[20190305]刪除審計登錄信息不適合使用logrotate.txt--//生產系統資料庫sys用戶登錄會在/u01/app/oracle/admin/${ORACLE_SID}/adump/目錄產生大量的後者為aud的文件.--//比如生產系統:# ls -1 /u01/app/oracle/ ...
[20190305]刪除審計登錄信息不適合使用logrotate.txt
--//生產系統資料庫sys用戶登錄會在/u01/app/oracle/admin/${ORACLE_SID}/adump/目錄產生大量的後者為aud的文件.
--//比如生產系統:
# ls -1 /u01/app/oracle/admin/xxxx/adump/*_20190304*.aud |wc
612 612 45900
*/
# ls -ltr /u01/app/oracle/admin/xxxx/adump/*_20190305*.aud |tail
-rw-r----- 1 oracle asmadmin 871 2019-03-05 10:55:53 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_27361_20190305105553273305143795.aud
-rw-r----- 1 oracle asmadmin 880 2019-03-05 11:00:01 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_36802_20190305110001396547143795.aud
-rw-r----- 1 oracle asmadmin 870 2019-03-05 11:00:53 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_38839_20190305110053402074143795.aud
-rw-r----- 1 oracle asmadmin 870 2019-03-05 11:00:53 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_38835_20190305110053357991143795.aud
-rw-r----- 1 oracle asmadmin 880 2019-03-05 11:05:01 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_48024_20190305110501464621143795.aud
-rw-r----- 1 oracle asmadmin 870 2019-03-05 11:05:53 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_49658_20190305110553480183143795.aud
-rw-r----- 1 oracle asmadmin 870 2019-03-05 11:05:53 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_49654_20190305110553432700143795.aud
-rw-r----- 1 oracle asmadmin 880 2019-03-05 11:10:01 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_59474_20190305111001520453143795.aud
-rw-r----- 1 oracle asmadmin 871 2019-03-05 11:10:53 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_60887_20190305111053528155143795.aud
-rw-r----- 1 oracle asmadmin 871 2019-03-05 11:10:53 /u01/app/oracle/admin/xxxx/adump/xxxx1_ora_60885_20190305111053501151143795.aud
--//平均一天有接近600次sys用登錄.主要是oem每隔5分鐘檢測資料庫狀態,每次發起3個連接,大量連接導致在這個目錄產生大量的垃圾文件 */
--//我以前一直使用logrotate管理這些日誌,但是在11g下存在如下問題.
--//11g下改變了文件命名格式加入時間戳,這樣每個生成的文件是唯一的,這樣state file(預設是/var/lib/logrotate.status),會越滾越大.
--//這樣每次執行越來越慢.10g下沒有時間戳,也就是最大65XXX個文件(至少是一個定數).
--//logrotate配置如下:
/u01/app/oracle/admin/xxxx/adump/xxxx1_ora_*.aud
{
monthly
rotate 0
notifempty
missingok
nomail
# maxage 100
}
# ls -lh /var/lib/logrotate.status
-rw-r--r-- 1 root root 72M 2019-03-03 12:18:59 /var/lib/logrotate.status
--//已經72M.註意看/var/lib/logrotate.status時間戳,3月3號執行到12:18:59結束.
--//不知道還有什麼好方法,要麼使用find+cron的方式,要麼採用鏈接http://blog.itpub.net/267265/viewspace-2139283/=>[20170518]11G審計日誌清除3.txt
--//另外補充logrotate的調式技巧以及註意細節:
1.註意參數sharedscripts,不然每匹配一行都要執行1次.
# man logrotate
sharedscripts
Normally, prescript and postscript scripts are run for each log which is rotated and the absolute path to the log
file is passed as first argument to the script. That means a single script may be run multiple times for log file
entries which match multiple files (such as the /var/log/news/* example). If sharedscripts is specified, the
scripts are only run once, no matter how many logs match the wildcarded pattern, and whole pattern is passed to
them. However, if none of the logs in the pattern require rotating, the scripts will not be run at all. This
option overrides the nosharedscripts option and implies create option.
2.logrotate的調試:
--//使用參數-v -d ,-d僅僅調試不會真真執行.
--//加上-f比較特殊.
-f, --force
Tells logrotate to force the rotation, even if it doesn't think this is necessary. Sometimes this is useful after
adding new entries to logrotate, or if old log files have been removed by hand, as the new files will be created,and
logging will continue correctly.
