解决方法之ora-28056: Writing audit records to Windows Event Log failed

最新推荐文章于 2024-05-28 14:33:40 发布
原创 最新推荐文章于 2024-05-28 14:33:40 发布 · 2.6k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

当尝试登录Oracle 11g SQL*Plus或使用RMAN时遇到ORA-28056错误,表明审计记录无法写入Windows事件日志。解决方案包括清理事件日志、禁用并重新启用Event Log服务,以及增加事件日志文件大小。通过这些步骤,可以成功解决由于日志文件满导致的问题。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

本人遇到的问题背景:

sqlplus  /  as  sysdba登录时,出现以下提示:


ORA-28056: Writing audit records to Windows Event Log failed

OSD-00004: additional error information

O/S-Error: (OS 1502) The event log file is full.

ORA-01075: you are currently logged on

=====================================================

ora-28056: Writing audit records to Windows Event Log failed

Share
digg

Windows üzerinde bir database’ de, rman’ e bağlanıp işlem yapmaya çalışırken aşağıdaki gibi bir hata ile karşılaştığınızda;

C:\Documents and Settings\oracle>rman target /
Recovery Manager: Release 11.2.0.1.0 – Production on Sat Dec 3 12:46:26 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: TEST (DBID=2062181648)

RMAN> delete archivelog all;
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=75 device type=DISK

ORACLE error from target database:
ORA-28056: Writing audit records to Windows Event Log failed
OSD-804943320: Message 804943320 not found; product=RDBMS; facility=SOSD

O/S-Error: (OS 1502) The event log file is full.

RMAN-06900: WARNING: unable to generate V$RMAN_STATUS or V$RMAN_OUTPUT row
RMAN-06901: WARNING: disabling update of the V$RMAN_STATUS and V$RMAN_OUTPUT rows
ORACLE error from target database:
ORA-28056: Writing audit records to Windows Event Log failed
OSD-804943320: Message 804943320 not found; product=RDBMS; facility=SOSD

O/S-Error: (OS 1502) The event log file is full.

RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of delete command at 12/03/2011 12:46:34
ORA-28056: Writing audit records to Windows Event Log failed
OSD-804943320: Message 804943320 not found; product=RDBMS; facility=SOSD

O/S-Error: (OS 1502) The event log file is full.

Windows üzerinde evenlog larla bir problem olduğunu tahmin ediyor oluruz diye düşünüyorum:) Bundan sonrasında sorunu düzeltmek adına neler yapabileceğimize gelince sırası ile açıklamaya çalışalım;

İlk iş olarak, event log file is full mesajından hareketle windows daki evenlog’ ları siliyoruz.
Bunun için ;

Control Panel->Administrative Tools->Event Viewer-> Eventların üzerinde sağ click ile Clear All Events diyoruz.

Tekrar kontrol ettiğimizde;

C:\Documents and Settings\oracle>rman target /
Recovery Manager: Release 11.2.0.1.0 – Production on Sat Dec 3 12:53:46 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.

RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04005: error from target database:
ORA-28056: Writing audit records to Windows Event Log failed

Ikinci olarak bir adım öteye geçip event log processesini disable etmeyi deniyorum. (Sonrasında bunu tekrar enable etmeyi unutmayın)

Service’ lerden Event log servisine çift tıklayıp statüsünü disabled olarak seçiyorum ve tekrar kontrol ediyorum ;

C:\Documents and Settings\oracle>rman target /
Recovery Manager: Release 11.2.0.1.0 – Production on Sat Dec 3 12:53:46 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.

RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04005: error from target database:
ORA-28056: Writing audit records to Windows Event Log failed

Problem devam ediyor, sqlplus dan sisteme connect olmayı denediğimde;

C:\Documents and Settings\oracle>sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Sat Dec 3 13:23:27 2011
Copyright (c) 1982, 2010, Oracle. All rights reserved.

ERROR:
ORA-28056: Writing audit records to Windows Event Log failed
OSD-00004: additional error information
O/S-Error: (OS 1502) The event log file is full.
ORA-01075: you are currently logged on

Enter user-name: sys as sysdba
Enter password:
ERROR:
ORA-28056: Writing audit records to Windows Event Log failed
OSD-00004: additional error information
O/S-Error: (OS 1502) The event log file is full.
ORA-01075: you are currently logged on

Burada da benzer hatalar almaya devam ediyorum.

