Tag: archive

Oracle Database Application Security Book

Posted on by Osama Mustafa in News

Finally …

The Book is alive

For the first time the book which is dicussed critcal security issues such as database threats, and how to void them, the book also include advance topics about Oracle internet directory, Oracle access manager and how to implement full cycle single sign on,

Focus on the security aspects of designing, building, and maintaining a secure Oracle Database application. Starting with data encryption, you will learn to work with transparent data, back-up, and networks. You will then go through the key principles of audits, where you will get to know more about identity preservation, policies and fine-grained audits. Moving on to virtual private databases, you’ll set up and configure a VPD to work in concert with other security features in Oracle, followed by tips on managing configuration drift, profiles, and default users.

What You Will Learn:- 

  • Work with Oracle Internet Directory using the command-line and the console.
  • Integrate Oracle Access Manager with different applications.
  • Work with the Oracle Identity Manager console and connectors, while creating your own custom one.
  • Troubleshooting issues with OID, OAM, and OID.
  • Dive deep into file system and network security concepts.
  • First time chapter that include most of the critical database threats in real life.

 

You can buy the book now from amazon here

 

Cheers

Osama

LOG_ARCHIVE_DEST and LOG_ARCHIVE_DEST_1

Posted on by Osama Mustafa in Database

LOG_ARCHIVE_DEST 
is applicable only if we are running the database in ARCHIVELOG mode. LOG_ARCHIVE_DEST parameter are used to specified the archiving location. The Location specified by log_archive_dest must be local . We choose to archive only two local location  i.e,  primary and a secondary destination ( using LOG_ARCHIVE_DEST and LOG_ARCHIVE_DUPLEX_DEST ) .

LOG_ARCHIVE_DEST_n 
initialization parameter defines up to ten (where n = 1, 2, … 10) destinations in oracle 10gand thirty one (n=1,2….31)  destination in oracle 11g , each of which must specify either the  LOCATION or  the SERVICE  attribute to specify where to archive the redo data. All other attributes are optional.We set the attributes for the LOG_ARCHIVE_DEST_n initialization parameter to control different aspects of how redo transport services transfer redo data from a production or primary database destination to another (standby) database destination.For every LOG_ARCHIVE_DEST_n initialization parameter that we define, we must specify corresponding LOG_ARCHIVE_DEST_STATE_n parameter. The LOG_ARCHIVE_DEST_STATE_n (where n is an integer from 1 to 10) initialization parameter specifies whether the corresponding destination is currently enabled or disabled.
 

LOG_ARCHIVE_FORMAT 

Syntax : LOG_ARCHIVE_FORMAT = ‘log%t_%s_%r.arc’

is applicable only if you are using the redo log in ARCHIVELOG mode. Use a text string and variables to specify the default filename format when archiving redo log files. The string generated from this format is appended to the string specified in the LOG_ARCHIVE_DEST parameter.

The following variables can be used in the format:

%s log sequence number
%S log sequence number, zero filled
%tthread number
%Tthread number, zero filled
%a activation ID
%d database ID
%r resetlogs ID that ensures unique names are constructed for the archived log files across multiple incarnations of the database.

Reference Document :
1-Oracle Log_Archive_log Documentation.
2-Oracle Log_arcchive_Dest

Unable to login to Database Because Archivelog

Posted on by Osama Mustafa in Database
Regarding to heavy duty On Database , Database start Generates Archive log with time size for flash recovery become full , so what i have to do :

first you will not be able login for database or rman

Solution :

Step1 :

-Go to archivelog detestation and delete archivelog (old first) , if you have space on your server you can move them from direcotry to another .

-Flash Recovery On ASM , Follow the below steps

export ORACLE_SID=+ASM1
asmcmd 

now you are inside ASM head to Archivelog destation and delete archive log manually (old first )

 Step 2 :

Now you will be able to login to rman :

Run
{

ALLOCATE CHANNEL c1 DEVICE TYPE DISK FORMAT '/u01/'; 
backup archivelog all delete input ;
release c1 ; }

 Now you clean Archivelog .

THis solution for Both Cluster and Single Node Database

Enjoy

Thank you
Osama mustafa

Clone Oracle Database Steps

Posted on by Osama Mustafa in Database
First :  What is Oracle Database Clone :

complete and separate copy of a database system that includes the business data, the DBMS software and any other application tiers that make up the environment. Cloning is a different kind of operation to replication and backups in that the cloned environment is both fully functional and separate in its own right. Additionally the cloned environment may be modified at its inception due to configuration changes or data subsetting.

Second : Benefit Of Clone : 

1-useful for the DBA who wants to give his developers a full-sized TEST and DEV instance by cloning the PROD instance into the development server areas. 
2-quickly migrate a system from one server to another .
3-fastest way to copy a Oracle database .

How We do it :


Step-1 : On the old system, go into SQL*Plus, sign on as SYSDBA and issue: 

SQL>alter database backup controlfile to trace;

copy and paste the below lines from your user trace file and save it as dbclone_controlfile_creation.sql in any location in your system .


