Share this
SYSQL: SysAdmin Query Language
by Jared Still on Jul 20, 2021 12:00:00 AM
What is SYSQL?
Recently Tanel Poder and I were discussing the use of Linux command pipelines for data analysis, and were wondering what to call that process.
We debated a few names, until we came to SYSQL: SysAdmin Query Language.
We liked the name, and it stuck. So SYSQL is what I’m calling the use of Linux command pipelines for data analysis.
After some time working on Linux and other Unix-based systems, most folks will become familiar with command line pipelines. Sometimes this may also be referred to as “chaining” commands.
A pipeline is nothing more than piping the output of one command to the input of another program, using the pipeline operator: |.
If you’d like to learn how to use the simple concept of command pipelines to perform some surprisingly complex data analysis, this is the post for you.
Let’s start with some simple examples.
For instance, counting the number of processes started by the grid user on a remote server:
$ ssh oracle@orasrvr ps -ugrid | wc -l 59
We can easily extend the pipeline to run through several commands, getting just the data we want.
The following command gets all the unique process names started by the grid user on orasrvr:
$ ssh oracle@orasrvr ps -ugrid | tail -n +2 | awk '{ print $NF }' | sort -u asm_asmb_+asm1 asm_ckpt_+asm1 asm_clmn_+asm1 ... oracle_29995_+a oracle_30009_+a scriptagent.bin tnslsnr
In the same manner, we can use command pipelines for ad hoc data analysis on log files, trace files and most any other text-based file.
In each of these examples, we could use some quoting to reduce the network traffic, as ssh is sending the data back to the local machine to be processed by tail, awk, etc.
Here are the commands quoted so that all runs remotely. Something to keep in mind is that there may be extra processes appearing in the output when the logon user and the target user are the same, as the ssh login and the command being run will both appear to ps.
In this case, the logon user is oracle, and the target user is grid, so the output doesn’t differ from the previous examples.
$ ssh oracle@ora192rac01 "ps -ugrid | wc -l" 60 $ ssh oracle@ora192rac01 "ps -ugrid | tail -n +2 | awk '{ print \$NF }' | sort -u" asm_asmb_+asm1 asm_ckpt_+asm1 ... scriptagent.bin tnslsnr
If the target and logon user are both oracle, the extra processes will appear:
$ ssh oracle@orasrvr ps -uoracle | wc -l 120 $ ssh oracle@orasrvr 'ps -uoracle | wc -l' 122
Tools of the trade
I’m going to assume you have some familiarity with the tools used here.
This won’t be a tutorial on their use, but rather, I’ll provide some examples on how you may expand on the use of these tools (for those of you not already doing so, that is).
Following are some, if not most of the tools you can use for command line analysis of files.
grep
The name of the grep command is an acronym of sorts. It stands for “globally search for regular expressions and print.”
tail
The tail command is used to display only a set number of lines from the end of its input.
head
The head command displays only a set number of lines from the beginning of a file.
sed
The sed command is a stream editor.
sed uses regular expressions to include, exclude and transform data in a stream.
cut
The cut command is used to select columns from a line, based on a delimiting character.
$ echo get,just,the,fourth,word | cut -d, -f4 fourth $ echo get just the fourth word | cut -d' ' -f4 fourth
awk
The awk command takes its name from the authors: Alfred Aho, Peter Weinberger and Brian Kernighan.
awk is a programming language designed to work on data. Its use has been somewhat supplanted in recent years by Perl, Python and even advanced Bash features.
Even so, awk is still quite useful at times, as it was designed for ease of use in command pipelines.
A common use of awk is to cut columns from a line of text, similar to cut.
There are a few additional things awk can do.
The following example gets just the fourth word, as well as printing the number of words there are in total:
$ echo get just the fourth word | awk '{ print "fourth word: " , $4, " - number of words: ", NF }' fourth word: fourth - number of words: 5
The built-in variable NF refers to the number of fields in the line.
When prefaced with “$,” it will return the last field in the line:
$ echo get just the fourth word | awk '{ print "fourth word: " , $4, " - the last word: ", $NF }' fourth word: fourth - the last word: word
perl
Perl is an interpreted programming language.
$ echo get just the fourth word | perl -e '$i=<STDIN>; @a = split(/\s/,$i); print "$a[3]\n"' fourth
While Perl is quite powerful, and I have made extensive use of Perl over the years, I don’t often use CLI Perl in pipelines.
For that purpose, awk is usually easier.
The exception is the use of Perl scripts that are created as filters. I won’t be demonstrating that in this article, though.
sort
The sort command does just what the name implies; it sorts data.
The data can be sorted by the entire line in the simplest case.
You can also perform sorts on “keys” found in the line.
The data can be sorted as text or numbers, and can be shown in reverse order.
uniq
The uniq command is used to deduplicate data sent to it.
Optionally, you may also use uniq to count the number of occurrences of a string.
wc
The wc command counts lines, words and characters.
tr
You can use the tr utility to transform characters. It isn’t as robust as sed, but nonetheless useful at times.
FETCH and EXE times
Let’s use SYSQL to get some FETCH and EXE information from an Oracle SQL trace file.
The trace file trace/cdb1_ora_5689_SELECT.trc contains some trace data for an SQL we’re interested in.
Most Oracle trace files contain multiple SQL statements. In addition, the cursor number may be reused.
If the cursor number has been reused, that complicates things a bit, and a one-line probe of the trace probably won’t have the desired results.
First, we find the cursor handle.
By using grep -A 6, I can see the next six lines after the target word of PARSING:
grep -A 6 PARSING trace/cdb1_ora_5689_SELECT.trc PARSING IN CURSOR #140154018147080 len=52 dep=0 uid=92 oct=47 lid=92 tim=532738009488 hv=1029988163 ad='838081e8' sqlid='9babjv8yq8ru3' BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END; END OF STMT PARSE #140154018147080:c=44,e=44,p=0,cr=0,cu=0,mis=0,r=0,dep=0,og=1,plh=0,tim=532738009487 BINDS #140154018147080: Bind#0 -- PARSING IN CURSOR #140154018122048 len=97 dep=1 uid=0 oct=3 lid=0 tim=532740566203 hv=791757000 ad='96aeea08' sqlid='87gaftwrm2h68' select o.owner#,o.name,o.namespace,o.remoteowner,o.linkname,o.subname from obj$ o where o.obj#=:1 END OF STMT PARSE #140154018122048:c=1,e=434,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=4,plh=0,tim=532740566202 WAIT #140154018122048: nam='PGA memory operation' ela= 10 p1=65536 p2=2 p3=0 obj#=-1 tim=532740566836 WAIT #140154018122048: nam='PGA memory operation' ela= 4 p1=65536 p2=1 p3=0 obj#=-1 tim=532740567003 WAIT #140154018122048: nam='PGA memory operation' ela= 3 p1=65536 p2=1 p3=0 obj#=-1 tim=532740567193 -- PARSING IN CURSOR #140154018097232 len=153 dep=0 uid=92 oct=3 lid=92 tim=532740569568 hv=1226046019 ad='6a8c9b20' sqlid='dzmytmp4j7yk3' select s.username, s.sid, p.spid from v$session s, v$process p where s.sid = sys_context('userenv','sid') -- PARSING IN CURSOR #140154018098000 len=104 dep=0 uid=92 oct=47 lid=92 tim=532743008720 hv=2439783906 ad='658980a0' sqlid='2s2qwhy8qs9g2' declare vDate date; begin for i in 1..1e6 loop select sysdate into vDate from dual; -- PARSING IN CURSOR #140154018142216 len=24 dep=1 uid=92 oct=3 lid=92 tim=532743014936 hv=124468195 ad='7e551ea0' sqlid='c749bc43qqfz3' SELECT SYSDATE FROM DUAL END OF STMT PARSE #140154018142216:c=3689,e=5599,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=1,plh=1388734953,tim=532743014934 EXEC #140154018142216:c=59,e=59,p=0,cr=0,cu=0,mis=0,r=0,dep=1,og=1,plh=1388734953,tim=532743015228 FETCH #140154018142216:c=34,e=35,p=0,cr=0,cu=0,mis=0,r=1,dep=1,og=1,plh=1388734953,tim=532743015381 STAT #140154018142216 id=1 cnt=1 pid=0 pos=1 obj=0 op='FAST DUAL (cr=0 pr=0 pw=0 str=1 time=2 us cost=2 size=0 card=1)'
The SQL I’m interested in is “SELECT SYSDATE FROM DUAL.”
The cursor for this SQL (cursor #140154018142216) is being called 1,000,000 times by the PL/SQL block (cursor #140154018098000).
I can verify this in the following way:
$ grep 'FETCH #140154018142216' trace/cdb1_ora_5689_SELECT.trc | wc -l 1000000
As expected, the SQL that selects from DUAL appears 1,000,000 times.
