| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Alert Log Scanner
Here is an alert log scanner that I wrote. It will run on UNIX and Win32.
It relies upon the GNU date utility; download information is included in the script.
By default, it will only print lines containing the string "ORA-" that were seen on the previous day, but this is configurable.
The output can be emailed with something like:
alertscan alert_orcl.log > /tmp/oscan
[ -a /tmp/oscan ] && mail -s "Oracle Errors" your_at_email.com < /tmp/oscan
rm -f /tmp/oscan
Win32 users might use gawk's networking to open an SMTP socket to Exchange.
This script does a complete scan of the alert log - it might be more efficient to use fseek(), but that would require C or perl. Performance can be greatly improved by using the awk compiler at awka.sourceforge.net.
Solaris users must change the first line of the script below to:
#!/usr/bin/nawk -f
(shame on sun solaris! sloth does not pay!)
alertscan - Oracle alert log scanner
Extracts Oracle alert log entries that lie in specific date ranges. By default, extracts only unique lines containing the string "ORA-" that occurred on the previous day, plus a count. Other options:
full - print the full contents of the alert log, not just ORA- lines
label - prefix the filename on all lines
start:x days ago - offset in GNU date format
stop:x days ago - offset in GNU date format
Examples:
Print yesterday's errors:
alertscan alert_orcl.log
Print today's errors:
alertscan start:today stop:tomorrow alert_orcl.log
Print the full log from three days ago (only that day):
alertscan full "start:3 days ago" "stop:2 days ago" alert_orcl.log
Under Win32, print six days, two instances (o1 and o2), w/labels:
awk95 -f alertscan label "start:6 days ago" alert_o1.log alert_o2.log
--------------------------------------------------------------------------
/ Charles J. Fisher | Really, I'm not out to destroy Microsoft. /
/ cfisher_at_rhadmin.org | That will just be a completely unintentional /
/ http://rhadmin.org | side effect. -Linus Torvalds /
--------------------------------------------------------------------------
#!/usr/bin/awk -f
BEGIN {
# The date command below must point at GNU date, part of the # GNU shell utilities package (ftp://ftp.gnu.org/gnu/sh-utils/, # Win32 versions at http://unxutils.sourceforge.net/, # http://gnuwin32.sourceforge.net/, or http://www.cygwin.com/). # GNU date is needed for its ability to specify offset dates. # Please rename to gdate under Win32 (don't conflict with builtin date). # Brian Kernighan's one true awk: http://cm.bell-labs.com/cm/cs/awkbook/ datecmd = "gdate " # don't delete the trailing space for(i = 1; i < ARGC; i++) { if(ARGV[i] == "help") Usage() if(ARGV[i] == "helpdate") DateUsage() if(ARGV[i] == "full") { full = 1 ARGV[i] = "" } if(ARGV[i] == "label") { label = 1 ARGV[i] = "" } if(substr(ARGV[i], 1, 6) == "start:") { startargs = "-d \"" substr(ARGV[i], 7) "\"" ARGV[i] = "" } if(substr(ARGV[i], 1, 5) == "stop:") { stopargs = "-d \"" substr(ARGV[i], 6) "\"" ARGV[i] = "" } } if(startargs == "") startargs = "-d yesterday" runthis = datecmd startargs " +\"%a %b %d %Y\"" runthis | getline startweekday = $1 startmonth = $2 startday = $3 startyear = $4 close(runthis) runthis = datecmd stopargs " +\"%a %b %d %Y\"" runthis | getline stopweekday = $1 stopmonth = $2 stopday = $3 stopyear = $4 close(runthis)
!pswitch && NF != 5 { next } # slight performance boost
!pswitch &&
$1 == startweekday &&
$2 == startmonth &&
$3 == startday &&
$5 == startyear { pswitch = 1 }
pswitch &&
$1 == stopweekday &&
$2 == stopmonth &&
$3 == stopday &&
$5 == stopyear { pswitch = 0 }
pswitch && full {
if(label == 1) print FILENAME ": " $0 else print next
pswitch && index($0, "ORA-") {