STARTUP NOMOUNT
CREATE CONTROLFILE REUSE DATABASE “OLDLSQ” NORESETLOGS
NOARCHIVELOG
MAXLOGFILES 16
MAXLOGMEMBERS 2
MAXDATAFILES 240
MAXINSTANCES 1
MAXLOGHISTORY 113
LOGFILE
GROUP 1 (‘/u01/oradata/oldlsq/log1a.dbf’,
‘/u01/oradata/olslsq/log1b.dbf’) SIZE 30M,
GROUP 2 (‘/u01/oradata/oldlsq/log2a.dbf’,
‘/u01/oradata/oldlsq/log2b.dbf’) SIZE 30M
DATAFILE
‘/u01/oradata/oldlsq/system01.dbf’,
‘/u01/oradata/oldlsq/mydatabase.dbf’
;
# Recovery is required if any of the datafiles are restored
# backups, or if the last shutdown was not normal or immediate.
RECOVER DATABASE
# Database can now be opened normally.
ALTER DATABASE OPEN;

 

 Step-2 : Shutdown Old Database

SQL>Shutdown immediate ;

Step-3 : Copy and Edit the Control file – Using the output syntax from STEP 1, modify the controlfile creation script by changing the following: 


CREATE CONTROLFILE REUSE DATABASE “OLDLSQ” NORESETLOGS

CREATE CONTROLFILE SET DATABASE “NEWLSQ” RESETLOGS

 Step-4 :Remove the “recover database” and “alter database open” syntax 


Step-5:Re-names of the data files location to new clone location in a dbclone_controlfile_creation.sql.

Old:

DATAFILE
‘/u01/oradata/oldlsq/system01.dbf’,
‘/u01/oradata/oldlsq/mydatabase.dbf’

New:

DATAFILE
‘/u01/oradata/newlsq/system01.dbf’,
‘/u01/oradata/newlsq/mydatabase.dbf’

Step-6: Copy all data files into the new directories on the new server. You may change the file names if you want, but you must edit the controlfile to reflect the new data files names on the new server.

Step-7 : Create the bdump, udump and cdump directories
  

 cd /u01/admin/
mkdir newlsq
cd newlsq
mkdir bdump
mkdir udump
mkdir cdump
mkdir pfile

Step-8 : Copy-over the old init.ora file 


open the primary database pfile in a notepad or text editor and change the udump,bdump,pfile,controlfile destination and save it in new clone pfile location newlsq folder and save as newlsq.ora 
eg: primary database location /u01/admin/oldlsq/pfile/oldlsq.ora
open that oldlsq.ora file in a text editor or notepad and change the required destinations cdump,udump,bdump,controlfile destinations and save as newlsq.ora in the below destination
/u01/admin/newlsq/pfile/newlsq.ora

Step-9 : Start the new database

SQL>startup nomount pfile=’ /u01/admin/newlsq/pfile/newlsq.ora ‘ ;
SQL> @dbclone_controlfile_creation.sql
SQL>alter database open resetlogs;

SQL>create spfile from pfile;

 Step-10 : Place the new database in archivelog mode.




Thank you 
osama mustafa

Change to Archive Log Mode In Oracle Rac

Posted on by Osama Mustafa in Database
1. Disable clustering putting cluster_database parameter FALSE.

$export ORACLE_SID=ORCL1
$sqlplus “/ as sysdba”

Check the status of archive mode of the database:

SQL>archive log list

Database log mode              No Archive Mode
Automatic archival             Disabled
Archive destination            USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence     407
Current log sequence           408

SQL> alter system set cluster_database=false scope=spfile sid=’ORCL1′;

2. Shutdown all instances using srvctl utilty

$ srvctl stop database -d cobra

3. Mount tha database using one of the instance:

$ sqlplus “/ as sysdba”

SQL> startup mount

4. Enable archivelog using following command:

SQL> alter database archivelog;

5. Re-enable clustering putting instance parameter cluster_database to TRUE from the current instance:

SQL> alter system set cluster_database=true scope=spfile sid=’ORCL1′;

6. Shutdown the local instance:

SQL> shutdown immediate

7. Startup all instances using srvctl utility:

#srvctl start database -d orcl

8. If any service is not up then get up those using srvctl utility:

#srvctl start service -dorcl

9. And now check archivelog mode is enabled or not using following:

$sqlplus “/ as sysdba”

SQL> archive log list

Database log mode            Archive Mode
Automatic archival             Enabled
Archive destination            USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence     407
Current log sequence           408

Thank you
Osama mustafa

ORA-16038 ORA-19504

Posted on by Osama Mustafa in Database
Archiver Hung in Oracle database 
Summary
1. check how much space is used by archiver
2. check the last good backup of the database
3. delete archive log files older than last good backup
4. crosscheck archive log
1. check how much space is used by archiver
  Sql>  select count(*),sum(blocks*block_size) from v$archived_log where    backup_count=0 and      deleted=’NO’;
   Sql> select * from v$flash_recovery_area_usage;
2. check the last good backup of the database

  set pages 999 lines 120

   col STATUS format a9
   col hrs format 999.99
   col start_time format a15
   col end_time format a15
   col dev format a5
   col inbytes format a10
   col outbytes format a10
   select
       INPUT_TYPE, STATUS,
       to_char(START_TIME,’mm/dd/yy hh24:mi’) start_time,
       to_char(END_TIME,’mm/dd/yy hh24:mi’)   end_time,
       elapsed_seconds/3600                   hrs,
       output_device_type dev,
       input_bytes_display inbytes,
       output_bytes_display outbytes
    from V$RMAN_BACKUP_JOB_DETAILS
   order by session_key;