Get EXEC and FETCH times
In a performance engagement I’ll typically use a tool such as Method R Workbench to fully analyze Oracle trace files.
At times though, I may want a simpler method to get at this data.
There are a couple of reasons I might use CLI tools for initial analysis:
- I’m not allowed to transfer trace files off the server.
- I’m not allowed to install any software on the server, even in my home directory.
And even when I can make use of Method R, I may want to use some simple tools to get an idea of where my efforts should be focused.
So, let’s get the FETCH and EXE times for this SQL.
To do this, I need to know which fields in these lines are of interest.
Here’s an EXEC line:
EXEC #140154018142216:c=59,e=59,p=0,cr=0,cu=0,mis=0,r=0,dep=1,og=1,plh=1388734953,tim=532743015228
And here’s a FETCH line:
FETCH #140154018142216:c=34,e=35,p=0,cr=0,cu=0,mis=0,r=1,dep=1,og=1,plh=1388734953,tim=532743015381
The item of interest in each line is the value “e=N,” where “e” refers to the elapsed timed of the operation.
In each this appears to be the second field of comma delimited data. Let’s verify:
$ grep 'EXEC #140154018142216' trace/cdb1_ora_5689_SELECT.trc | head -1 | cut -d, -f2 e=59 $ grep 'FETCH #140154018142216' trace/cdb1_ora_5689_SELECT.trc | head -1 | cut -d, -f2 e=35
Now it’s necessary to separate the value from its label.
It’s convenient to initially limit the amount of data used via the head command, as the trace file may be very large.
Here I’m using the cut command again to separate the value from “e=N.”
$ grep 'FETCH #140154018142216' trace/cdb1_ora_5689_SELECT.trc | head -10 | cut -d, -f2 | cut -f2 -d= 35 7 10 6 5 7 8 5 9 4
Seeing 10 of those is OK, but I can’t really make any sense of 1,000,000 appearing on the console, so I’ll use awk to help clarify the data.
For now, the head -10
remains, just to make experimentation run quickly, as the trace file is 256MB in size.
For readability purposes, I’ll write some of these command lines on several continuation lines.
$ grep 'FETCH #140154018142216' trace/cdb1_ora_5689_SELECT.trc \ | head -10 \ | cut -d, -f2 \ | cut -f2 -d= \ | awk 'BEGIN{t=0;a=0}{ t += $1}END{a=t / NR; print t,a}' 96 9.6
Here, I used the awk variable NR (number of records) to compute the average.
This has printed the (t)otal and (a)verage values for elapsed time.
If you’re familiar with awk, you may recall that it uses the “-F” option to set a field delimiter.
Using “-F=,” you can eliminate the second “cut” command:
$ grep 'FETCH #140154018142216' trace/cdb1_ora_5689_SELECT.trc \ | head -10 \ | cut -d, -f2 \ | awk -F= 'BEGIN{t=0;a=0}{ t += $2}END{a=t / NR; print t,a}' 96 9.6
In fact, you could also eliminate the first cut, and you could use the string splitting feature of awk.
However, that starts to be somewhat complicated, and one of the goals of SYSQL is to be simple to use. If I was building a shell script to run regularly, I’d be more concerned about that type of efficiency. For ad hoc analysis on the command line though, simplicity and ease of use is the rule of the day.
Finally, we can use printf
to beautify the output a bit.
Doing so isn’t strictly necessary, but if you already know how to use printf
, it’s a nice touch.
$ grep 'FETCH #140154018142216' trace/cdb1_ora_5689_SELECT.trc \ | head -10 \ | cut -d, -f2 \ | awk -F= 'BEGIN{t=0;a=0}{ t += $2}END{a=t / NR; printf("Total Elapsed microseconds: %10.2f\nAverage microseconds: %10.2f\n", t,a)}' Total Elapsed microseconds: 96.00 Average microseconds: 9.60
Now, I’ll remove the data-limiting head command, and we can see the full report for EXEC and FETCH:
EXEC:
$ grep 'EXEC #140154018142216' trace/cdb1_ora_5689_SELECT.trc \ | cut -d, -f2 \ | awk -F= 'BEGIN{t=0;a=0}{ t += $2}END{a=t / NR; printf("Total Elapsed microseconds: %10.2f\nAverage microseconds: %10.2f\n", t,a)}' Total Elapsed microseconds: 5362065.00 Average microseconds: 5.36
FETCH:
$ grep 'FETCH #140154018142216' trace/cdb1_ora_5689_SELECT.trc \ | cut -d, -f2 \ | awk -F= 'BEGIN{t=0;a=0}{ t += $2}END{a=t / NR; printf("Total Elapsed microseconds: %10.2f\nAverage microseconds: %10.2f\n", t,a)}' Total Elapsed microseconds: 1172276.00 Average microseconds: 1.17
Log writer (LGWR) trace file
Every time the Oracle LGWR process takes longer than 500 ms to write to the REDO log, the log writer trace file records the event.
Now let’s use SYSQL to learn something about LGWR performance.
There are four LGWR trace files:
$ ls -l trace/*lg*.trc -rw-r----- 1 jkstill dba 36008 Jun 8 14:00 trace/cdb1_lg00_7689.trc -rw-r----- 1 jkstill dba 28693 Jun 8 14:00 trace/cdb1_lg01_7697.trc -rw-r----- 1 jkstill dba 39654 Jun 8 14:00 trace/cdb2_lg00_15674.trc -rw-r----- 1 jkstill dba 30028 Jun 8 14:00 trace/cdb2_lg01_15678.trc
The following command line will get the lines showing underperforming writes, get the time field and remove non-numeric characters:
$ grep -h 'Warning: log write elapsed time' trace/*lg*.trc | head -10 | cut -d' ' -f6 | sed -e 's/ms,//' 1234 616 707 1806 513 556 501 1406 1794 585
For a simple transformation such as this one, you could use the tr command instead of sed.
$ grep -h 'Warning: log write elapsed time' trace/*lg*.trc | head -10 | cut -d' ' -f6 | tr -d '[ms,]' 1234 616 707 1806 513 556 501 1406 1794 585
In this case, tr deleted all characters in the “[ms,]” character class.
The head command is now removed from the command line chain, and the output can be piped to awk to get an average value:
$ grep -h 'Warning: log write elapsed time' trace/*lg*.trc \ | cut -d' ' -f6 \ | tr -d '[ms,]' \ | awk 'BEGIN{t=0; a=0} { t += $1 } END{ a=t/NR; print "avg: ", a }' avg: 743.794
By expanding the awk command a bit, I can get the minimum, maximum and average values:
$ grep -h 'Warning: log write elapsed time' trace/*lg*.trc | cut -d' ' -f6 | tr -d '[ms,]' \ | awk ' BEGIN{t=0; a=0; min=999999999; max=0} { if ($1 > max) (max=$1); if ($1 < min) (min=$1); t += $1 } END{ a=t/NR; print "min: ",min,"\nmax:",max,"\navg: ", a } ' min: 500 max: 4258 avg: 743.794
I can even create a histogram from the command line.
In the BEGIN section of the following awk command a string of “*” characters is created:
$ echo null | awk 'BEGIN{s="*"; for(i=0;i<6;++i) s=s s } {print s}'
****************************************************************
Now let’s create the histogram:
grep -h 'Warning: log write elapsed time' trace/*lg*.trc \ | cut -d' ' -f6 \ | tr -d '[ms,]' \ | awk '{ bucket=$1-($1%100); print bucket }' \ | sort -n \ | uniq -c \ | awk 'BEGIN{s="*"; for(i=0;i<10;++i) s=s s } { hlen=int($1/10)+1; print $1,$2, substr(s,1,hlen) }' 495 500 ************************************************** 282 600 ***************************** 178 700 ****************** 103 800 *********** 68 900 ******* 49 1000 ***** 28 1100 *** 26 1200 *** 11 1300 ** 11 1400 ** 7 1500 * 3 1600 * 4 1700 * 2 1800 * 4 1900 * 2 2200 * 2 2500 * 1 2600 * 4 2800 * 1 3000 * 2 3100 * 1 3200 * 1 4200 *
Let’s break that command down a bit so as to be more understandable.
Get the required lines from the trace files
$ grep -h ‘Warning: log write elapsed time’ trace/*lg*.trc | head -1
Warning: log write elapsed time 1234ms, size 24KB
$ grep -h 'Warning: log write elapsed time' trace/*lg*.trc | head -1 Warning: log write elapsed time 1234ms, size 24KB
Get just the sixth field
Add cut
to the pipeline to capture just the sixth field.
$ grep -h 'Warning: log write elapsed time' trace/*lg*.trc | head -1 | cut -d' ' -f6 1234ms,
Remove “ms,” from the data
The tr command is used to remove characters in the character class [ms,].
$ grep -h 'Warning: log write elapsed time' trace/*lg*.trc | head -1 | cut -d' ' -f6 | tr -d '[ms,]' 1234
Transform the milliseconds to a bucket size
The histogram will be based on bucket sizes that increment by 100.
