How to auto start or run SAP Instance?

This solution is only applicable to windows server.

1. RZ10
2. Select Startup profile
3. Create parameter  autostart
4. Put value 1
5. Copy
6. Save and activate
7. Logout
8. Stop Instance
9. Restart Server

This time it will automatically start SAP Instance.

Enable Audit to sys user to SYSLOG in Oracle 10g

Workaround to Enable Audit to sys user to SYSLOG

Oracle 9i onward, we have new feature to enable audit for sysdba privilege users. Record Audition writes to the system audit log.

This is an example to audit sys user to SYSLOG utility.

Edit syslog.conf and insert below line.

vi /etc/syslog.conf

Step 1
# vi /etc/syslog.conf
user.notice /var/log/syslog-orcl

# touch /var/log/syslog-orcl

Syntax to Restart syslog etc/init.d/syslog restart

Step 2

# /etc/init.d/syslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]

Syntax to Modify AUDIT_SYSLOG_LEVEL initialization parameter on Database
AUDIT_SYSLOG_LEVEL = facility.level

Here the value of facility can be any of the below:

USER, LOCAL0-LOCAL7, SYSLOG, DAEMON, KERN, MAIL, AUTH, LPR, NEWS, UUCP or CRON.

The value of level can be any of the following: NOTICE, INFO, DEBUG, WARNING, ERR, CRIT, ALERT, EMERG .

Examples:

SYS> show parameter AUDIT_SYSLOG_LEVEL

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_syslog_level string

SYS> alter system set audit_syslog_level='user.notice' scope=spfile;

System altered.

Restart Oracle instance

SYS> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.

SYS> startup
ORACLE instance started.

Total System Global Area 810053632 bytes
Fixed Size 2217712 bytes
Variable Size 645925136 bytes
Database Buffers 155189248 bytes
Redo Buffers 6721536 bytes
Database mounted.
Database opened.

Where and How to see log file?

# tail -f /var/log/syslog-orcl
Feb 27 11:37:39 RHEL5-ORQS Oracle Audit[18624]: LENGTH : '155' ACTION :[7] 'STARTUP' DATABASE USER:[1] '/' PRIVILEGE :[4] 'NONE' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[13] 'Not Available' STATUS:[1] '0' DBID:[0] ''
Feb 27 11:37:39 RHEL5-ORQS Oracle Audit[18827]: LENGTH : '148' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/1' STATUS:[1] '0' DBID:[0] ''

Test to Logon by sys: $ sqlplus “/ as sysdba”
SYS>

Syslog after logging as sysdba

# tail -f /var/log/syslog-orcl
Feb 27 11:40:12 RHEL5-ORQS Oracle Audit[19269]: LENGTH : '159' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/1' STATUS:[1] '0' DBID:[10] '1233539256'

Syntax to Audit sys operation (audit_sys_operations=true):

Example to display current value

SYS> show parameter audit_sys_operations

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_sys_operations boolean FALSE

Example to enable Audit or set true

SYS> alter system set audit_sys_operations=TRUE scope=spfile;

System altered.

SYS> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.

SYS> startup
ORACLE instance started.

Total System Global Area 810053632 bytes
Fixed Size 2217712 bytes
Variable Size 645925136 bytes
Database Buffers 155189248 bytes
Redo Buffers 6721536 bytes
Database mounted.
Database opened.

Test Query with sysdba privilage: SYS> select count(*) from v$session;

COUNT(*)
----------
105

1 row selected.

Syslog after logging as sysdba

# tail -f /var/log/syslog-orcl
Feb 27 11:49:19 RHEL5-ORQS Oracle Audit[20698]: LENGTH : '183' ACTION :[30] 'select count(*) from v$session' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/1' STATUS:[1] '0' DBID:[10] '1233539256'

Enjoy it........................

Oracle sql script verification function to set password policy

This a workarround to implement Password Policy in Oracle. Note, i have commented all alter commands, if you have decided to go for it. Please remove comments. Look at this sql function. Create a sql script file. (XXX.SQL) anyname.sql as you like.

