romfast/ROMFASTSQL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6410339196ba17d2f119cad2d289466342b1dd4a
ROMFASTSQL/clienti/oracle-xe-21c/import/cleanup_audit.sql
Claude Agent 6410339196 feat(clienti): add Oracle XE PDB recreare scripts and audit cleanup 
- Complete PDB export/import workflow (16 scripts in clienti/oracle-xe-21c/import/)
- Recreare PDB script with step-by-step guide (recreare_pdb.sql)
- Universal audit cleanup script for Oracle XE 11g-21c (cleanup_audit.sql)
- Troubleshooting guide with all lessons learned (depanare-ora-12954-spatiu.md)
- Fixed: DIRECTORY grant syntax, DBMS_LOCK grant, remap_tablespace USERS:ROA,
  impdp quoted AS SYSDBA for Windows, AWR retention 8 days, datafile full path
- Updated roa-windows-setup docs with XE prevention steps and gotchas table

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 16:31:17 +00:00

413 lines
16 KiB
MySQL
Raw Blame History

-- ============================================================
-- CLEANUP & DISABLE AUDIT - Oracle XE 11g/12c/18c/21c
-- ============================================================
-- Compatibil cu: Oracle 11g XE, 12c, 18c XE, 21c XE
-- Compatibil cu: non-CDB si CDB/PDB
-- Scop: Curata audit trail din SYSAUX + dezactiveaza auditurile
-- Rulat ca: SYS AS SYSDBA
-- - non-CDB: sqlplus / as sysdba
-- - CDB/PDB: conectat la PDB (ALTER SESSION SET CONTAINER = XEPDB1)
-- ============================================================
--
-- IMPORTANT: Pe Oracle XE, audit-urile active umfla SYSAUX/AUDSYS
-- pana la limita de 12 GB si blocheaza baza cu ORA-12954.
-- Acest script:
-- 1. Detecteaza versiunea Oracle si tipul bazei (CDB/non-CDB)
-- 2. Dezactiveaza TOATE audit policies (unified + traditional)
-- 3. Curata audit trail-urile existente
-- 4. Configureaza auto-purge pentru siguranta
-- 5. Dezactiveaza auto tasks care umfla SYSAUX
-- 6. Verifica rezultatul
-- ============================================================
SET SERVEROUTPUT ON SIZE UNLIMITED
SET FEEDBACK OFF
SET VERIFY OFF
SPOOL cleanup_audit.log
DECLARE
v_version NUMBER;
v_full_ver VARCHAR2(100);
v_is_cdb VARCHAR2(3) := 'NO';
v_con_name VARCHAR2(128) := 'NON-CDB';
v_count NUMBER;
v_aud_size_mb NUMBER := 0;
v_sysaux_mb NUMBER := 0;
-- Helper: executa SQL si ignora erori
PROCEDURE exec_ignore(p_sql VARCHAR2) IS
BEGIN
EXECUTE IMMEDIATE p_sql;
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] ' || SUBSTR(SQLERRM, 1, 200));
END;
-- Helper: executa SQL cu output
PROCEDURE exec_log(p_sql VARCHAR2, p_desc VARCHAR2) IS
BEGIN
EXECUTE IMMEDIATE p_sql;
DBMS_OUTPUT.PUT_LINE(' [OK] ' || p_desc);
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] ' || p_desc || ' - ' || SUBSTR(SQLERRM, 1, 150));
END;
BEGIN
-- =========================================================
-- DETECTIE VERSIUNE SI TIP BAZA
-- =========================================================
-- version_full exista doar pe 18c+, version exista pe toate
BEGIN
EXECUTE IMMEDIATE 'SELECT version_full FROM v$instance' INTO v_full_ver;
EXCEPTION WHEN OTHERS THEN
SELECT version INTO v_full_ver FROM v$instance;
END;
v_version := TO_NUMBER(SUBSTR(v_full_ver, 1, INSTR(v_full_ver, '.') - 1));
DBMS_OUTPUT.PUT_LINE('============================================================');
DBMS_OUTPUT.PUT_LINE(' CLEANUP AUDIT - Oracle ' || v_full_ver);
DBMS_OUTPUT.PUT_LINE('============================================================');
-- Detectie CDB (12c+)
IF v_version >= 12 THEN
BEGIN
EXECUTE IMMEDIATE 'SELECT CDB FROM V$DATABASE' INTO v_is_cdb;
EXCEPTION WHEN OTHERS THEN
v_is_cdb := 'NO';
END;
IF v_is_cdb = 'YES' THEN
EXECUTE IMMEDIATE 'SELECT SYS_CONTEXT(''USERENV'', ''CON_NAME'') FROM DUAL' INTO v_con_name;
END IF;
END IF;