Here, awk is used to create the bucket by subtracting the value of modulo (value,100) from the value.
awk '{ bucket=$1-($1%100); print bucket }'
Sort and count
Now to sort and count the buckets.
The data is sorted numerically, then counted with uniq -c.
grep -h 'Warning: log write elapsed time' trace/*lg*.trc \ | cut -d' ' -f6 \ | tr -d '[ms,]' \ | awk '{ bucket=$1-($1%100); print bucket }' \ | sort -n \ | uniq -c 495 500 282 600 178 700 103 800 68 900 49 1000 28 1100 26 1200 11 1300 11 1400 7 1500 3 1600 4 1700 2 1800 4 1900 2 2200 2 2500 1 2600 4 2800 1 3000 2 3100 1 3200 1 4200
No further sorting will be needed, as the data is already sorted by the bucket size.
Build the histogram string
As shown previously, the BEGIN section is just building a string of “*” characters.
awk 'BEGIN{s="*"; for(i=0;i<10;++i) s=s s } ...
The remainder of the awk one-liner determines the length of the histogram line based on the count ($1) of the bucket ($2) size.
Create the histogram source line. The substr()
determines the length.
The length is calculated as the number of entries for this bucket divided by 10. Then 1 is added so there is always at least one “*.”
{ hlen=int($1/10)+1; print $1,$2, substr(s,1,hlen) }'
Additionally, the formatting can also be cleaned up a little with printf.
I’ve also broken the command into multiple lines so as to be easier to read:
$ grep -h 'Warning: log write elapsed time' trace/*lg*.trc \ | cut -d' ' -f6 \ | tr -d '[ms,]' \ | awk '{ bucket=$1-($1%100); print bucket }' \ | sort -n \ | uniq -c \ | awk 'BEGIN{s="*"; for(i=0;i<10;++i) s=s s } { hlen=int($1/10)+1; printf("%6d %6d %-50s\n", $1,$2, substr(s,1,hlen)) }' 495 500 ************************************************** 282 600 ***************************** 178 700 ****************** 103 800 *********** 68 900 ******* 49 1000 ***** 28 1100 *** 26 1200 *** 11 1300 ** 11 1400 ** 7 1500 * 3 1600 * 4 1700 * 2 1800 * 4 1900 * 2 2200 * 2 2500 * 1 2600 * 4 2800 * 1 3000 * 2 3100 * 1 3200 * 1 4200 *
If you’re unfamiliar with some of these commands, that command line may appear somewhat daunting.
The key is practice. Once you start making use of command line tools for quick data analysis, it really becomes fairly easy.
The commands I’ve shown are all commands that I’ve used on a regular basis. It would take only a couple of minutes to construct these, ad hoc, as needed.
Let’s consider another example.
Fail2Ban
The next example is some ad hoc security analysis on a Linux server. As it’s exposed to the Internet, there are constant malicious attempts to login via ssh.
Fail2Ban is a security tool used to ban IP addresses when there appears to be malicious intent due to frequent failed login attempts.
When there are too many failed login attempts, Fail2Ban will ban the originating IP from attempting again (for 10 minutes by default).
Fail2Ban makes use of the logfile /var/log/auth.log
, and writes output to /var/log/fail2ban.log
.
What I want to do is compare malicious attempts found in /var/log/auth.log to actions taken as seen in /var/log/fail2ban.log.
Initially, I’m just looking at user names of invalid login attempts:
$ grep 'Invalid user' log/auth.log | awk '{ print $8 }'| sort | uniq -c | sort -n | tail -20 10 ftpuser 10 vagrant 11 administrator 11 guest 14 test 15 MikroTik 15 tech 16 user1 22 admin1 26 web 28 support 29 ubuntu 40 demo 41 es 42 pi 184 telecomadmin 205 ubnt 231 profile1 348 admin 545 user
You’ll find that the pattern of “something | sort | uniq -c | sort -n” is a fairly common usage.
Let’s see where the requests have been coming from.
$ grep 'Invalid user' log/auth.log \ | awk '{ print $10 }'\ | sort \ | uniq -c \ | awk '{ if ($1 >= 10) print $2 }' | grep -v '^$' | sort -n 2.133.117.116 14.167.34.197 ... 210.187.213.31 217.197.182.103
There are 64 addresses where apparently malicious ssh attempts originate, where there are 10 or more such attempts.
$ grep 'Invalid user' log/auth.log \ | awk '{ print $10 }'\ | sort \ | uniq -c \ | awk '{ if ($1 >= 10) print $2 }' \ | grep -v '^$' \ | sort -n\ | wc -l 64
Given the current Fail2Ban configuration, the tool should have banned these addresses from further logon attempts.
Is that the case?
The grep command has a -f option that allows taking the patterns to match from some file.
For example, the following command could be used to get only nonsystem usernames from /etc/passwd.
Given this filter file:
$ cat /tmp/system-users.filter ^root ^daemon ... ^sshd ^statd ^postfix
You can easily see the nonsystem users:
$ grep -v -f /tmp/system-users.filter /etc/passwd dnsmasq:x:111:65534:dnsmasq,,,:/var/lib/misc:/bin/false mdm:x:117:124:MDM Display Manager:/var/lib/mdm:/bin/false nm-openvpn:x:118:126:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/bin/false saned:x:120:128::/var/lib/saned:/bin/false perlbrew:x:1001:1001:perlbrew,,,:/opt/perlbrew:/bin/bash oracle:x:1002:1002::/home/oracle: ssopun:x:1003:1002::/home/ssopun: strongswan:x:125:65534::/var/lib/strongswan:/usr/sbin/nologin vboxadd:x:999:1::/var/run/vboxadd:/bin/false
When the shell is Bash, you can use process substitution.
That is, you can use the output of a command enclosed in <(...)
as if it were a file.
To filter out all users with a UID of 1000 or less, you can use the following awk command as a pattern source:
$ awk -F: '{ if ($3 < 1000) print "^"$1 }' /etc/passwd ^root ^daemon ^bin ... ^postfix ^strongswan ^vboxadd
Now, use it in the overall command:
$ grep -v -f <(awk -F: '{ if ($3 < 1000) print "^"$1 }' /etc/passwd) /etc/passwd nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin jkstill:x:1000:1002:jared,,,:/home/jkstill:/bin/bash perlbrew:x:1001:1001:perlbrew,,,:/opt/perlbrew:/bin/bash jkstill-new:x:1000:1000::/home/jkstill-new: oracle:x:1002:1002::/home/oracle: ssopun:x:1003:1002::/home/ssopun:
You get the same results, but there was no need to manually create a temporary file for the filter patterns.
Now, apply that same logic to the Fail2Ban log:
$ grep -f <( \ grep 'Invalid user' log/auth.log \ | awk '{ print $10 }' \ | sort | uniq -c \ | awk '{ if ($1 >= 10) print $2 }' \ | grep -v '^$' \ ) log/fail2ban.log ... 2021-06-06 05:08:52,152 fail2ban.actions [1398]: NOTICE [sshd] Ban 36.78.79.106 2021-06-06 05:18:52,182 fail2ban.actions [1398]: NOTICE [sshd] Unban 36.78.79.106 2021-06-06 07:17:23,709 fail2ban.filter [1398]: INFO [sshd] Found 178.62.237.221 2021-06-06 07:17:59,768 fail2ban.filter [1398]: INFO [sshd] Found 178.62.237.221 2021-06-06 07:18:36,847 fail2ban.filter [1398]: INFO [sshd] Found 178.62.237.221 2021-06-06 07:19:11,909 fail2ban.filter [1398]: INFO [sshd] Found 178.62.237.221 2021-06-06 07:19:46,972 fail2ban.filter [1398]: INFO [sshd] Found 178.62.237.221 2021-06-06 07:19:47,550 fail2ban.actions [1398]: NOTICE [sshd] Ban 178.62.237.221 2021-06-06 07:29:48,531 fail2ban.actions [1398]: NOTICE [sshd] Unban 178.62.237.221
While this is interesting, it doesn’t really tell me what I want to know.
What I want to know is this—were all of these addresses banned?
This is an example of a “Ban” line in log/fail2ban.log:
2021-06-04 21:59:02,690 fail2ban.actions [1398]: NOTICE [sshd] Ban 36.69.234.183
Here, I can show all the unique addresses Fail2Ban has banned:
$ grep -E -f <( \ grep 'Invalid user' log/auth.log \ | awk '{ print $10 }' \ | sort | uniq -c \ | awk '{ if ($1 >= 10) print $2 }' \ | grep -v '^$' \ | awk '{print "Ban\\s+"$1}' \ ) log/fail2ban.log \ | awk '{ print $NF }' | sort -n | sort -u
And a count of those addresses:
$ grep -E -f <( \ grep 'Invalid user' log/auth.log \ | awk '{ print $10 }' \ | sort | uniq -c \ | awk '{ if ($1 >= 10) print $2 }' \ | grep -v '^$' \ | awk '{print "Ban\\s+"$1}' \ ) log/fail2ban.log \ | awk '{ print $NF }' | sort -n | sort -u | wc -l 63
You may recall earlier that malicious login attempts were found to originate from 64 different addresses.