Üçüncü olarak, aslında bu ilk denemem nokta olması gerekirken sizlerin böyle bir hata karşısında farklı case’ lerle karşılaşma ihtimalinize karşın bu gibi bir hata karşısında yapılabilecek tüm kontrolleri göstermek idi. Şimdi event log file’ lerin size’ ını artırarak (log file’ in dolma ihtimaline karşın) denemeye devam edelim.

Control Panel->Administrative Tools->Event Viewer-> Eventların üzerinde sağ click ile Properties’ ine girdiğimizde aşağıdaki gibi ekran geliyor olacak. Bu ekrandan Maximum Log File size’ ını artırıp çıkıyoruz.

Tekrar deniyoruz ;

C:\Documents and Settings\oracle>sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Sat Dec 3 13:30:27 2011
Copyright (c) 1982, 2010, Oracle. All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

Sqlplus’ dan bağlanabildik. Rman’ e bakıyoruz;

C:\Documents and Settings\oracle>rman target /
Recovery Manager: Release 11.2.0.1.0 – Production on Sat Dec 3 13:32:10 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: TEST (DBID=2062181648)

RMAN>

Rman’ de ok, Problem giderildi. Kimi şirketler de (eskiye nazaran ciddi bir düşüş olsada) windows üzerinde çalışan oracle database’ leri mevcut olduğundan dolayı benzer hatalarla karşılaşabilirsiniz. Umarım faydalı olmuştur.

- See more at: http://www.kamilturkyilmaz.com/2011/12/03/ora-28056-writing-audit-records-to-windows-event-log-failed/#sthash.PpO5Pw6Z.dpuf

ora-28056: Writing audit records to Windows Event Log failed

Share
digg

Windows üzerinde bir database’ de, rman’ e bağlanıp işlem yapmaya çalışırken aşağıdaki gibi bir hata ile karşılaştığınızda;

C:\Documents and Settings\oracle>rman target /
Recovery Manager: Release 11.2.0.1.0 – Production on Sat Dec 3 12:46:26 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: TEST (DBID=2062181648)

RMAN> delete archivelog all;
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=75 device type=DISK

ORACLE error from target database:
ORA-28056: Writing audit records to Windows Event Log failed
OSD-804943320: Message 804943320 not found; product=RDBMS; facility=SOSD

O/S-Error: (OS 1502) The event log file is full.

RMAN-06900: WARNING: unable to generate V$RMAN_STATUS or V$RMAN_OUTPUT row
RMAN-06901: WARNING: disabling update of the V$RMAN_STATUS and V$RMAN_OUTPUT rows
ORACLE error from target database:
ORA-28056: Writing audit records to Windows Event Log failed
OSD-804943320: Message 804943320 not found; product=RDBMS; facility=SOSD

O/S-Error: (OS 1502) The event log file is full.

RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of delete command at 12/03/2011 12:46:34
ORA-28056: Writing audit records to Windows Event Log failed
OSD-804943320: Message 804943320 not found; product=RDBMS; facility=SOSD

O/S-Error: (OS 1502) The event log file is full.

Windows üzerinde evenlog larla bir problem olduğunu tahmin ediyor oluruz diye düşünüyorum:) Bundan sonrasında sorunu düzeltmek adına neler yapabileceğimize gelince sırası ile açıklamaya çalışalım;

İlk iş olarak, event log file is full mesajından hareketle windows daki evenlog’ ları siliyoruz.
Bunun için ;

Control Panel->Administrative Tools->Event Viewer-> Eventların üzerinde sağ click ile Clear All Events diyoruz.