DBMS_OUTPUT.PUT_LINE(' Versiune: ' || v_version || ' | CDB: ' || v_is_cdb || ' | Container: ' || v_con_name);
-- Warning daca suntem pe CDB$ROOT
IF v_con_name = 'CDB$ROOT' AND v_is_cdb = 'YES' THEN
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE(' !!! ATENTIE: Esti conectat la CDB$ROOT !!!');
DBMS_OUTPUT.PUT_LINE(' !!! Ruleaza scriptul si pe fiecare PDB: !!!');
DBMS_OUTPUT.PUT_LINE(' !!! ALTER SESSION SET CONTAINER = XEPDB1; !!!');
DBMS_OUTPUT.PUT_LINE(' !!! @cleanup_audit.sql !!!');
DBMS_OUTPUT.PUT_LINE(' ');
END IF;
-- Spatiu SYSAUX inainte
SELECT ROUND(SUM(bytes)/1024/1024)
INTO v_sysaux_mb
FROM dba_segments
WHERE tablespace_name = 'SYSAUX';
DBMS_OUTPUT.PUT_LINE(' SYSAUX segmente inainte: ' || v_sysaux_mb || ' MB');
DBMS_OUTPUT.PUT_LINE('------------------------------------------------------------');
-- =========================================================
-- PASUL 1: DEZACTIVARE UNIFIED AUDIT POLICIES (12c+)
-- =========================================================
IF v_version >= 12 THEN
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 1] Dezactivare unified audit policies...');
-- Dezactiveaza toate politicile active
FOR rec IN (
SELECT DISTINCT policy_name
FROM audit_unified_enabled_policies
) LOOP
exec_log('NOAUDIT POLICY ' || rec.policy_name, 'NOAUDIT POLICY ' || rec.policy_name);
END LOOP;
-- Verifica
SELECT COUNT(*) INTO v_count FROM audit_unified_enabled_policies;
IF v_count = 0 THEN
DBMS_OUTPUT.PUT_LINE(' [OK] Toate politicile unified audit dezactivate');
ELSE
DBMS_OUTPUT.PUT_LINE(' [WARN] Inca ' || v_count || ' politici active!');
END IF;
ELSE
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 1] Oracle ' || v_version || ' - nu are unified audit, skip');
END IF;
-- =========================================================
-- PASUL 2: DEZACTIVARE TRADITIONAL AUDIT (11g-21c)
-- =========================================================
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 2] Dezactivare traditional audit...');
exec_log('NOAUDIT ALL', 'NOAUDIT ALL');
exec_log('NOAUDIT ALL PRIVILEGES', 'NOAUDIT ALL PRIVILEGES');
-- Dezactiveaza audituri per-user
FOR rec IN (
SELECT DISTINCT user_name
FROM dba_stmt_audit_opts
WHERE user_name IS NOT NULL
) LOOP
exec_log('NOAUDIT ALL BY ' || rec.user_name, 'NOAUDIT ALL BY ' || rec.user_name);
END LOOP;
-- Dezactiveaza audituri pe obiecte
FOR rec IN (
SELECT owner, object_name, object_type
FROM dba_obj_audit_opts
WHERE alt != '-/-' OR aud != '-/-' OR com != '-/-'
OR del != '-/-' OR gra != '-/-' OR ind != '-/-'
OR ins != '-/-' OR loc != '-/-' OR ren != '-/-'
OR sel != '-/-' OR upd != '-/-' OR exe != '-/-'
) LOOP
BEGIN
EXECUTE IMMEDIATE 'NOAUDIT ALL ON ' || rec.owner || '.' || rec.object_name;
DBMS_OUTPUT.PUT_LINE(' [OK] NOAUDIT ALL ON ' || rec.owner || '.' || rec.object_name);
EXCEPTION WHEN OTHERS THEN NULL;
END;
END LOOP;
-- =========================================================
-- PASUL 3: CLEANUP UNIFIED AUDIT TRAIL (12c+)
-- =========================================================
IF v_version >= 12 THEN
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 3] Cleanup unified audit trail...');
-- Dimensiune audit trail
BEGIN
EXECUTE IMMEDIATE 'SELECT COUNT(*) FROM unified_audit_trail' INTO v_count;
DBMS_OUTPUT.PUT_LINE(' Inregistrari in unified_audit_trail: ' || v_count);
EXCEPTION WHEN OTHERS THEN
v_count := 0;
END;
IF v_count > 0 THEN
-- Seteaza timestamp de arhivare in trecut (permite stergerea tuturor)
BEGIN
DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,
last_archive_time => SYSTIMESTAMP + INTERVAL '1' DAY
);
DBMS_OUTPUT.PUT_LINE(' [OK] Archive timestamp setat');
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] Archive timestamp: ' || SUBSTR(SQLERRM, 1, 150));
END;
-- Curata trail-ul
BEGIN
DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,
use_last_arch_timestamp => TRUE
);
DBMS_OUTPUT.PUT_LINE(' [OK] Unified audit trail curatat');
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [FAIL] Cleanup unified: ' || SUBSTR(SQLERRM, 1, 150));
DBMS_OUTPUT.PUT_LINE(' [INFO] Daca ORA-12954, curata mai intai SQL Tuning Sets (vezi Pasul 5)');
DBMS_OUTPUT.PUT_LINE(' [INFO] Apoi reruleaza acest script');
END;
-- Verifica cate au ramas
BEGIN
EXECUTE IMMEDIATE 'SELECT COUNT(*) FROM unified_audit_trail' INTO v_count;
DBMS_OUTPUT.PUT_LINE(' Inregistrari ramase: ' || v_count);
EXCEPTION WHEN OTHERS THEN NULL;
END;
ELSE
DBMS_OUTPUT.PUT_LINE(' [OK] Unified audit trail gol, nimic de curatat');
END IF;
END IF;
-- =========================================================
-- PASUL 4: CLEANUP TRADITIONAL AUDIT TRAIL (AUD$)
-- =========================================================
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 4] Cleanup traditional audit trail (AUD$)...');
-- Dimensiune AUD$
BEGIN
SELECT COUNT(*) INTO v_count FROM sys.aud$;
DBMS_OUTPUT.PUT_LINE(' Inregistrari in AUD$: ' || v_count);
EXCEPTION WHEN OTHERS THEN
v_count := 0;
DBMS_OUTPUT.PUT_LINE(' [SKIP] AUD$ nu exista sau nu e accesibil');
END;
IF v_count > 0 THEN
-- Curata via DBMS_AUDIT_MGMT
BEGIN
DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
last_archive_time => SYSTIMESTAMP + INTERVAL '1' DAY
);
DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
use_last_arch_timestamp => TRUE
);
DBMS_OUTPUT.PUT_LINE(' [OK] AUD$ curatat via DBMS_AUDIT_MGMT');
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] DBMS_AUDIT_MGMT: ' || SUBSTR(SQLERRM, 1, 150));
-- Fallback: TRUNCATE direct
BEGIN
EXECUTE IMMEDIATE 'TRUNCATE TABLE sys.aud$';
DBMS_OUTPUT.PUT_LINE(' [OK] AUD$ curatat via TRUNCATE');
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [FAIL] TRUNCATE AUD$: ' || SUBSTR(SQLERRM, 1, 150));
END;
END;
END IF;
-- Curata FGA_LOG$ (Fine-Grained Audit)
BEGIN
SELECT COUNT(*) INTO v_count FROM sys.fga_log$;
IF v_count > 0 THEN
DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD,
use_last_arch_timestamp => FALSE
);
DBMS_OUTPUT.PUT_LINE(' [OK] FGA_LOG$ curatat (' || v_count || ' inregistrari)');
END IF;
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] FGA_LOG$: ' || SUBSTR(SQLERRM, 1, 150));
END;
-- =========================================================
-- PASUL 5: CLEANUP SQL TUNING SETS (SYSAUX - cel mai mare vinovat)
-- =========================================================
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 5] Cleanup SQL Tuning Sets din SYSAUX...');
-- Drop SQL Tuning Sets
FOR rec IN (SELECT name, owner FROM dba_sqlset) LOOP
BEGIN
DBMS_SQLTUNE.DROP_SQLSET(rec.name, rec.owner);
DBMS_OUTPUT.PUT_LINE(' [OK] Drop SQLSET: ' || rec.owner || '.' || rec.name);
EXCEPTION WHEN OTHERS THEN NULL;
END;
END LOOP;
-- TRUNCATE tabelele daca DROP nu a eliberat spatiul
exec_log('TRUNCATE TABLE sys.wri$_sqlset_plan_lines', 'TRUNCATE wri$_sqlset_plan_lines');
exec_log('TRUNCATE TABLE sys.wri$_sqlset_plans', 'TRUNCATE wri$_sqlset_plans');
exec_log('TRUNCATE TABLE sys.wri$_sqlset_statistics', 'TRUNCATE wri$_sqlset_statistics');
exec_log('TRUNCATE TABLE sys.wri$_sqlset_statements', 'TRUNCATE wri$_sqlset_statements');
exec_log('TRUNCATE TABLE sys.wri$_sqlset_references', 'TRUNCATE wri$_sqlset_references');
exec_log('TRUNCATE TABLE sys.wri$_sqlset_definitions', 'TRUNCATE wri$_sqlset_definitions');
-- Cleanup advisor tasks + stats
exec_log('BEGIN DBMS_ADVISOR.DELETE_EXPIRED_TASKS; END;', 'Delete expired advisor tasks');
exec_log('BEGIN DBMS_STATS.PURGE_STATS(SYSDATE - 7); END;', 'Purge stats older than 7 days');
exec_log('PURGE DBA_RECYCLEBIN', 'Purge recyclebin');
-- =========================================================