As Fail2Ban appears to have only banned 63 addresses, let’s find out which addresses with 10 or more login attempts it didn’t ban.
For this I’ll create two temp files: one for the addresses where login attempts originated, and one for the addresses that were banned.
$ grep 'Invalid user' log/auth.log \ | awk '{ print $10 }' \ | sort | uniq -c \ | awk '{ if ($1 >= 10) print $2 }' \ | grep -v '^$' \ | sort -u | sort -n > attempts.txt $ grep -E -f <( \ grep 'Invalid user' log/auth.log \ | awk '{ print $10 }' \ | sort | uniq -c \ | awk '{ if ($1 >= 10) print $2 }' \ | grep -v '^$' \ | awk '{print "Ban\\s+"$1}' ) log/fail2ban.log \ | awk '{ print $NF }' \ | sort -u | sort -n > banned.txt
Running diff on the files reveals an address that appears in attempts.txt that doesn’t appear in banned.txt.
$ diff attempts.txt banned.txt 35d34 < 141.98.10.193
Let’s check the Fail2Ban.log file for this address:
$ grep -n '141.98.10.193' log/fail2ban.log ... 3963:2021-06-05 08:44:12,810 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 3964:2021-06-05 08:44:22,841 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 3965:2021-06-05 08:44:32,870 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4094:2021-06-05 15:45:34,123 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4095:2021-06-05 15:45:42,141 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4096:2021-06-05 15:45:52,161 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4097:2021-06-05 15:46:02,187 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4101:2021-06-05 16:02:42,612 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4102:2021-06-05 16:02:52,640 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4103:2021-06-05 16:03:01,664 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4104:2021-06-05 16:03:11,684 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4122:2021-06-05 18:38:15,491 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4123:2021-06-05 18:38:24,512 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4124:2021-06-05 18:38:33,538 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4125:2021-06-05 18:38:43,565 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4184:2021-06-05 22:45:58,140 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4186:2021-06-05 22:46:07,179 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4187:2021-06-05 22:46:18,208 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193 4188:2021-06-05 22:46:27,226 fail2ban.filter [1398]: INFO [sshd] Found 141.98.10.193
Lines 4101 to 4125 are within a time period of approximately three minutes.
The default value for the Fail2Ban parameter findtime is 600 seconds. This value defines the window size that Fail2Ban considers when determining if an IP should be banned.
The default value for the Fail2Ban parameter maxretry is five. If maxretry attempts occur within findtime seconds from the same IP, that IP should be banned.
Though it appears that 141.98.10.193 should have been banned, it wasn’t. At this time, I don’t yet know why Fail2Ban didn’t ban it.
In the meantime, I’ve manually banned this IP:
$ fail2ban-client set sshd banip 141.98.10.193 $ iptables -L -n -v ... Chain f2b-sshd (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 141.98.10.193 0.0.0.0/0 reject-with icmp-port-unreachable 1120 89095 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
What I found later was that Fail2Ban had “unbanned” this IP, so getting that to work as I want is a different adventure.
Though lengthy command line pipelines may appear somewhat intimidating at first, the previous explanations of a few somewhat complex pipelines should make it easier to do this yourself.
More on SYSQL
We chose the name SYSQL as a concise name that brings to mind both the goal (data analysis) and the method (linux command pipelines).
Plus, it’s tiring to keep saying “linux command pipelines.”
How do you pronounce SYSQL?
Well, there are only two possible pronunciations that come to mind:
SYS-Q-L, with each of the letters Q and L pronounced.
SYS-KEL. Rhymes with “fiscal.”
Which do I prefer? Honestly, I haven’t made up my mind on that.
If you have an opinion on the pronunciation of SYSQL, or any questions or thoughts on the above, please feel free to leave a comment!
Share this
- Technical Track (967)
- Oracle (400)
- MySQL (137)
- Cloud (128)
- Open Source (90)
- Google Cloud (81)
- DBA Lounge (76)
- Microsoft SQL Server (76)
- Technical Blog (74)
- Big Data (52)
- AWS (49)
- Google Cloud Platform (46)
- Cassandra (44)
- DevOps (41)
- Azure (38)
- Pythian (33)
- Linux (30)
- Database (26)
- Podcasts (25)
- Site Reliability Engineering (25)
- Performance (24)
- SQL Server (24)
- Microsoft Azure (23)
- Oracle E-Business Suite (23)
- PostgreSQL (23)
- Oracle Database (22)
- Docker (21)
- Group Blog Posts (20)
- Security (20)
- DBA (19)
- Log Buffer (19)
- SQL (19)
- Exadata (18)
- Mongodb (18)
- Oracle Cloud Infrastructure (OCI) (18)
- Oracle Exadata (18)
- Automation (17)
- Hadoop (16)
- Oracleebs (16)
- Amazon RDS (15)
- Ansible (15)
- Ebs (15)
- Snowflake (15)
- ASM (13)
- BigQuery (13)
- Patching (13)
- RDS (13)
- Replication (13)
- Advanced Analytics (12)
- Data (12)
- GenAI (12)
- Kubernetes (12)
- Oracle 12C (12)
- Backup (11)
- LLM (11)
- Machine Learning (11)
- OCI (11)
- Rman (11)
- Cloud Migration (10)
- Datascape Podcast (10)
- Monitoring (10)
- R12 (10)
- 12C (9)
- AI (9)
- Apache Cassandra (9)
- Data Guard (9)
- Infrastructure (9)
- Oracle 19C (9)
- Oracle Applications (9)
- Python (9)
- Series (9)
- AWR (8)
- Amazon Web Services (AWS) (8)
- Articles (8)
- High Availability (8)
- Oracle EBS (8)
- Percona (8)
- Powershell (8)
- Recovery (8)
- Weblogic (8)
- Apache Beam (7)
- Backups (7)
- Data Governance (7)
- Goldengate (7)
- Innodb (7)
- Migration (7)
- Myrocks (7)
- OEM (7)
- Oracle Enterprise Manager (OEM) (7)
- Performance Tuning (7)
- Authentication (6)
- ChatGPT-4 (6)
- Data Enablement (6)
- Data Visualization (6)
- Database Performance (6)
- E-Business Suite (6)
- Fmw (6)
- Grafana (6)
- Oracle Enterprise Manager (6)
- Orchestrator (6)
- Postgres (6)
- Rac (6)
- Renew Refresh Republish (6)
- RocksDB (6)
- Serverless (6)
- Upgrade (6)
- 19C (5)
- Azure Data Factory (5)
- Azure Synapse Analytics (5)
- Cpu (5)
- Disaster Recovery (5)
- Error (5)
- Generative AI (5)
- Google BigQuery (5)
- Indexes (5)
- Love Letters To Data (5)
- Mariadb (5)
- Microsoft (5)
- Proxysql (5)
- Scala (5)
- Sql Server Administration (5)
- VMware (5)
- Windows (5)
- Xtrabackup (5)
- Airflow (4)
- Analytics (4)
