Monday, November 7, 2022

Script to monitor ORA errors in alert log

By Gowthami | apps-dba.com | Oracle Database Administration Series

Monitoring the Oracle alert log for ORA- errors is a critical DBA responsibility. Catching errors early prevents minor issues from escalating into major outages. This post provides a shell script to automate alert log monitoring and send notifications when ORA- errors are detected.

What You Will Learn: How to write a shell script that scans the Oracle alert log for ORA- errors, logs findings, and sends email notifications to the DBA team.

Why Monitor the Alert Log?

The Oracle alert log records critical database events including:

  • ORA- errors (deadlocks, tablespace issues, corruption warnings)
  • Instance startup and shutdown events
  • Log switch and checkpoint information
  • Redo log and archive log events

Alert Log Location

Find the alert log location using SQL*Plus:

SQL> SELECT value FROM v$diag_info WHERE name = 'Diag Trace';

VALUE
------------------------------------------------------------
/u01/app/oracle/diag/rdbms/orcl/orcl/trace

The alert log file is named alert_<SID>.log in that directory.

The Monitoring Script

Save the following script as /home/oracle/scripts/monitor_alert_log.sh:

#!/bin/bash
# ============================================================
# Script  : monitor_alert_log.sh
# Purpose : Monitor Oracle alert log for ORA- errors
# Author  : apps-dba.com
# ============================================================

# Configuration
ORACLE_SID=ORCL
ALERT_LOG=/u01/app/oracle/diag/rdbms/orcl/orcl/trace/alert_ORCL.log
LOG_DIR=/home/oracle/scripts/logs
EMAIL=dba-team@yourcompany.com
HOSTNAME=$(hostname)

# Create log directory if not exists
mkdir -p $LOG_DIR

# Timestamp
TS=$(date '+%Y%m%d_%H%M%S')
OUTPUT_FILE=$LOG_DIR/ora_errors_$TS.log

# Check if alert log exists
if [ ! -f "$ALERT_LOG" ]; then
  echo "Alert log not found: $ALERT_LOG"
  exit 1
fi

# Get errors from last 60 minutes
CUTOFF=$(date -d '60 minutes ago' '+%Y-%m-%d %H:%M:%S')

# Search for ORA- errors
grep -E "ORA-[0-9]+" "$ALERT_LOG" > "$OUTPUT_FILE"

# Check if any errors were found
ERROR_COUNT=$(wc -l < "$OUTPUT_FILE")

if [ "$ERROR_COUNT" -gt 0 ]; then
  # Send email notification
  mail -s "[ALERT] ORA- Errors on $HOSTNAME ($ORACLE_SID)" "$EMAIL" << EOF
ORA- errors detected in alert log on $HOSTNAME.
Database SID: $ORACLE_SID
Time: $(date)
Error Count: $ERROR_COUNT

Errors Found:
$(cat $OUTPUT_FILE)

Please investigate immediately.
-- apps-dba.com monitoring script
EOF
  echo "Alert sent: $ERROR_COUNT ORA- errors found."
else
  echo "No ORA- errors found. Log check complete."
  rm -f "$OUTPUT_FILE"
fi

Make the Script Executable

$ chmod +x /home/oracle/scripts/monitor_alert_log.sh

Schedule with Cron

Run the script every 30 minutes using cron:

$ crontab -e

# Monitor Oracle alert log every 30 minutes
*/30 * * * * /home/oracle/scripts/monitor_alert_log.sh >> /home/oracle/scripts/logs/cron_monitor.log 2>&1

Common ORA- Errors to Watch

ORA ErrorDescriptionPriority
ORA-00060Deadlock detectedHigh
ORA-01555Snapshot too oldMedium
ORA-01653Unable to extend tablespaceHigh
ORA-27300OS system call errorHigh
ORA-00257Archiver error (archive full)Critical

Enhancements

  • Filter specific ORA errors you want to ignore (e.g., ORA-12541 in test environments)
  • Parse the log incrementally using a marker file to avoid re-reading old entries
  • Integrate with monitoring tools like Nagios, OEM, or PagerDuty

Master Oracle Exadata

This post is part of our Oracle Database Administration series. Get our comprehensive Exadata guide with architecture diagrams, performance tuning, and practical DBA scripts.

Get the Exadata PDF Guide

Saturday, November 5, 2022

Allow port in firewall - linux - OCI

By Gowthami | apps-dba.com | Oracle Cloud Infrastructure Series

When deploying Oracle Database or application servers on OCI Linux instances, opening the correct ports in both the OS firewall and OCI security lists is essential. This post covers how to allow ports through the Linux firewall (firewalld) and OCI network security rules.

What You Will Learn: How to open ports on OCI Linux instances using firewalld commands, and how to configure OCI Security Lists and Network Security Groups to allow inbound traffic.

Two Layers of Firewall on OCI

OCI Linux instances have two firewall layers that must both allow traffic:

  • OS-level firewall — firewalld (Oracle Linux / RHEL) or iptables
  • OCI network-level — Security Lists attached to subnets, or Network Security Groups (NSGs)

A common mistake is opening only one layer and wondering why connections still fail.

Step 1: Allow Port in Linux Firewall (firewalld)

Check if firewalld is running:

$ sudo systemctl status firewalld

Add a permanent rule to allow a specific port (example: TCP 1521 for Oracle listener):

$ sudo firewall-cmd --permanent --add-port=1521/tcp

Reload firewalld to apply the change:

$ sudo firewall-cmd --reload

Verify the port is allowed:

$ sudo firewall-cmd --list-ports

Common Ports to Open for Oracle DBAs

PortProtocolPurpose
1521TCPOracle SQL*Net listener
443TCPHTTPS / OCI Console
22TCPSSH access
8080TCPOracle APEX / EM Express
5500TCPOracle EM Express (19c+)
7001TCPWebLogic Admin Server

Step 2: Allow Port in OCI Security List

  1. Log in to OCI Console
  2. Navigate to Networking > Virtual Cloud Networks
  3. Select your VCN, then click on the relevant Subnet
  4. Click on the Security List attached to the subnet
  5. Click Add Ingress Rules
  6. Fill in:
    • Source CIDR: 0.0.0.0/0 (or restrict to specific IPs)
    • IP Protocol: TCP
    • Destination Port Range: 1521
  7. Click Add Ingress Rules to save

Step 2 (Alternative): Allow Port via Network Security Group

If using NSGs instead of Security Lists:

  1. Navigate to Networking > Network Security Groups
  2. Select the NSG attached to your instance VNIC
  3. Click Add Rules and configure an ingress rule for the port

Verify Connectivity

Test from a remote host using telnet or nc:

$ telnet <OCI_INSTANCE_PUBLIC_IP> 1521

# Or using netcat
$ nc -zv <OCI_INSTANCE_PUBLIC_IP> 1521

Troubleshooting

  • If port is still blocked after both steps, check if the Oracle listener is actually running: lsnrctl status
  • Verify the instance's VNIC is in the correct subnet with the right security list
  • Use sudo firewall-cmd --list-all to see all active firewalld rules
  • Check OCI VCN flow logs if available for dropped packets

Master Oracle Exadata

This post is part of our Oracle Cloud Infrastructure series. Get our comprehensive Exadata guide with cloud deployment patterns, networking guides, and performance tuning techniques.

Get the Exadata PDF Guide

Non-Equijoins and Self-Joins in Oracle SQL

Non-Equijoins and Self-Joins in Oracle SQL Non-Equijoins and Self-Joins in Oracle SQL: Complete Guide Most joins in SQL use the e...