-- PASUL 6: DEZACTIVARE AUTO TASKS
-- =========================================================
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 6] Dezactivare auto tasks...');
BEGIN
DBMS_AUTO_TASK_ADMIN.DISABLE(
client_name => 'sql tuning advisor',
operation => NULL,
window_name => NULL
);
DBMS_OUTPUT.PUT_LINE(' [OK] sql tuning advisor DISABLED');
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] sql tuning advisor: ' || SUBSTR(SQLERRM, 1, 150));
END;
BEGIN
DBMS_AUTO_TASK_ADMIN.DISABLE(
client_name => 'auto space advisor',
operation => NULL,
window_name => NULL
);
DBMS_OUTPUT.PUT_LINE(' [OK] auto space advisor DISABLED');
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] auto space advisor: ' || SUBSTR(SQLERRM, 1, 150));
END;
-- =========================================================
-- PASUL 7: AWR RETENTION + STATS RETENTION
-- =========================================================
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 7] Configurare AWR retention...');
-- Incearca 8 zile (min moving window baseline)
BEGIN
DBMS_WORKLOAD_REPOSITORY.MODIFY_SNAPSHOT_SETTINGS(
retention => 8 * 24 * 60,
interval => 60
);
DBMS_OUTPUT.PUT_LINE(' [OK] AWR retention = 8 zile, interval = 60 min');
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] AWR: ' || SUBSTR(SQLERRM, 1, 150));
END;
BEGIN
DBMS_STATS.ALTER_STATS_HISTORY_RETENTION(7);
DBMS_OUTPUT.PUT_LINE(' [OK] Stats history retention = 7 zile');
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' [SKIP] Stats retention: ' || SUBSTR(SQLERRM, 1, 150));
END;
-- =========================================================
-- PASUL 8: GRANT DBMS_LOCK (necesar pt PACK_UTILS_FILE)
-- =========================================================
IF v_version >= 12 THEN
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('[PASUL 8] Grant DBMS_LOCK...');
exec_log('GRANT EXECUTE ON SYS.DBMS_LOCK TO CONTAFIN_ORACLE', 'GRANT DBMS_LOCK TO CONTAFIN_ORACLE');
END IF;
-- =========================================================
-- VERIFICARE FINALA
-- =========================================================
DBMS_OUTPUT.PUT_LINE(' ');
DBMS_OUTPUT.PUT_LINE('============================================================');
DBMS_OUTPUT.PUT_LINE(' VERIFICARE FINALA');
DBMS_OUTPUT.PUT_LINE('============================================================');
-- SYSAUX dupa
SELECT ROUND(SUM(bytes)/1024/1024)
INTO v_sysaux_mb
FROM dba_segments
WHERE tablespace_name = 'SYSAUX';
DBMS_OUTPUT.PUT_LINE(' SYSAUX segmente dupa: ' || v_sysaux_mb || ' MB');
-- Audit policies (12c+)
IF v_version >= 12 THEN
SELECT COUNT(*) INTO v_count FROM audit_unified_enabled_policies;
IF v_count = 0 THEN
DBMS_OUTPUT.PUT_LINE(' Unified audit policies: NONE (OK)');
ELSE
DBMS_OUTPUT.PUT_LINE(' Unified audit policies: ' || v_count || ' ACTIVE (WARN!)');
END IF;
END IF;
-- Traditional audit
BEGIN
SELECT COUNT(*) INTO v_count FROM dba_stmt_audit_opts;
DBMS_OUTPUT.PUT_LINE(' Traditional audit opts: ' || v_count);
EXCEPTION WHEN OTHERS THEN NULL;
END;
-- Auto tasks
DBMS_OUTPUT.PUT_LINE(' Auto tasks:');
FOR rec IN (SELECT client_name, status FROM dba_autotask_client) LOOP
DBMS_OUTPUT.PUT_LINE(' ' || RPAD(rec.client_name, 45) || rec.status);
END LOOP;
-- Total alocat
BEGIN
SELECT ROUND(SUM(bytes)/1024/1024) INTO v_sysaux_mb FROM dba_data_files;
DBMS_OUTPUT.PUT_LINE(' Total datafiles: ' || v_sysaux_mb || ' MB / 12288 MB (XE limit)');
EXCEPTION WHEN OTHERS THEN NULL;
END;
DBMS_OUTPUT.PUT_LINE('============================================================');
DBMS_OUTPUT.PUT_LINE(' CLEANUP COMPLET!');
DBMS_OUTPUT.PUT_LINE('============================================================');
END;
/
SPOOL OFF
Reference in New Issue View Git Blame Copy Permalink