- Apex (4)
- Best Practices (4)
- Centrally Managed Users (4)
- Cli (4)
- Cloud Spanner (4)
- Cockroachdb (4)
- Configuration Management (4)
- Container (4)
- Data Management (4)
- Data Pipeline (4)
- Data Security (4)
- Data Strategy (4)
- Database Administrator (4)
- Database Management (4)
- Database Migration (4)
- Dataflow (4)
- Dbsat (4)
- Elasticsearch (4)
- Fahd Mirza (4)
- Fusion Middleware (4)
- Google (4)
- Io (4)
- Java (4)
- Kafka (4)
- Middleware (4)
- Mysql 8 (4)
- Network (4)
- Ocidtab (4)
- Opatch (4)
- Oracle Autonomous Database (Adb) (4)
- Oracle Cloud (4)
- Pitr (4)
- Post-Mortem Analysis (4)
- Prometheus (4)
- Redhat (4)
- September 9Th 2015 (4)
- Sql2016 (4)
- Ssl (4)
- Terraform (4)
- Workflow (4)
- 2Fa (3)
- Alwayson (3)
- Amazon Relational Database Service (Rds) (3)
- Apache Kafka (3)
- Apexexport (3)
- Aurora (3)
- Azure Sql Db (3)
- Business Intelligence (3)
- Cdb (3)
- ChatGPT (3)
- Cloud Armor (3)
- Cloud Database (3)
- Cloud FinOps (3)
- Cloud Security (3)
- Cluster (3)
- Consul (3)
- Cosmos Db (3)
- Covid19 (3)
- Crontab (3)
- Data Analytics (3)
- Data Integration (3)
- Database 12C (3)
- Database Monitoring (3)
- Database Troubleshooting (3)
- Database Upgrade (3)
- Databases (3)
- Dataops (3)
- Dbt (3)
- Digital Transformation (3)
- ERP (3)
- Google Chrome (3)
- Google Cloud Sql (3)
- Graphite (3)
- Haproxy (3)
- Heterogeneous Database Migration (3)
- Hugepages (3)
- Inside Pythian (3)
- Installation (3)
- Json (3)
- Keras (3)
- Ldap (3)
- Liquibase (3)
- Love Letter (3)
- Lua (3)
- Mfa (3)
- Multitenant (3)
- Mysql 5.7 (3)
- Mysql Configuration (3)
- Nginx (3)
- Nodetool (3)
- Non-Tech Articles (3)
- Oem 13C (3)
- Oms (3)
- Oracle 18C (3)
- Oracle Data Guard (3)
- Oracle Live Sql (3)
- Oracle Rac (3)
- Patch (3)
- Perl (3)
- Pmm (3)
- Pt-Online-Schema-Change (3)
- Rdbms (3)
- Recommended (3)
- Remote Teams (3)
- Reporting (3)
- Reverse Proxy (3)
- S3 (3)
- Spark (3)
- Sql On The Edge (3)
- Sql Server Configuration (3)
- Sql Server On Linux (3)
- Ssis (3)
- Ssis Catalog (3)
- Stefan Knecht (3)
- Striim (3)
- Sysadmin (3)
- System Versioned (3)
- Systemd (3)
- Temporal Tables (3)
- Tensorflow (3)
- Tools (3)
- Tuning (3)
- Vasu Balla (3)
- Vault (3)
- Vulnerability (3)
- Waf (3)
- 18C (2)
- Adf (2)
- Adop (2)
- Agent (2)
- Agile (2)
- Amazon Data Migration Service (2)
- Amazon Ec2 (2)
- Amazon S3 (2)
- Apache Flink (2)
- Apple (2)
- Apps (2)
- Ashdump (2)
- Atp (2)
- Audit (2)
- Automatic Backups (2)
- Autonomous (2)
- Autoupgrade (2)
- Awr Data Mining (2)
- Azure Sql (2)
- Azure Sql Data Sync (2)
- Bash (2)
- Business (2)
- Caching (2)
- Cassandra Nodetool (2)
- Cdap (2)
- Certification (2)
- Cloning (2)
- Cloud Cost Optimization (2)
- Cloud Data Fusion (2)
- Cloud Hosting (2)
- Cloud Infrastructure (2)
- Cloud Shell (2)
- Cloud Sql (2)
- Cloudscape (2)
- Cluster Level Consistency (2)
- Conferences (2)
- Consul-Template (2)
- Containerization (2)
- Containers (2)
- Cosmosdb (2)
- Cost Management (2)
- Costs (2)
- Cql (2)
- Cqlsh (2)
- Cyber Security (2)
- Data Analysis (2)
- Data Discovery (2)
- Data Engineering (2)
- Data Migration (2)
- Data Modeling (2)
- Data Quality (2)
- Data Streaming (2)
- Data Warehouse (2)
- Database Consulting (2)
- Database Migrations (2)
- Dataguard (2)
- Datapump (2)
- Ddl (2)
- Debezium (2)
- Dictionary Views (2)
- Dms (2)
- Docker-Composer (2)
- Dr (2)
- Duplicate (2)
- Ecc (2)
- Elastic (2)
- Elastic Stack (2)
- Em12C (2)
- Encryption (2)
- Enterprise Data Platform (EDP) (2)
- Enterprise Manager (2)
- Etl (2)
- Events (2)
- Exachk (2)
- Filter Driver (2)
- Flume (2)
- Full Text Search (2)
- Galera (2)
- Gemini (2)
- General Purpose Ssd (2)
- Gh-Ost (2)
- Gke (2)
- Google Workspace (2)
- Hanganalyze (2)
- Hdfs (2)
- Health Check (2)
- Historical Trends (2)
- Incremental (2)
- Infiniband (2)
- Infrastructure As Code (2)
- Innodb Cluster (2)
- Innodb File Structure (2)
- Innodb Group Replication (2)
- Install (2)
- Internals (2)
- Java Web Start (2)
- Kibana (2)
- Log (2)
- Log4J (2)
- Logs (2)
- Memory (2)
- Merge Replication (2)
- Metrics (2)
- Mutex (2)
- MySQLShell (2)
- NLP (2)
- Neo4J (2)
- Node.Js (2)
- Nosql (2)
- November 11Th 2015 (2)
- Ntp (2)
- Oci Iam (2)
- Oem12C (2)
- Omspatcher (2)
- Opatchauto (2)
- Open Source Database (2)
- Operational Excellence (2)
- Oracle 11G (2)
- Oracle Datase (2)
- Oracle Extended Manager (Oem) (2)
- Oracle Flashback (2)
- Oracle Forms (2)
- Oracle Installation (2)
- Oracle Io Testing (2)
- Pdb (2)
- Podcast (2)
- Power Bi (2)
- Puppet (2)
- Pythian Europe (2)
- R12.2 (2)
- Redshift (2)
- Remote DBA (2)
- Remote Sre (2)
- SAP HANA Cloud (2)
- Sap Migration (2)
- Scale (2)
- Schema (2)
- September 30Th 2015 (2)
- September 3Rd 2015 (2)
- Shell (2)
- Simon Pane (2)
- Single Sign-On (2)
- Sql Server On Gke (2)
- Sqlplus (2)
- Sre (2)
- Ssis Catalog Error (2)
- Ssisdb (2)
- Standby (2)
- Statspack Mining (2)
- Systemstate Dump (2)
- Tablespace (2)
- Technical Training (2)
- Tempdb (2)
- Tfa (2)
- Throughput (2)
- Tls (2)
- Tombstones (2)
- Transactional Replication (2)
- User Groups (2)
- Vagrant (2)
- Variables (2)
- Virtual Machine (2)
- Virtual Machines (2)
- Virtualbox (2)
- Web Application Firewall (2)
- Webinars (2)
- X5 (2)
- scalability (2)
- //Build2019 (1)
- 11G (1)
- 12.1 (1)
- 12Cr1 (1)
- 12Cr2 (1)
- 18C Grid Installation (1)
- 2022 (1)
- 2022 Snowflake Summit (1)
- AI Platform (1)
- AI Summit (1)
- Actifio (1)
- Active Directory (1)
- Adaptive Hash Index (1)
- Adf Custom Email (1)
- Adobe Flash (1)
- Adrci (1)
- Advanced Data Services (1)
- Afd (1)
- After Logon Trigger (1)
- Ahf (1)
- Aix (1)
- Akka (1)
- Alloydb (1)
- Alter Table (1)
- Always On (1)
- Always On Listener (1)
- Alwayson With Gke (1)
- Amazon (1)
- Amazon Athena (1)
- Amazon Aurora Backtrack (1)
- Amazon Efs (1)
- Amazon Redshift (1)
- Amazon Sagemaker (1)
- Amazon Vpc Flow Logs (1)
- Amdu (1)
- Analysis (1)
- Analytical Models (1)
- Analyzing Bigquery Via Sheets (1)
- Anisble (1)
- Annual Mysql Community Dinner (1)
- Anthos (1)
- Apache (1)
- Apache Nifi (1)
- Apache Spark (1)
- Application Migration (1)
- Architect (1)
- Architecture (1)
- Ash (1)
- Asmlib (1)
- Atlas CLI (1)
- Audit In Postgres (1)
- Audit In Postgresql (1)
- Auto Failover (1)
- Auto Increment (1)
- Auto Index (1)
- Autoconfig (1)
- Automated Reports (1)
- Automl (1)
- Autostart (1)
- Awr Mining (1)
- Aws Glue (1)
- Aws Lake Formation (1)
- Aws Lambda (1)
- Azure Analysis Services (1)
- Azure Blob Storage (1)
- Azure Cognitive Search (1)
- Azure Data (1)
- Azure Data Lake (1)