   3. delete archive log files older than last good backup
rman target / nocatalog
 allocate channel for maintenance device type disk;
 crosscheck archivelog all;
 delete noprompt archivelog until time ‘sysdate – 1’;
 delete noprompt expired archivelog all;
 delete noprompt obsolete device type disk;   

4. crosscheck archive log
crosscheck archivelog all;
 release channel;
 exit;  
Thank you 
Osama mustafa

Changing Archive Log Destination

Posted on by Osama Mustafa in Database
Today I am Gonna Show you How to change Archive log Destination in Two Ways :

1.Temporarily Changing the Destination Using SQL*Plus

sqlplus / as sysdba

sql> archive log list;

Database log mode Archive Mode
Automatic archival Enabled
Archive destination /u01/app/oracle/product/10.2.0/db_1/dbs/arch
Oldest online log sequence 9285
Next log sequence to archive 9287
Current log sequence 9287

 To change the location

sql>ARCHIVE LOG START ‘/u01/arch’;

To Verify your changes:

sql> archive log list;
Database log mode Archive Mode
Automatic archival Enabled
Archive destination /oracle/arch
Oldest online log sequence 9285
Next log sequence to archive 9287
Current log sequence 9287

2-Permanently Changing the Destination Using SQL*Plus

sqlplus / as sysdba

ALTER SYSTEM SET log_archive_dest =’/oradata/arch’ scope=both;

To Verify your changes:

sql> archive log list;

Database log mode Archive Mode
Automatic archival Enabled
Archive destination /oracle/arch
Oldest online log sequence 9285
Next log sequence to archive 9287
Current log sequence 9287   

To change the size of archive log

SQL> alter system SET DB_RECOVERY_FILE_DEST_SIZE = 10G SCOPE=BOTH SID=’orcl’;

System altered. 

Thank You
Osama Mustafa

  

ORA-16018 ORA-16019

Posted on by Osama Mustafa in Database
Cause : 
These two errors come whenever LOG_ARCHIVE_DEST is set as archival location and you want to set DB_RECOVERY_FILE_DEST

Solution : 

1- You need to see Archive log destination First .

SQL > archive log list ; 

Database log mode Archive Mode
Automatic archival Enabled
Archive destination USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence 215
Next log sequence to archive 217
Current log sequence 217

2-You Can Check Archive Location  By Check Database Parameter

SQL> show parameter DB_RECOVERY_FILE_DEST

NAME TYPE VALUE
———————————— ———– ——————————
db_recovery_file_dest string /oradata
 db_recovery_file_dest_size big integer 10G

 3-Set New Archive Log Location

SQL> alter system set log_archive_dest=’/u01′;

alter system set log_archive_dest=’/u01′
*
ERROR at line 1:
ORA-02097: parameter cannot be modified because specified value is invalid
ORA-16018: cannot use LOG_ARCHIVE_DEST with LOG_ARCHIVE_DEST_n or
DB_RECOVERY_FILE_DEST

4- If you want to set log_archive_dest first reset DB_RECOVERY_FILE_DEST and then set .

SQL> alter system set DB_RECOVERY_FILE_DEST=”;

System altered.

SQL> alter system set log_archive_dest=’/u01′;

System altered.

 SQL> archive log list

Database log mode Archive Mode
Automatic archival Enabled
Archive destination /u01

Oldest online log sequence 215
Next log sequence to archive 217
Current log sequence 217

5-Also if you now want to set DB_RECOVERY_FILE_DEST ORA-16019: will occur.

SQL> alter system set DB_RECOVERY_FILE_DEST=’/u02′;

alter system set DB_RECOVERY_FILE_DEST=’/u02′
*
ERROR at line 1:
ORA-02097: parameter cannot be modified because specified value is invalid
ORA-16019: cannot use db_recovery_file_dest with LOG_ARCHIVE_DEST or
LOG_ARCHIVE_DUPLEX_DEST

 6-To set DB_RECOVERY_FILE_DEST first reset LOG_ARCHIVE_DEST.

SQL> alter system set log_archive_dest=”;

System altered.

SQL> alter system set DB_RECOVERY_FILE_DEST=’/u02′;

System altered.

 SQL> archive log list
Database log mode Archive Mode
Automatic archival Enabled
Archive destination USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence 215
Next log sequence to archive 217
Current log sequence 217

To set multiple location of archival destination set another log_archive_dest_n parameter like,
SQL> alter system set log_archive_dest_3=’LOCATION=/u02′;
System altered.

Thank you
Osama mustafa