细粒度审计导致SYSTEM表空间异常引发ORA-01653同时性能异常

故障现象:用户反馈无法登录,WEBLOGIC日志显示ERROR 2010-08-17 23:05:36,889 JDBCExceptionReporter:logExceptions - ORA-01653: unable to extend table SYS.FGA_LOG$ by 8192 in tablespace SYSTEM

 

推理:ORA-01653: unable to extend table SYS.FGA_LOG$ by 8192 in tablespace SYSTEM分析,可能是SYSTEM表空间的问题,通过OEM查看发现SYSTEM表空间确实已经满。但是应用方反馈没有对SYSTEM相关的操作。

 

继续分析:由于用户反馈昨天1800开始进行应用加压测试,但24点应用出错,后台提示

ORA-01653错误。为了精确定位,采用OEMADDM采集了1800-2400的信息,从报告中发现如下语句占据了50%左右的开销。

insert into sys.fga_log$ (sessionid, ntimestamp#, dbuid, osuid, obj$schema, obj$name, policyname, scn, oshst, clientid, extid, lsqltext, proxy$sid,user$guid, instance#, process#, xid, statement, entryid, stmt_type, lsqlbind, auditid) values( :1, SYS_EXTRACT_UTC(SYSTIMESTAMP), :2, :3, :4, :5, :6, :7, :8, :9, :10, :11, :12, :13, :14, :15, :16, :17, :18, :19, :20, :21 )

很显然,从sys.fga_log$可以看出以上是一个细粒度审计。

向应用方提出,但是应用方反馈未加审计策略。只好出手找证据。

------------------------------------------------------------------------------------------

SETP1通过select * from DBA_AUDIT_POLICIES;找出审计事项:

SQL> select * from DBA_AUDIT_POLICIES;

OBJECT_SCHEMA                  OBJECT_NAME                    POLICY_NAME                    POLICY_TEXT                                                                      POLICY_COLUMN                  PF_SCHEMA                      PF_PACKAGE                     PF_FUNCTION                    ENABLED SEL INS UPD DEL AUDIT_TRAIL  POLICY_COLUMN_OPTIONS

------------------------------ ------------------------------ ------------------------------ -------------------------------------------------------------------------------- ------------------------------ ------------------------------ ------------------------------ ------------------------------ ------- --- --- --- --- ------------ ---------------------

OPERATION                      SK_SSO_GRANTING_TICKET         FGA_SK_SSO_GRANTING_TICKET                                                                                                                                                                                                                  YES     YES YES YES YES DB+EXTENDED  ANY_COLUMNS

 

再通过sys.fga_log$来看审计内容,很显然对表更新做了审计。

SQL> SELECT dbuid, lsqltext FROM sys.fga_log$;

 

DBUID                          LSQLTEXT

------------------------------ --------

OPERATION                      insert i

OPERATION                      update S

OPERATION                      select s

OPERATION                      insert i

计算下条数165万条。

SQL> select count(*) from sys.fga_log$;

  COUNT(*)

----------

   1650749

 

此时把审计对象反馈给应用,一轮闻讯下来总算有人坦白了。 

----------------------------------------------------------------------------------

SETP2:执行execute dbms_fga.drop_policy去除审计

SQL> execute dbms_fga.drop_policy(object_schema=>'OPERATION',object_name=>'SK_SSO_GRANTING_TICKET',policy_name=>'FGA_SK_SSO_GRANTING_TICKET');

 

PL/SQL procedure successfully completed

----------------------------------------------------------------------------------

SETP3:重复SETP1发现审计消失

SQL> select * from DBA_AUDIT_POLICIES;

 

OBJECT_SCHEMA                  OBJECT_NAME                    POLICY_NAME                    POLICY_TEXT                                                                      POLICY_COLUMN                  PF_SCHEMA                      PF_PACKAGE                     PF_FUNCTION                    ENABLED SEL INS UPD DEL AUDIT_TRAIL  POLICY_COLUMN_OPTIONS

------------------------------ ------------------------------ ------------------------------ -------------------------------------------------------------------------------- ------------------------------ ------------------------------ ------------------------------ ------------------------------ ------- --- --- --- --- ------------ ---------------------

 

SQL>


删除现有审计数据:

SQL> truncate table Sys.fga_log$;


Table truncated

 

你可能感兴趣的:(职场,休闲,细粒度审计,SYSTEM表空间异常)