最低0.47元/天 解锁文章

200万优质内容无限畅学
ORA-08103报错:expdp提示ORA-08103: object no longer exists,表存在,正常查询,如何解决
**My Coding Family**
01-22 1377
🏆本文收录于专栏,主要记录项目实战过程中所遇到的Bug或因后果及提供真实有效的解决方案,希望能够助你一臂之力,帮你早日登顶实现财富自由🚀;同时,欢迎大家!持续更新中,up!up!up!!
oracle ora 01152,standby database ope时,提示ORA-10458: ORA-01152: ORA-01110:
weixin_32656511的博客
04-10 1636
在配置完standby database,完成数据库同步时,将standby database切换到open状态时,提示下面的的错误SQL> select open_mode from v$database;OPEN_MODE--------------------MOUNTEDSQL> alter database open;alter database open*ERROR at ...
Oracle:ORA-28056: Writing audit records to Windows Event Log failed
ImKing
01-27 8593
出现此错误的原因是系统的日志记录存放满了,新的日志记录写不进去了,所以报错!
ORA-28056: Writing audit records to Windows Event Log failed
小白编程
01-05 205
C:\>sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on 星期四 1月 5 13:55:44 2012 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-28056: Writing audit records to Windo...
ORA-28056: Writing audit records to Windows Event Log failed 解决
gahaya的专栏
11-01 602
今天在TOAD里删除了一个作废的用户 结果登陆时报ORA-28056: Writing audit records to Windows Event Log failed异常 C:\Documents and Settings\Administrator>sqlplus /nolog SQL*Plus: Release 11.2.0.2.0 Production on Thu Nov 1
ORA-28056 Writing audit records to Windows Event Log failed
qq961573863的博客
04-19 1014
C:\Documents and Settings\Administrator>set ORACLE_SID=orcl C:\Documents and Settings\Administrator>sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on 星期一 8月 23 08:19:34 2010 Copyrig...
ORA-28056:Writing audit records to Windows EventLog failed的问题
无心人的终点
05-08 875
ORA-28056:Writing audit records to Windows EventLog failed的问题   安装Oracle的时候提示ORA-28056:Writing audit records to Windows EventLog failed   connect / sysdba的时候提示 ORA-28056:Writing audit records to W
ORA-27041: redo文件 unable to open file处理
kevinyu998的博客
05-28 1079
本以为是审计日志*.aud导致的,通过查看发现alert_orcl.log特别的大,98G大小了,查看日志最后信息如下。现场项目经理反馈有个测试环境的u01满,赶紧回电脑边查看。2、删除redo02重新新建redo02。1、直接修改属组并切换日志不生效。
ORA-28056: Writing audit records to Windows Event Log failed解决办法
yangchengsong的专栏
03-05 1523
一般遇到这个问题,很大可能就是非正常关机,或者非正常停止oracle数据库,解决办法如下: 1.开始-cmd进入dos窗口,然后输入sqlplus/nolog,正常sql*plus的信息; 2.接下来输入connect/as sysdba 如果出现已连接到空闲例程。说明正常可以进行下一步,如果出现ORA-28056: Writing audit records to Windows Event
解决ORA-28056:Writing audit records to Windows EventLog failed的问
wozengcong的专栏
08-01 1087
今天在安装oracle时,到最后一步会出现了ORA-28056:Writing audit records to Windows EventLog failed的问题。     于是找啊找,找啊找,终于找于方法了。先中止掉它,然后点击“我的电脑”》“管理”》“事件查看器” 在右过的框里选一个,右键,然后点击“清除所有事件”,再回到安装界面上,点击“重试”。世界又是一片美好!!!     如果
Windows版本Oracle审计日志,【情报】Oracle ORA-28056: 未能将审计记录写入 Windows 事件日志...
weixin_33344952的博客
04-03 462
今日创建新数据库时一直提示,写入auditWindows事件日志失败(Writing audit records to Windows Event Logfailed),一路忽略,算是创建完成。连接时又出现如下错误:ERROR:ORA-28056: 未能将审计记录写入 Windows 事件日志后来清理了事件查看器(运行 - eventvwr)里的应用程序下的记录(清理前可导出备份),可以正常登陆...
ORA-28056:Writing audit records to Windows EventLog failed
aoc212的专栏
10-16 536
sqlplus / as sysdba的时候 提示ORA-28056:Writing audit records to Windows EventLog failed 提示 ORA-28056:Writing audit records to Windows EventLog failed 解决办法 右键“我的电脑”--‘管理’--事件查看器--点击左边的日志(应用程序日志、安全日志、系统
Writing audit records to Windows Event Log failed
iamzj85的专栏
02-06 507
