Hi David,
What versions of Oracle does it support ?
K
----- Originele e-mail -----
Van: "David Litchfield" <david@xxxxxxxxxxxxxxxxxxxx>
Aan: "Guillermo Alan Bort" <cicciuxdba@xxxxxxxxx>
Cc: oracle-l@xxxxxxxxxxxxx
Verzonden: Woensdag 30 juni 2010 00:40:36 GMT +01:00 Amsterdam /
Berlijn / Bern / Rome / Stockholm / Wenen
Onderwerp: Re: New tool: ddldump
Hey all,
Thanks for the questions.
Yes - ddldump does work against archived redo logs.
Whilst ddldump is currently a windows console program it will work on
redo logs from other OSes. That said, I'll write a version for Mac OS
X and Linux shortly.
There should be no impact on the DB at all. ddldump simply opens the
file in read mode, parses it then outputs to the console. If you want
to save the results to a file simply use the redirect >
C:\>ddldump redo01.log ddl > out.xml
HTH!
David
On 29/06/2010 02:37, Guillermo Alan Bort wrote:
Hey David,
Nice tool, looks very interesting. Does it work on archived
redolg files? I'll try it in my toy DBs this week... :-) I'd love
to do it in productive ones, as it works on redo, I'm guessing it
has no direct impact on the DB... is the source code available?
Thanks.
Alan.-
On Mon, Jun 28, 2010 at 9:50 PM, David Litchfield
<david@xxxxxxxxxxxxxxxxxxxx <mailto:david@xxxxxxxxxxxxxxxxxxxx>>
wrote:
Hey all,
As part of a larger project, I've written a small tool called
ddldump that parses Oracle redolog files and dumps any DDL
statements in an XML format. ddldump has been developed with
forensic investigations in mind but can of course be simply
used by DBAs to peruse the DDL in their logs. You can download
it from http://www.v3rity.com/ddldump.php
Cheers,
David Litchfield
v3rity Ltd
http://www.v3rity.com/
C:\app\david\oradata\orcl11g>ddldump REDO01.log ddl
<?xml version="1.0"?>
<LOG>
<FILENAME>REDO01.log</FILENAME>
<database_sid>ORCL11G</database_sid>
<version>11.1</version>
<ltimestamp>01/02/2010 15:26:02</ltimestamp>
<blocksize>512</blocksize>
<nab>234</nab>
<lowscn>3977649</lowscn>
<nextscn>3977776</nextscn>
<ENTRIES>
<ENTRY>
<TIMESTAMP>04/03/2010 01:16:34</TIMESTAMP>
<RDRCOFST>0x0001CB2C</RDRCOFST>
<CHVCOFST>0x0001CB5C</CHVCOFST>
<SESSION_USER>SYS</SESSION_USER>
<CURRENT_USER>SYS</CURRENT_USER>
<SQL_STATETMENT>create user hax0r identified by VALUES
'9A3502887F7210C4' </SQL_STATETMENT>
<SCHEMA>hax0r</SCHEMA>
<OBJECT></OBJECT>
</ENTRY>
</ENTRIES>
</LOG>
C:\>
RDRCOFST is the hexadecimal offset into the redolog file where
the redo entry containing the DDL statement can be found
CHVCOFST is the hexadecimal offset into the redolog file where
the change vector containing the DDL statement can be found
TIMESTAMP is the time and date when the redo entry was written
to the log file.
SESSION_USER is the user that is logged on and initiated the
DDL statement
CURRENT_USER is the user under whose authority the DDL
actually executes. If session_user and current_user are
different it could be indicitive of a SQL injection attack.
SQL_STATEMENT is the DDL that was executed.
SCHEMA, if present, is the schema upon which the DDL acts.
OBJECT, if present, is the object upon which the DDL acts.
--
//www.freelists.org/webpage/oracle-l