- Azure Data Lake Analytics (1)
- Azure Data Lake Store (1)
- Azure Data Migration Service (1)
- Azure Dma (1)
- Azure Dms (1)
- Azure Document Intelligence (1)
- Azure Integration Runtime (1)
- Azure OpenAI (1)
- Azure Sql Data Warehouse (1)
- Azure Sql Dw (1)
- Azure Sql Managed Instance (1)
- Azure Vm (1)
- Backup For Sql Server (1)
- Bacpac (1)
- Bag (1)
- Bare Metal Solution (1)
- Batch Operation (1)
- Batches In Cassandra (1)
- Beats (1)
- Best Practice (1)
- Bi Publisher (1)
- Binary Logging (1)
- Bind Variables (1)
- Bitnami (1)
- Blob Storage Endpoint (1)
- Blockchain (1)
- Browsers (1)
- Btp Architecture (1)
- Btp Components (1)
- Buffer Pool (1)
- Bug (1)
- Bugs (1)
- Build 2019 Updates (1)
- Build Cassandra (1)
- Bundle Patch (1)
- Bushy Join (1)
- Business Continuity (1)
- Business Insights (1)
- Business Process Modelling (1)
- Business Reputation (1)
- CAPEX (1)
- Capacity Planning (1)
- Career (1)
- Career Development (1)
- Cassandra-Cli (1)
- Catcon.Pm (1)
- Catctl.Pl (1)
- Catupgrd.Sql (1)
- Cbo (1)
- Cdb Duplication (1)
- Certificate (1)
- Certificate Management (1)
- Chaos Engineering (1)
- Cheatsheet (1)
- Checkactivefilesandexecutables (1)
- Chmod (1)
- Chown (1)
- Chrome Enterprise (1)
- Chrome Security (1)
- Cl-Series (1)
- Cleanup (1)
- Cloud Browser (1)
- Cloud Build (1)
- Cloud Consulting (1)
- Cloud Data Warehouse (1)
- Cloud Database Management (1)
- Cloud Dataproc (1)
- Cloud Foundry (1)
- Cloud Manager (1)
- Cloud Migations (1)
- Cloud Networking (1)
- Cloud SQL Replica (1)
- Cloud Scheduler (1)
- Cloud Services (1)
- Cloud Strategies (1)
- Cloudformation (1)
- Cluster Resource (1)
- Cmo (1)
- Cockroach Db (1)
- Coding Benchmarks (1)
- Colab (1)
- Collectd (1)
- Columnar (1)
- Communication Plans (1)
- Community (1)
- Compact Storage (1)
- Compaction (1)
- Compliance (1)
- Compression (1)
- Compute Instances (1)
- Compute Node (1)
- Concurrent Manager (1)
- Concurrent Processing (1)
- Configuration (1)
- Consistency Level (1)
- Consolidation (1)
- Conversational AI (1)
- Covid-19 (1)
- Cpu Patching (1)
- Cqlsstablewriter (1)
- Crash (1)
- Create Catalog Error (1)
- Create_File_Dest (1)
- Credentials (1)
- Cross Platform (1)
- CrowdStrike (1)
- Crsctl (1)
- Custom Instance Images (1)
- Cve-2022-21500 (1)
- Cvu (1)
- Cypher Queries (1)
- DAX (1)
- DBSAT 3 (1)
- Dacpac (1)
- Dag (1)
- Data Analytics Platform (1)
- Data Box (1)
- Data Classification (1)
- Data Cleansing (1)
- Data Encryption (1)
- Data Estate (1)
- Data Flow Management (1)
- Data Insights (1)
- Data Integrity (1)
- Data Lake (1)
- Data Leader (1)
- Data Lifecycle Management (1)
- Data Lineage (1)
- Data Masking (1)
- Data Mesh (1)
- Data Migration Assistant (1)
- Data Migration Service (1)
- Data Mining (1)
- Data Monetization (1)
- Data Policy (1)
- Data Profiling (1)
- Data Protection (1)
- Data Retention (1)
- Data Safe (1)
- Data Sheets (1)
- Data Summit (1)
- Data Vault (1)
- Data Warehouse Modernization (1)
- Database Auditing (1)
- Database Consultant (1)
- Database Link (1)
- Database Modernization (1)
- Database Provisioning (1)
- Database Provisioning Failed (1)
- Database Replication (1)
- Database Scaling (1)
- Database Schemas (1)
- Database Security (1)
- Databricks (1)
- Datadog (1)
- Datafile (1)
- Datapatch (1)
- Dataprivacy (1)
- Datascape 59 (1)
- Datasets (1)
- Datastax Cassandra (1)
- Datastax Opscenter (1)
- Datasync Error (1)
- Db_Create_File_Dest (1)
- Dbaas (1)
- Dbatools (1)
- Dbcc Checkident (1)
- Dbms_Cloud (1)
- Dbms_File_Transfer (1)
- Dbms_Metadata (1)
- Dbms_Service (1)
- Dbms_Stats (1)
- Dbupgrade (1)
- Deep Learning (1)
- Delivery (1)
- Devd (1)
- Dgbroker (1)
- Dialogflow (1)
- Dict0Dict (1)
- Did You Know (1)
- Direct Path Read Temp (1)
- Disk Groups (1)
- Disk Management (1)
- Diskgroup (1)
- Dispatchers (1)
- Distributed Ag (1)
- Distribution Agent (1)
- Documentation (1)
- Download (1)
- Dp Agent (1)
- Duet AI (1)
- Duplication (1)
- Dynamic Sampling (1)
- Dynamic Tasks (1)
- E-Business Suite Cpu Patching (1)
- E-Business Suite Patching (1)
- Ebs Sso (1)
- Ec2 (1)
- Edb Postgresql Advanced Server (1)
- Edb Postgresql Password Verify Function (1)
- Editions (1)
- Edp (1)
- El Carro (1)
- Elassandra (1)
- Elk Stack (1)
- Em13Cr2 (1)
- Emcli (1)
- End of Life (1)
- Engineering (1)
- Enqueue (1)
- Enterprise (1)
- Enterprise Architecture (1)
- Enterprise Command Centers (1)
- Enterprise Manager Command Line Interface (Em Cli (1)
- Enterprise Plus (1)
- Episode 58 (1)
- Error Handling (1)
- Exacc (1)
- Exacheck (1)
- Exacs (1)
- Exadata Asr (1)
- Execution (1)
- Executive Sponsor (1)
- Expenditure (1)
- Export Sccm Collection To Csv (1)
- External Persistent Volumes (1)
- Fail (1)
- Failed Upgrade (1)
- Failover In Postgresql (1)
- Fall 2021 (1)
- Fast Recovery Area (1)
- Flash Recovery Area (1)
- Flashback (1)
- Fnd (1)
- Fndsm (1)
- Force_Matching_Signature (1)
- Fra Full (1)
- Framework (1)
- Freebsd (1)
- Fsync (1)
- Function-Based Index (1)
- GCVE Architecture (1)
- GPQA (1)
- Gaming (1)
- Garbagecollect (1)
- Gcp Compute (1)
- Gcp-Spanner (1)
- Geography (1)
- Geth (1)
- Getmospatch (1)
- Git (1)
- Global Analytics (1)
- Google Analytics (1)
- Google Cloud Architecture Framework (1)
- Google Cloud Data Services (1)
- Google Cloud Partner (1)
- Google Cloud Spanner (1)
- Google Cloud VMware Engine (1)
- Google Compute Engine (1)
- Google Dataflow (1)
- Google Datalab (1)
- Google Grab And Go (1)
- Google Sheets (1)
- Gp2 (1)
- Graph Algorithms (1)
- Graph Databases (1)
- Graph Inferences (1)
- Graph Theory (1)
- GraphQL (1)
- Graphical User Interface (Gui) (1)
- Grid (1)
- Grid Infrastructure (1)
- Griddisk Resize (1)
- Grp (1)
- Guaranteed Restore Point (1)
- Guid Mismatch (1)
- HR Technology (1)
- HRM (1)
- Ha (1)
- Hang (1)
- Hashicorp (1)
- Hbase (1)
- Hcc (1)
- Hdinsight (1)
- Healthcheck (1)
- Hemantgiri S. Goswami (1)
- Hortonworks (1)
- How To Install Ssrs (1)
- Hr (1)
- Httpchk (1)
- Https (1)
- Huge Pages (1)
- HumanEval (1)
- Hung Database (1)
- Hybrid Columnar Compression (1)
- Hyper-V (1)
- Hyperscale (1)
- Hypothesis Driven Development (1)
- Ibm (1)
- Identity Management (1)
- Idm (1)
- Ilom (1)
- Imageinfo (1)
- Impdp (1)
- In Place Upgrade (1)
- Incident Response (1)
- Indempotent (1)
- Indexing In Mongodb (1)
- Influxdb (1)
- Information (1)
- Infrastructure As A Code (1)
- Injection (1)
- Innobackupex (1)
- Innodb Concurrency (1)
- Innodb Flush Method (1)
- Insights (1)
- Installing (1)
- Instance Cloning (1)
- Integration Services (1)
- Integrations (1)