C:\Documents and Settings\Administrator>sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on 星期一 8月 23 08:19:34 2010 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: O
ORA-28056: Writing audit records to Windows Event Log failed.
IT民工家园
04-19 136
1、点击“开始→运行”,输入eventvwr,点击“确定” 2、清空事件
Caused by: java.sql.SQLException: ORA-00604: error occurred at recursive SQL level 1 ORA-01653: unable to extend table SYS.AUD$ by 8192 in tablespace SYSTEM ORA-02002: error while writing to audit trail ORA-00604: error occurred at recursive SQL level 1 ORA-01653: unable to extend table SYS.AUD$ by 8192 in tablespace SYSTEM
最新发布
08-08
<think>嗯,用户遇到了Oracle数据库的错误,具体是ORA-00604、ORA-01653和ORA-02002的组合报错。从错误信息看,核心问题是SYSTEM表空间不足导致审计表SYS.AUD$无法扩展。用户可能正在尝试登录数据库时遇到这个错误,显得比较着急,毕竟这会影响正常使用。 用户提供的引用信息很有价值。引用[3]提到Oracle 11g默认关闭审计,但用户显然开启了审计功能,导致审计记录大量占用SYSTEM表空间。引用[4]给出了查询表空间使用率的SQL,这对诊断很有帮助。引用[2]和[5]则分别提供了两种解决方案:增加数据文件或关闭审计/迁移审计表。 用户可能更关心如何快速恢复数据库可用性,同时兼顾安全性考虑。考虑到审计功能的重要性,直接关闭审计可能不是最佳选择,除非是紧急恢复场景。应该优先推荐增加数据文件的方法,同时考虑长期维护方案。 需要特别注意两点:一是SYSTEM表空间存放核心数据字典,操作需谨慎;二是审计记录如果不再需要,可以定期清理。引用[5]提到的迁移审计表方案虽然彻底,但涉及修改数据字典,风险较高,只应作为最后手段。 在回复中应该强调操作顺序:先确保数据库能登录(可能需要立即增加表空间),再考虑后续优化。对于生产环境,建议用户联系DBA操作,因为某些步骤需要sysdba权限。</think>针对Oracle数据库错误"ORA-00604: recursive SQL error"、"ORA-01653: unable to extend table SYS.AUD$"和"ORA-02002: audit trail write error",根本原因是**SYSTEM表空间不足导致审计表无法写入**。以下是系统化解决方案: --- ### 一、紧急恢复步骤(立即释放空间) 1. **临时关闭审计功能**(快速恢复服务) ```sql ALTER SYSTEM SET audit_trail=NONE SCOPE=SPFILE; SHUTDOWN IMMEDIATE; STARTUP; ``` > 此操作会停止审计记录写入,但审计数据保留在SYS.AUD$表中[^3][^5] 2. **清理历史审计数据**(需重启后操作) ```sql TRUNCATE TABLE SYS.AUD$; ``` --- ### 二、根本解决方案(彻底解决问题) #### 方案1:扩展SYSTEM表空间(推荐) 1. 查询表空间使用率: ```sql SELECT a.tablespace_name, round((a.bytes-b.bytes)/a.bytes*100,2) "使用率(%)" FROM (SELECT tablespace_name, SUM(bytes) bytes FROM dba_data_files GROUP BY tablespace_name) a, (SELECT tablespace_name, SUM(bytes) bytes FROM dba_free_space GROUP BY tablespace_name) b WHERE a.tablespace_name=b.tablespace_name; ``` 2. 添加数据文件(示例): ```sql ALTER TABLESPACE SYSTEM ADD DATAFILE '/oradata/ORCL/system02.dbf' SIZE 2G AUTOEXTEND ON NEXT 1G MAXSIZE 30G; ``` > 路径和大小需根据实际存储调整[^2][^4] #### 方案2:迁移审计表(长期优化) ```sql -- 创建专用表空间 CREATE TABLESPACE audit_ts DATAFILE '/oradata/ORCL/audit01.dbf' SIZE 10G; -- 迁移审计表 ALTER TABLE SYS.AUD$ MOVE TABLESPACE audit_ts; -- 重建索引 ALTER INDEX SYS.I_AUD1 REBUILD TABLESPACE audit_ts; ``` #### 方案3:配置自动清理(预防措施) ```sql -- 启用审计自动清理 BEGIN DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, last_archive_time => SYSTIMESTAMP-30); END; / -- 创建清理任务 DBMS_AUDIT_MGMT.CREATE_PURGE_TASK( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL, task_name => 'Audit_Cleanup'); ``` --- ### 三、关键配置建议 1. **审计策略优化** ```sql -- 仅审计关键操作 AUDIT SELECT TABLE, UPDATE TABLE BY ACCESS; ``` 2. **定期维护脚本** ```sql -- 每月清理90天前审计数据 BEGIN DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, last_archive_time => SYSTIMESTAMP-90); DBMS_AUDIT_MGMT.RUN_PURGE_TASK('Audit_Cleanup'); END; ``` --- ### 问题根源分析 此错误通常由以下原因导致: 1. 审计功能开启后未维护,`SYS.AUD$`表持续增长[^3] 2. SYSTEM表空间未启用自动扩展或磁盘空间不足[^1] 3. 审计日志保留策略缺失,导致历史数据堆积[^5] > 📌 **重要提示**:生产环境操作前务必备份数据,扩展表空间需评估存储容量,迁移系统表建议在Oracle技术支持指导下进行。 ---
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值