--SQL script Starts Here
CREATE OR REPLACE FUNCTION verify_function
(username varchar2,
  password varchar2,
  old_password varchar2)
  RETURN boolean IS
   n boolean;
   m integer;
   differ integer;
   isdigit boolean;
   ischar  boolean;
   ispunct boolean;
   digitarray varchar2(20);
   punctarray varchar2(25);
   chararray varchar2(52);
BEGIN
   digitarray:= '0123456789';
   chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
   punctarray:='!"#$%&()``*+,-/:;<=>?_';
   -- Check if the password is same as the username
   IF NLS_LOWER(password) = NLS_LOWER(username) THEN
     raise_application_error(-20001, 'Password same as or similar to user');
   END IF;
   -- Check for the minimum length of the password
   IF length(password) < 8 THEN
      raise_application_error(-20002, 'Password length less than 8');
   END IF;
   -- Check if the password is too simple. A dictionary of words may be
   -- maintained and a check may be made so as not to allow the words
   -- that are too simple for the password.
   IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd', 'siemens', 'snemeis', '12345678') THEN
      raise_application_error(-20002, 'Password too simple');
   END IF;
   -- Check if the password contains at least one letter, one digit and one
   -- punctuation mark.
   -- 1. Check for the digit
   isdigit:=FALSE;
   m := length(password);
   FOR i IN 1..10 LOOP
      FOR j IN 1..m LOOP
         IF substr(password,j,1) = substr(digitarray,i,1) THEN
            isdigit:=TRUE;
             GOTO findchar;
         END IF;
      END LOOP;
   END LOOP;
   IF isdigit = FALSE THEN
      raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');
   END IF;
   -- 2. Check for the character
   <<findchar>>
   ischar:=FALSE;
   FOR i IN 1..length(chararray) LOOP
      FOR j IN 1..m LOOP
         IF substr(password,j,1) = substr(chararray,i,1) THEN
            ischar:=TRUE;
             GOTO findpunct;
         END IF;
      END LOOP;
   END LOOP;
   IF ischar = FALSE THEN
      raise_application_error(-20003, 'Password should contain at least one \
              digit, one character and one punctuation');
   END IF;
   -- 3. Check for the punctuation
   <<findpunct>>
   ispunct:=FALSE;
   FOR i IN 1..length(punctarray) LOOP
      FOR j IN 1..m LOOP
         IF substr(password,j,1) = substr(punctarray,i,1) THEN
            ispunct:=TRUE;
             GOTO endsearch;
         END IF;
      END LOOP;
   END LOOP;
   IF ispunct = FALSE THEN
      raise_application_error(-20003, 'Password should contain at least one \
              digit, one character and one punctuation');
   END IF;
   <<endsearch>>
   -- Check if the password differs from the previous password by at least
   -- 3 letters
   IF old_password IS NOT NULL THEN
     differ := length(old_password) - length(password);
     IF abs(differ) < 3 THEN
       IF length(password) < length(old_password) THEN
         m := length(password);
       ELSE
         m := length(old_password);
       END IF;
       differ := abs(differ);
       FOR i IN 1..m LOOP
         IF substr(password,i,1) != substr(old_password,i,1) THEN
           differ := differ + 1;
         END IF;
       END LOOP;
       IF differ < 3 THEN
         raise_application_error(-20004, 'Password should differ by at \
         least 3 characters');
       END IF;
     END IF;
   END IF;
   -- Everything is fine; return TRUE ;  
   RETURN(TRUE);
END;
/
-- You can revove comment mark (--) adapt the following if you want to apply this Verification & Password.
--ALTER PROFILE DEFAULT LIMIT
--PASSWORD_LIFE_TIME 90
--PASSWORD_GRACE_TIME 3
--PASSWORD_REUSE_TIME_LIMIT UNLIMITED
--PASSWORD_REUSE_MAX 5
--FAILED_LOGIN_ATTEMPTS 10
--PASSWORD_LOCK_TIME 1/1440 * 30
--PASSWORD_VERIFY_FUNCTION verify_function;

--SQL script ends

Thanks Regards

How lock unlock client in sap to prevent user login

This is a workaround to lock a client to prevent user to login during patching or any maintenance activity of SAP R/3 (ECC 6.0). Example with detaile are given below:-

Client locking:-----------
SE37->SCCR_LOCK_CLIENT
Press  Run/Test (look like ZIP file button)
enter your Client No. i.e. 210/300/500/900 etc
Press Execute button only.
Done

Client Unlocking:-----------
Client lock-> SE37->SCCR_UNLOCK_CLIENT
Press  Run/Test (look like ZIP file button)
enter your Client No. i.e. 210/300/500/900 etc
Press Execute button only.
Done

Best of Luck

SAP Kernel Upgrade

SAP Kernel Upgrade Tutorial step by Step:

1. Login as root

2. Make new backup directory
cd /
mkdir SIDkernel_10102007

3. Create latest kernel backup
cp -pr /sapmnt/SID/exe/* /SIDkernel_10102007

4. Compare size of the original kernel and the backup
du -sk /sapmnt/SID/exe/

=>840413 /sapmnt/SID/exe
du -sk /SIDkernel_10102007

=>840413 /SIDkernel_10102007

5. Make new shadow kernel directory
cd /
mkdir newkernel_175

6. Copy the new downloaded kernel files into /newkernel_175

7. Unpack the new downloaded kernel in folder /newkernel_175
/sapmant/SID/exe/SAPCAR -xvf SAPEXE_175-20000221.SAR
/sapmant/SID/exe/SAPCAR -xvf SAPEXEDB_175-20000223.SAR

