Oracle Login Sessions Test
Database administrators should eye sessions that have been open for a long time suspiciously, as such sessions are often indicato of performance bottlenecks. By zooming into such sessions, administrators can identify inefficient queries, hung/unresponsive transactions, or session logout failures that may be causing the sessions to remain open for abnormal time periods. This investigation may also bring inactive sessions to light. Inactive sessions unnecessarily hold on to critical server resources, causing business-critical transactions to fail for want of resources! To quickly isolate such problem sessions and the users who initiated them, and to rapidly determine the reason for the problems, administrators can use the Oracle Login Sessions test.
This test tracks user logins to the database server, identifies users who have sessions open for over a configured duration, and reports the count of such sessions per user. Using the detailed diagnosis of this test, you can also figure out the status of each session. This way, administrators will not only be able to determine the number of sessions that are ‘suspect’, but can also drill down to the reason why the sessions have been open for an unreasonable period of time. In addition, by reporting session status, the test also leads administrators to inactive sessions that are needlessly draining critical server resources.
Target of the test : An Oracle server
Agent deploying the test : An internal agent
Outputs of the test : One set of results for each user with one/more sessions that have been open for over the configured user login time.
Configurable parameters for the test
- TEST PERIOD - How often should the test be executed
- Host – The host for which the test is to be configured
- Port - The port on which the server is listening
-
User – In order to monitor an Oracle database server, a special database user account has to be created in every Oracle database instance that requires monitoring. A Click here hyperlink is available in the test configuration page, using which a new oracle database user can be created. Alternatively, you can manually create the special database user. When doing so, ensure that this user is vested with the select_catalog_role and create session privileges.
The sample script we recommend for user creation (in Oracle database server versions before 12c) for eG monitoring is:
create user oraeg identified by oraeg
create role oratest;
grant create session to oratest;
grant select_catalog_role to oratest;
grant oratest to oraeg;
The sample script we recommend for user creation (in Oracle database server 12c) for eG monitoring is:
alter session set container=<Oracle_service_name>;
create user <user_name>identified by <user_password> container=current default tablespace <name_of_default_tablespace> temporary tablespace <name_of_temporary_tablespace>;
Grant create session to <user_name>;
Grant select_catalog_role to <user_name>;
The name of this user has to be specified here.
-
Password – Password of the specified database user
This login information is required to query Oracle’s internal dynamic views, so as to fetch the current status / health of the various database components.
- Confirm password – Confirm the password by retyping it here.
- include user - By default, this is set to none. This indicates that by default, the test monitors all users who are currently logged into the database server. If required, you can provide a comma-separated list of users who are to be monitored. In this case, the test will report the open session count for each user in this comma-separated list only.
- exclude user- By default, this is set to none. This indicates that by default, the test does not exclude any user from the purview of monitoring. If required, you can provide a comma-separated list of users who are to be excluded from monitoring. In this case, the test will not report the open session count for the excluded users, though they may be currently logged in.
- user login time - By default, the Number of sessions measure reported by this test includes only those sessions that have been open for over 5 minutes. Accordingly, the user login time is set to 5 (minutes) by default. You can override this default setting by changing the duration (in minutes) specification against user login time.
- ISPASSIVE – If the value chosen is yes, then the Oracle server under consideration is a passive server in an Oracle cluster. No alerts will be generated if the server is not running. Measures will be reported as “Not applicable" by the agent if the server is not up.
- SSL- By default, this flag is set to No, as the target Oracle database is not SSL-enabled by default. If the target database is SSL-enabled, then set this flag to Yes.
- SSL Cipher-This parameter is applicable only if the target Oracle database is SSL-enabled, if not, set this parameter to none. A cipher suite is a set of cryptographic algorithms that are used before a client application and server exchange information over an SSL/TLS connection. It consist of sets of instructions on how to secure a network through SSL (Secure Sockets Layer) or TLS (Transport Layer Security). In this text box, provide a comma-seperated list of cipher suites that are allowed for SSL/TLS connection to the target database. By default, this parameter is set to none.
- TRUSTSTORE FILE- This parameter is applicable only if the target Oracle database is SSL-enabled, if not, set this parameter to none. TrustStore is used to store certificates from Certified Authorities (CA) that verify and authenticate the certificate presented by the server in an SSL connection. Therefore, the eG agent should have access to the truststore where the certificates are stored to authenticate and connect with the target database and collect metrics. For this, first import the certificates into the following default location <eG_INSTALL_DIR>/lib/security/mytruststore.jks. To know how to import the certificate into the truststore, refer toPre-requisites for monitoring Oracle Cluster. Then, provide the truststore file name in this text box. For example: mytruststore.jks. By default, none is specified against this text box.
- TRUSTSTORE TYPE-This parameter is applicable only if the target Oracle database is SSL-enabled, if not, set this parameter to none.Specify the type of truststore that contains the certificates for server authentication in this text box. For eg.,JKS. By default, this parameter is set to the value none.
- TRUSSTORE PASSWORD-This parameter is applicable only if the target Oracle database is SSL-enabled, if not, set this parameter to none. If a Truststore File name is provided, then, in this text box, provide the password that is used to obtain the associated certificate details from the Truststore File. By default, this parameter is set to none.
-
DETAILED DIAGNOSIS – To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.
The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
- The eG manager license should allow the detailed diagnosis capability
- Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
|
Measurements made by the test
Number of sessions:
|
Indicates the number of sessions for this user that have been open for a duration beyond the configured user login time.
|
Number
|
A high value indicates that the user has too many sessions open for an abnormal period of time. By comparing the value of this measure across users, you can quickly identify the user who has the maximum number of such sessions. To know what is causing the sessions to be open for such broad time windows, use the detailed diagnosis of this test. The detailed diagnosis reveals the session start time, the machine from which the session was initiated, the program/query executed in the session, and the session status. From this information, administrators can figure out whether a long-running query / inefficient query is causing the session to remain open for a long time. Such queries can be terminated to close the. Also, by looking at the session status in the detailed diagnosis, administrators can ascertain whether/not the session is active. Once a session is identified as inactive, administrators can proceed to terminate the session, to release critical server resources.
|