control01.ctl','/u02/oradata/OID11UI/control02.ctl'
    
    After:
    *.control_files='/u02/oradata/OID11U1/control01.ctl','/u02/oradata/OID11U1/control02.ctl'
    
    Remove the old controlfiles physically from disk:
    cd /u02/oradata/OID11U1
    rm *.ctl
    
    Shutdown the database:
    SQL> shutdown abort
    ORACLE instance shut down.
    
    Change the oracle profile in the operating system:
    cd
    vi .profile
    
    Before:
    export ORACLE_SID=OID11UI
    
    After:
    export ORACLE_SID=OID11U1
    
    Source the new profile, and check that the ORACLE_SID environmental variable is correctly set:
    . .profile
    usu0oid01:OID11U1>echo $ORACLE_SID
    OID11U1
    
    Start sqlplus and run script:
    usu0oid01:OID11UI>sqlplus / as sysdba @cntr_trace.sql
    
    SQL*Plus: Release 11.2.0.4.0 Production on Wed May 28 14:00:50 2014
    
    Copyright (c) 1982, 2013, Oracle.  All rights reserved.
    
    Connected to an idle instance.
    
    ORACLE instance started.
    
    Total System Global Area 1720328192 bytes
    Fixed Size                  2247072 bytes
    Variable Size            1107297888 bytes
    Database Buffers          603979776 bytes
    Redo Buffers                6803456 bytes
    
    Control file created.
    
    Database altered.
    
    Tablespace altered.
    
    SQL> select open_mode from v$database;
    
    OPEN_MODE
    --------------------
    READ WRITE
    
    Check the location of the data files after the change:
    SQL> select file_name from dba_data_files union select member from v$logfile  union  select name from v$controlfile;
    
    FILE_NAME
    --------------------------------------------------
    /u02/oradata/OID11U1/control01.ctl
    /u02/oradata/OID11U1/control02.ctl
    /u02/oradata/OID11U1/redo01.log
    /u02/oradata/OID11U1/redo02.log
    /u02/oradata/OID11U1/redo03.log
    /u02/oradata/OID11U1/sysaux01.dbf
    /u02/oradata/OID11U1/system01.dbf
    /u02/oradata/OID11U1/undotbs01.dbf
    /u02/oradata/OID11U1/users01.dbf
    
    Lag en spfile (anbefales):

    SQL> create spfile from pfile; 
    
    File created.
    
    SQL> shutdown immediate
    Database closed.
    Database dismounted.
    ORACLE instance shut down.
    
    Startup the database for normal use:
    SQL> startup
    

    How to use adrci to tail the alert log

    oracle@myhost:[PRODDB01]# adrci
    
    ADRCI: Release 11.2.0.4.0 - Production on Wed May 28 15:06:44 2014
    
    Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved.
    
    ADR base = "/u01/oracle"
    
    Display which homes that exists, and set the homelocation to point to the database's home:
    adrci> show homes
    
    ADR Homes:
    diag/rdbms/PRODDB01/PRODDB01
    diag/tnslsnr/myhost/listener
    adrci> set home diag/rdbms/PRODDB01/PRODDB01
    
    Tail the log:
    adrci> show alert -tail -f
    
    Other handy comments related to the alert log:
    show alert
    show alert -tail 50
    show alert -p "module_id='DBMS_SCHEDULER'"
    show alert -p "module_id != 'DBMS_SCHEDULER'"
    show alert -p "module_id LIKE '%SCHEDULER%'"
    
    If you want to extract the Streams related statements from the alert log, you would use:
    show alert -p "message_text like '%STREAM%'"
    

    See also this post for searching in adr using adrci