Mining information from listener logs

Source: Internet
Author: User

When you mention logs, you may suddenly think of operating system logs and database logs, but today we will not talk about those logs. Today we will talk about Database Listener logs, which record all operations on the listener, including successes and failures, attackers can also find attacks against listeners from logs, because listeners are often the primary target for hackers to attack Oracle databases, this article mainly introduces some useful information from listener logs.

Listener log is a standard text file, but it may be a little difficult to open it directly in a text editor, such as Notepad, to find the desired information. Here is another method, use the extended table and SQL statement to search. Fill each row in the log into every record in the extended table. The following describes the implementation steps.

 1. Create a log directory object

Create Directory LISTENER_LOG_DIR

   As C: oracleproduct10.2.0db _ 1 etworklog

   /

If you do not know where your listener logs are stored, you can run the lsnrctl status Command to check the path of the listener log file in the Command output result.

2. Create an extension table 

Create Table Full_listener_log

(

Line Varchar2 ( 4000 ))

Organization external (

Type oracle_loader

   Default Directory LISTENER_LOG_DIR

Access parameters (

Records delimited By Newline

Nobadfile

Nologfile

Nodiscardfile

)

Location ( Listener. log )

)

Reject limit unlimited

   /

If multiple listeners exist, modify the location. The log file name here must be consistent with the lsnrctl status output.

You can now query the full_listener_log table, for example, query the log write information:

SQL > Select * From Full_listener_log

   2 Where Line Like Log messages written %

   3 /

However, the queried information is still very primitive. Our goal is to find useful information, so we need to break down the content of each row of the log file. Generally, most lines of the listener log file contain the following fields:

A) date and time stamp of log entries

B) string used for client connection

C) protocol information used by the client (TCP/IP, port number, etc)

D) Client behavior, such as status and connection Establishment

E) service name in the client connection string

F) code returned by client behavior. If 0 is returned, the operation is successful. Otherwise, the error code is displayed.

Each field is separated by an asterisk. Note that not every log entry follows this format, as shown in the following log Content:

TNSLSNR For 32 - Bit Windows: Version 10.2 . 0.1 . 0 - Production On 01 - September - 2008 11 : 48 : 15

Copyright (c) 1991

The system parameter file is C: oracleproduct. 10.2 . 0 Db_1etworkadminlistener.ora

Write C: oracleproduct 10.2 . 0 Db_1etwork Log Log information of listener. log

Write C: oracleproduct 10.2 . 0

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.