Here’s an example of counting logons (established connections) at the listener:
By minute:
fgrep "23-JUL-2018 10:" listener.log | fgrep "establish" | awk '{ print $1 " " $2 }' | awk -F: '{ print $1 ":" $2 }' | sort | uniq -c
4 23-JUL-2018 10:05
4 23-JUL-2018 10:06
8 23-JUL-2018 10:07
10 23-JUL-2018 10:08
4 23-JUL-2018 10:09
4 23-JUL-2018 10:10
4 23-JUL-2018 10:11
5 23-JUL-2018 10:12
5 23-JUL-2018 10:13
4 23-JUL-2018 10:14
14 23-JUL-2018 10:15
11 23-JUL-2018 10:16
By hour:
fgrep "23-JUL-2018" listener.log | fgrep "establish" | awk '{ print $1 " " $2 }' |^Jawk -F: '{ print $1 }' | sort | uniq -c
771 23-JUL-2018 10
876 23-JUL-2018 11
889 23-JUL-2018 12
Some Filters
grep -B 2 -A 2 'Fri Oct 30' alert_DB.log |grep -B 2 -A 2 Rejected grep -i -B 2 -A 2 '27-DEC-2017*' alert_DB.log | grep -i -B 5 -A 5 '(SERVICE_NAME=db_name)(CID=(PROGRAM=sqlplus@pr**)(HOST=server)' tail -24452 alert_DB.log |grep -B 2 -A 2 Rejected | grep -v logons | grep -iv warning |cut -d ' ' -f8,10 |grep -v limit |grep , |cut -d ',' -f2 |sort |uniq
DBADEEDS 
Leave a comment