8. Login as sidadm

9. Stop the SAP System
stopsap

10. Stop saposcol
saposcol -k

11. Go to the current kernel directory
Login as root

cd /sapmnt/SID/exe

12. Copy all extracted support packages into this folder
cp -pr /newkernel_175/* /sapmnt/SID/exe13.

13. Change file permission of files into kernel folder
cd /sapmnt/SID/exe
chown SIDadm:sapsys ./*

14. Copy back the original file from backup saproot.sh into this folder.
cp -p /SIDkernel_10102007/saproot.sh /sapmnt/SID/exe

15. Login as SIDadm with root privilege
Login as SIDadm

su root

16. Go to the current kernel directory
cd /sapmnt/SID/exe
Then execute:
./saproot.sh SID

Solaris Error (refer SAP Note 420417):

# ./saproot.sh SID

> ./saproot.sh: whoami: not found

> ./saproot.sh: test: argument expected

Solution:

#PATH=/usr/ucb:$PATH

#./saproot.sh <SID>

Again execute:

disp+work

17. Start the saposcol service
Login as sidadm

saposcol

18. Start the SAP system
startsap

Documented By: Dharmendra Kumar

Backup profile for SAP ECC6 + Oracle

This is my sample backup profile (initSID.sap) for taking disk backup on path /local/  

backup_mode = all

restore_mode = all

backup_type = online

backup_dev_type = disk

backup_root_dir = /local/BKP 

stage_root_dir = /oracle/SID/sapbackup

compress = yes

compress_cmd = "compress -c $ > $"

uncompress_cmd = "uncompress -c $ > $"

compress_dir = /oracle/SID/sapreorg

archive_function = save

archive_copy_dir = /local/arch

archive_stage_dir = /local/arch

tape_copy_cmd = cpio

disk_copy_cmd = copy

stage_copy_cmd = rcp

cpio_flags = -ovB

cpio_in_flags = -iuvB

cpio_disk_flags = -pdcu

dd_flags = "obs=64k bs=64k"

dd_in_flags = "ibs=64k bs=64k"

saveset_members = 1

copy_out_cmd = "dd ibs=8k obs=64k of=$"

copy_in_cmd = "dd ibs=64k obs=8k if=$"

rewind = "mt -f $ rew"

rewind_offline = "mt -f $ offline"

tape_pos_cmd = "mt -f $ fsf $"

tape_size = 1200M

exec_parallel = 0

tape_address = /dev/rmt/0mn

tape_address_rew = /dev/rmt/0m

volume_archive = (SIDA01, SIDA02, SIDA03, SIDA04, SIDA05,

                  SIDA06, SIDA07, SIDA08, SIDA09, SIDA10,

                  SIDA11, SIDA12, SIDA13, SIDA14, SIDA15,

                  SIDA16, SIDA17, SIDA18, SIDA19, SIDA20,

                  SIDA21, SIDA22, SIDA23, SIDA24, SIDA25,

                  SIDA26, SIDA27, SIDA28, SIDA29, SIDA30)

volume_backup = (SIDB01, SIDB02, SIDB03, SIDB04, SIDB05,

                 SIDB06, SIDB07, SIDB08, SIDB09, SIDB10,

                 SIDB11, SIDB12, SIDB13, SIDB14, SIDB15,

                 SIDB16, SIDB17, SIDB18, SIDB19, SIDB20,

                 SIDB21, SIDB22, SIDB23, SIDB24, SIDB25,

                 SIDB26, SIDB27, SIDB28, SIDB29, SIDB30)

expir_period = 30

tape_use_count = 100

Oracle parameters in pfile and sfile

Oracle spfile and pfile concepts:

Oracle instance starts with initSID.ora file. But,Oracle will start with spfile, If spfileSID.ora exists in <home folder>/dbs

How to create spfile?
How to do changes in pfile?
How to create pfile?


Answer:
sqlplus "/ as sysdba"
sqlplus>shutdown immediate;
sqlplus>create pfile from spfile;
sqlplus>exit;

<home folder>/dbs#vi initSID.ora

sqlplus "/ as sysdba"
sqlplus>create spfile from pfile;
sqlplus>exit;

Start Oracle Instance Now.

Now, Oracle will always start using spfileSID.ora file.

What is the sequence to start oracle?

Answer:
Sequence to search a file in oracle home filder is

spfileSID.ora
spfile.ora
initSID.ora
init.ora

If none of them found, oracle will fail to start.

Dharmendra Kumar