- Interactive_Timeout (1)
- Interval Partitioning (1)
- Invisible Indexes (1)
- Io1 (1)
- IoT (1)
- Iops (1)
- Iphone (1)
- Ipv6 (1)
- Iscsi (1)
- Iscsi-Initiator-Utils (1)
- Iscsiadm (1)
- Issues (1)
- It Industry (1)
- It Teams (1)
- JMX Metrics (1)
- Jared Still (1)
- Javascript (1)
- Jdbc (1)
- Jinja2 (1)
- Jmx (1)
- Jmx Monitoring (1)
- Jvm (1)
- Jython (1)
- K8S (1)
- Kernel (1)
- Key Btp Components (1)
- Kfed (1)
- Kill Sessions (1)
- Knapsack (1)
- Kubeflow (1)
- LMSYS Chatbot Arena (1)
- Large Pages (1)
- Latency (1)
- Latest News (1)
- Leadership (1)
- Leap Second (1)
- Limits (1)
- Line 1 (1)
- Linkcolumn (1)
- Linux Host Monitoring (1)
- Linux Storage Appliance (1)
- Listener (1)
- Loadavg (1)
- Lock_Sga (1)
- Locks (1)
- Log File Switch (Archiving Needed) (1)
- Logfile (1)
- Looker (1)
- Lvm (1)
- MMLU (1)
- Managed Instance (1)
- Managed Services (1)
- Management (1)
- Management Servers (1)
- Marketing (1)
- Marketing Analytics (1)
- Martech (1)
- Masking (1)
- Megha Bedi (1)
- Metadata (1)
- Method-R Workbench (1)
- Metric (1)
- Metric Extensions (1)
- Michelle Gutzait (1)
- Microservices (1)
- Microsoft Azure Sql Database (1)
- Microsoft Build (1)
- Microsoft Build 2019 (1)
- Microsoft Ignite (1)
- Microsoft Inspire 2019 (1)
- Migrate (1)
- Migrating Ssis Catalog (1)
- Migrating To Azure Sql (1)
- Migration Checklist (1)
- Mirroring (1)
- Mismatch (1)
- Model Governance (1)
- Monetization (1)
- MongoDB Atlas (1)
- MongoDB Compass (1)
- Ms Excel (1)
- Msdtc (1)
- Msdtc In Always On (1)
- Msdtc In Cluster (1)
- Multi-IP (1)
- Multicast (1)
- Multipath (1)
- My.Cnf (1)
- MySQL Shell Logical Backup (1)
- MySQLDump (1)
- Mysql Enterprise (1)
- Mysql Plugin For Oracle Enterprise Manager (1)
- Mysql Replication Filters (1)
- Mysql Server (1)
- Mysql-Python (1)
- Nagios (1)
- Ndb (1)
- Net_Read_Timeout (1)
- Net_Write_Timeout (1)
- Netcat (1)
- Newsroom (1)
- Nfs (1)
- Nifi (1)
- Node (1)
- November 10Th 2015 (1)
- November 6Th 2015 (1)
- Null Columns (1)
- Nullipotent (1)
- OPEX (1)
- ORAPKI (1)
- O_Direct (1)
- Oacore (1)
- October 21St 2015 (1)
- October 6Th 2015 (1)
- October 8Th 2015 (1)
- Oda (1)
- Odbcs (1)
- Odbs (1)
- Odi (1)
- Oel (1)
- Ohs (1)
- Olvm (1)
- On-Prem To Azure Sql (1)
- On-Premises (1)
- Onclick (1)
- Open.Canada.Ca (1)
- Openstack (1)
- Operating System Monitoring (1)
- Oplog (1)
- Opsworks (1)
- Optimization (1)
- Optimizer (1)
- Ora-01852 (1)
- Ora-7445 (1)
- Oracle 19 (1)
- Oracle 20C (1)
- Oracle Cursor (1)
- Oracle Database 12.2 (1)
- Oracle Database Appliance (1)
- Oracle Database Se2 (1)
- Oracle Database Standard Edition 2 (1)
- Oracle Database Upgrade (1)
- Oracle Database@Google Cloud (1)
- Oracle Exadata Smart Scan (1)
- Oracle Licensing (1)
- Oracle Linux Virtualization Manager (1)
- Oracle Oda (1)
- Oracle Openworld (1)
- Oracle Parallelism (1)
- Oracle Rdbms (1)
- Oracle Real Application Clusters (1)
- Oracle Reports (1)
- Oracle Security (1)
- Oracle Wallet (1)
- Orasrp (1)
- Organizational Change (1)
- Orion (1)
- Os (1)
- Osbws_Install.Jar (1)
- Oui Gui (1)
- Output (1)
- Owox (1)
- Paas (1)
- Package Deployment Wizard Error (1)
- Parallel Execution (1)
- Parallel Query (1)
- Parallel Query Downgrade (1)
- Partitioning (1)
- Partitions (1)
- Password (1)
- Password Change (1)
- Password Recovery (1)
- Password Verify Function In Postgresql (1)
- Patches (1)
- Patchmgr (1)
- Pdb Duplication (1)
- Penalty (1)
- Perfomrance (1)
- Performance Schema (1)
- Pg 15 (1)
- Pg_Rewind (1)
- Pga (1)
- Pipeline Debugging (1)
- Pivot (1)
- Planning (1)
- Plsql (1)
- Policy (1)
- Polybase (1)
- Post-Acquisition (1)
- Post-Covid It (1)
- Postgresql Complex Password (1)
- Postgresql With Repmgr Integration (1)
- Pq (1)
- Preliminar Connection (1)
- Preliminary Connection (1)
- Privatecloud (1)
- Process Mining (1)
- Production (1)
- Productivity (1)
- Profile In Edb Postgresql (1)
- Programming (1)
- Prompt Engineering (1)
- Provisioned Iops (1)
- Provisiones Iops (1)
- Proxy Monitoring (1)
- Psu (1)
- Public Cloud (1)
- Pubsub (1)
- Purge (1)
- Purge Thread (1)
- Pythian Blackbird Acquisition (1)
- Pythian Goodies (1)
- Pythian News (1)
- Python Pandas (1)
- Query Performance (1)
- Quicksight (1)
- Quota Limits (1)
- R12 R12.2 Cp Concurrent Processing Abort (1)
- R12.1.3 (1)
- REF! (1)
- Ram Cache (1)
- Rbac (1)
- Rdb (1)
- Rds_File_Util (1)
- Read Free Replication (1)
- Read Latency (1)
- Read Only (1)
- Read Replica (1)
- Reboot (1)
- Recruiting (1)
- Redo Size (1)
- Relational Database Management System (1)
- Release (1)
- Release Automation (1)
- Repair (1)
- Replication Compatibility (1)
- Replication Error (1)
- Repmgr (1)
- Repmgrd (1)
- Reporting Services 2019 (1)
- Resiliency Planning (1)
- Resource Manager (1)
- Resources (1)
- Restore (1)
- Restore Point (1)
- Retail (1)
- Rhel (1)
- Risk (1)
- Risk Management (1)
- Rocksrb (1)
- Role In Postgresql (1)
- Rollback (1)
- Rolling Patch (1)
- Row0Purge (1)
- Rpm (1)
- Rule "Existing Clustered Or Clustered-Prepared In (1)
- Running Discovery On Remote Machine (1)
- SAP (1)
- SQL Optimization (1)
- SQL Tracing (1)
- SSRS Administration (1)
- SaaS (1)
- Sap Assessment (1)
- Sap Assessment Report (1)
- Sap Backup Restore (1)
- Sap Btp Architecture (1)
- Sap Btp Benefits (1)
- Sap Btp Model (1)
- Sap Btp Services (1)
- Sap Homogenous System Copy Method (1)
- Sap Landscape Copy (1)
- Sap Migration Assessment (1)
- Sap On Mssql (1)
- Sap System Copy (1)
- Sar (1)
- Scaling Ir (1)
- Sccm (1)
- Sccm Powershell (1)
- Scheduler (1)
- Scheduler_Job (1)
- Schedulers (1)
- Scheduling (1)
- Scott Mccormick (1)
- Scripts (1)
- Sdp (1)
- Secrets (1)
- Securing Sql Server (1)
- Security Compliance (1)
- Sed (Stream Editor) (1)
- Self Hosted Ir (1)
- Semaphore (1)
- Seps (1)
- September 11Th 2015 (1)
- Serverless Computing (1)
- Serverless Framework (1)
- Service Broker (1)
- Service Bus (1)
- Shared Connections (1)
- Shared Storage (1)
- Shellshock (1)
- Signals (1)
- Silent (1)
- Slave (1)
- Slob (1)
- Smart Scan (1)
- Smtp (1)
- Snapshot (1)
- Snowday Fall 2021 (1)
- Socat (1)
- Software Development (1)
- Software Engineering (1)
- Solutions Architecture (1)
- Spanner-Backups (1)
- Sphinx (1)
- Split Brain In Postgresql (1)
- Spm (1)
- Sql Agent (1)
- Sql Backup To Url Error (1)
- Sql Cluster Installer Hang (1)
- Sql Database (1)
- Sql Developer (1)
- Sql On Linux (1)
- Sql Server 2014 (1)
- Sql Server 2016 (1)
- Sql Server Agent On Linux (1)
- Sql Server Backups (1)
- Sql Server Denali Is Required To Install Integrat (1)
- Sql Server Health Check (1)