label ? error[FILENAME ": " $0]++ : error[$0]++ }
END {
if(!full) for(i in error) print i " [" error[i] "]"
function P(line)
{
print line
}
function Usage()
{
P("\n" ARGV[0] " - Oracle alert log scanner\n")
P("Extracts Oracle alert log entries that lie in specific date ranges. By")
P("default, extracts only unique lines containing the string \"ORA-\" that")
P("occurred on the previous day, plus a count. Other options:\n")
P("\tfull - print the full contents of the alert log, not just ORA- lines")
P("\tlabel - prefix the filename on all lines")
P("\tstart:x days ago - offset in GNU date format")
P("\tstop:x days ago - offset in GNU date format\n")
P("Examples:")
P("\tPrint yesterday's errors:")
P("\t" ARGV[0] " alert_orcl.log\n")
P("\tPrint today's errors:")
P("\t" ARGV[0] " start:today stop:tomorrow alert_orcl.log\n")
P("\tPrint the full log from three days ago (only that day):")
P("\t" ARGV[0]" full \"start:3 days ago\" \"stop:2 days ago\" alert_orcl.log\n")
P("\tUnder Win32, print six days, two instances (o1 and o2), w/labels:")
P("\tawk95 -f " ARGV[0] " label \"start:6 days ago\" alert_o1.log alert_o2.log")
exit
function DateUsage()
{
P(" -d, --date=STRING\n")
P(" display time described by STRING, not `now'")
P("")
P(" `-d DATESTR'")
P(" `--date=DATESTR'")
P(" Display the time and date specified in DATESTR instead of the")
P(" current time and date. DATESTR can be in almost any common")
P(" format. It can contain month names, timezones, `am' and `pm',")
P(" `yesterday', `ago', `next', etc. *Note Date input formats::.")
P("")
P("Examples of `date'")
P("------------------")
P("")
P(" Here are a few examples. Also see the documentation for the `-d'")
P("option in the previous section.")
P("")
P(" * To print the date of the day before yesterday:")
P("")
P(" date --date='2 days ago'")
P("")
P(" * To print the date of the day three months and one day hence:")
P(" date --date='3 months 1 day'")
P("")
P(" * To print the day of year of Christmas in the current year:")
P(" date --date='25 Dec' +%j")
P("")
P(" * To print a date without the leading zero for one-digit days of the")
P(" month, you can use the (GNU extension) `-' modifier to suppress")
P(" the padding altogether.")
P(" date -d=1may '+%B %-d'")
P("")
P(" * To convert a date string to the number of seconds since the epoch")
P(" (which is 1970-01-01 00:00:00 UTC), use the `--date' option with")
P(" the `%s' format. That can be useful in sorting and/or graphing")
P(" and/or comparing data by date. The following command outputs the")
P(" number of the seconds since the epoch for the time one second later")
P(" than the epoch, but in a time zone five hours later (Cambridge,")
P(" Massachusetts), thus a total of five hours and one second after")
P(" the epoch:")
P("")
P(" date --date='1970-01-01 00:00:01 UTC +5 hours' +%s")
P(" 18001")
P("")
P(" Suppose you had _not_ specified time zone information in the")
P(" example above. Then, `date' would have used your computer's idea")
P(" of the time zone when interpreting the string. Here's what you")
P(" would get if you were in Greenwich, England:")
P("")
P(" # local time zone used")
P(" date --date='1970-01-01 00:00:01' +%s")
P(" 1")
P("")
P(" * If you're sorting or graphing dated data, your raw date values may")
P(" be represented as seconds since the epoch. But few people can")
P(" look at the date `946684800' and casually note \"Oh, that's the")
P(" first second of the year 2000.\"")
P("")
P(" date --date='2000-01-01 UTC' +%s")
P(" 946684800")
P("")
P(" To convert such an unwieldy number of seconds back to a more")
P(" readable form, use a command like this:")
P("")
P(" date -d '1970-01-01 946684800 sec' +\"%Y-%m-%d %T %z\"")
P(" 2000-01-01 00:00:00 +0000")
exit
 |
 |