- Sql Server Troubleshooting On Linux (1)
- Sql Server Version (1)
- Sql Setup (1)
- Sql Vm (1)
- Sql2K19Ongke (1)
- Sqldatabase Serverless (1)
- Ssh User Equivalence (1)
- Ssis Denali Error (1)
- Ssis Install Error E Xisting Clustered Or Cluster (1)
- Ssis Package Deployment Error (1)
- Ssisdb Master Key (1)
- Ssisdb Restore Error (1)
- Sso (1)
- Ssrs 2019 (1)
- Sstable2Json (1)
- Sstableloader (1)
- Sstablesimpleunsortedwriter (1)
- Stack Dump (1)
- Standard Edition (1)
- Startup Process (1)
- Statistics (1)
- Statspack (1)
- Statspack Data Mining (1)
- Statspack Erroneously Reporting (1)
- Statspack Issues (1)
- Storage (1)
- Stored Procedure (1)
- Strategies (1)
- Streaming (1)
- Sunos (1)
- Swap (1)
- Swapping (1)
- Switch (1)
- Syft (1)
- Synapse (1)
- Sync Failed There Is Not Enough Space On The Disk (1)
- Sys Schema (1)
- System Function (1)
- Systems Administration (1)
- T-Sql (1)
- Table Optimization (1)
- Tablespace Growth (1)
- Tablespaces (1)
- Tags (1)
- Tar (1)
- Tde (1)
- Team Management (1)
- Tech Debt (1)
- Technology (1)
- Telegraf (1)
- Tempdb Encryption (1)
- Templates (1)
- Temporary Tablespace (1)
- Tenserflow (1)
- Teradata (1)
- Testing New Cassandra Builds (1)
- There Is Not Enough Space On The Disk (1)
- Thick Data (1)
- Third-Party Data (1)
- Thrift (1)
- Thrift Data (1)
- Tidb (1)
- Time Series (1)
- Time-Drift (1)
- Tkprof (1)
- Tmux (1)
- Tns (1)
- Trace (1)
- Tracefile (1)
- Training (1)
- Transaction Log (1)
- Transactions (1)
- Transformation Navigator (1)
- Transparent Data Encryption (1)
- Trigger (1)
- Triggers On Memory-Optimized Tables Must Use With (1)
- Troubleshooting (1)
- Tungsten (1)
- Tvdxtat (1)
- Twitter (1)
- U-Sql (1)
- UNDO Tablespace (1)
- Upgrade Issues (1)
- Uptime (1)
- Uptrade (1)
- Url Backup Error (1)
- Usability (1)
- Use Cases (1)
- User (1)
- User Defined Compactions (1)
- Utilization (1)
- Utl_Smtp (1)
- VDI Jump Host (1)
- Validate Structure (1)
- Validate_Credentials (1)
- Value (1)
- Velocity (1)
- Vertex AI (1)
- Vertica (1)
- Vertical Slicing (1)
- Videos (1)
- Virtual Private Cloud (1)
- Virtualization (1)
- Vision (1)
- Vpn (1)
- Wait_Timeout (1)
- Wallet (1)
- Webhook (1)
- Weblogic Connection Filters (1)
- Webscale Database (1)
- Windows 10 (1)
- Windows Powershell (1)
- WiredTiger (1)
- With Native_Compilation (1)
- Word (1)
- Workshop (1)
- Workspace Security (1)
- Xbstream (1)
- Xml Publisher (1)
- Zabbix (1)
- dbms_Monitor (1)
- postgresql 16 (1)
- sqltrace (1)
- tracing (1)
- vSphere (1)
- xml (1)
- December 2024 (1)
- October 2024 (2)
- September 2024 (7)
- August 2024 (4)
- July 2024 (2)
- June 2024 (6)
- May 2024 (3)
- April 2024 (2)
- February 2024 (1)
- January 2024 (11)
- December 2023 (10)
- November 2023 (11)
- October 2023 (10)
- September 2023 (8)
- August 2023 (6)
- July 2023 (2)
- June 2023 (13)
- May 2023 (4)
- April 2023 (6)
- March 2023 (10)
- February 2023 (6)
- January 2023 (5)
- December 2022 (10)
- November 2022 (10)
- October 2022 (10)
- September 2022 (13)
- August 2022 (16)
- July 2022 (12)
- June 2022 (13)
- May 2022 (11)
- April 2022 (4)
- March 2022 (5)
- February 2022 (4)
- January 2022 (14)
- December 2021 (16)
- November 2021 (11)
- October 2021 (6)
- September 2021 (11)
- August 2021 (6)
- July 2021 (9)
- June 2021 (4)
- May 2021 (8)
- April 2021 (16)
- March 2021 (16)
- February 2021 (6)
- January 2021 (12)
- December 2020 (12)
- November 2020 (17)
- October 2020 (11)
- September 2020 (10)
- August 2020 (11)
- July 2020 (13)
- June 2020 (6)
- May 2020 (9)
- April 2020 (18)
- March 2020 (21)
- February 2020 (13)
- January 2020 (15)
- December 2019 (10)
- November 2019 (11)
- October 2019 (12)
- September 2019 (16)
- August 2019 (15)
- July 2019 (10)
- June 2019 (16)
- May 2019 (20)
- April 2019 (21)
- March 2019 (14)
- February 2019 (18)
- January 2019 (18)
- December 2018 (5)
- November 2018 (16)
- October 2018 (12)
- September 2018 (20)
- August 2018 (27)
- July 2018 (31)
- June 2018 (34)
- May 2018 (28)
- April 2018 (27)
- March 2018 (17)
- February 2018 (8)
- January 2018 (20)
- December 2017 (14)
- November 2017 (4)
- October 2017 (1)
- September 2017 (3)
- August 2017 (5)
- July 2017 (4)
- June 2017 (2)
- May 2017 (7)
- April 2017 (7)
- March 2017 (8)
- February 2017 (8)
- January 2017 (5)
- December 2016 (3)
- November 2016 (4)
- October 2016 (8)
- September 2016 (9)
- August 2016 (10)
- July 2016 (9)
- June 2016 (8)
- May 2016 (13)
- April 2016 (16)
- March 2016 (13)
- February 2016 (11)
- January 2016 (6)
- December 2015 (11)
- November 2015 (11)
- October 2015 (5)
- September 2015 (16)
- August 2015 (4)
- July 2015 (1)
- June 2015 (3)
- May 2015 (6)
- April 2015 (5)
- March 2015 (5)
- February 2015 (4)
- January 2015 (3)
- December 2014 (7)
- October 2014 (4)
- September 2014 (6)
- August 2014 (6)
- July 2014 (16)
- June 2014 (7)
- May 2014 (6)
- April 2014 (5)
- March 2014 (4)
- February 2014 (10)
- January 2014 (6)
- December 2013 (8)
- November 2013 (12)
- October 2013 (9)
- September 2013 (6)
- August 2013 (7)
- July 2013 (9)
- June 2013 (7)
- May 2013 (7)
- April 2013 (4)
- March 2013 (7)
- February 2013 (4)
- January 2013 (4)
- December 2012 (6)
- November 2012 (8)
- October 2012 (9)
- September 2012 (3)
- August 2012 (5)
- July 2012 (5)
- June 2012 (7)
- May 2012 (11)
- April 2012 (1)
- March 2012 (8)
- February 2012 (1)
- January 2012 (6)
- December 2011 (8)
- November 2011 (5)
- October 2011 (9)
- September 2011 (6)
- August 2011 (4)
- July 2011 (1)
- June 2011 (1)
- May 2011 (5)
- April 2011 (2)
- February 2011 (2)
- January 2011 (2)
- December 2010 (1)
- November 2010 (7)
- October 2010 (3)
- September 2010 (8)
- August 2010 (2)
- July 2010 (4)
- June 2010 (7)
- May 2010 (2)
- April 2010 (1)
- March 2010 (3)
- February 2010 (3)
- January 2010 (2)
- November 2009 (6)
- October 2009 (6)
- August 2009 (3)
- July 2009 (3)
- June 2009 (3)
- May 2009 (2)
- April 2009 (8)
- March 2009 (6)
- February 2009 (4)
- January 2009 (3)
- November 2008 (3)
- October 2008 (7)
- September 2008 (6)
- August 2008 (9)
- July 2008 (9)
- June 2008 (9)
- May 2008 (9)
- April 2008 (8)
- March 2008 (4)
- February 2008 (3)
- January 2008 (3)
- December 2007 (2)
- November 2007 (7)
- October 2007 (1)
- August 2007 (4)
- July 2007 (3)
- June 2007 (8)
- May 2007 (4)
- April 2007 (2)
- March 2007 (2)
- February 2007 (5)
- January 2007 (8)
- December 2006 (1)
- November 2006 (3)
- October 2006 (4)
- September 2006 (3)
- July 2006 (1)
- May 2006 (2)
- April 2006 (1)
- July 2005 (1)
No Comments Yet
Let us know what you think