Written by: ilmarkerm

Category: Blog entry

Published: March 11, 2023

Here is a list of things that I think are important to monitor if you have Data Guard FSFO setup. All the mentioned things are intended for automated monitoring – things to raise alerts on.

My goal is to get as much information as possible from one place – the primary database. Since the primary database is alwas open and you can always connect your monitoring agent there.

This is about Oracle 19c (19.16.2 at the time of writing).

Here I’m also assuming Data Guard protection mode is set to MaxAvailability (or MaxProtection).

The overall status of Data Guard broker

I think the best way to get a quick overview of Data Guard health is to query V$DG_BROKER_CONFIG. It can be done from primary and it gives you a quick status for each destination.

SYS @ failtesti2:>SELECT database, dataguard_role, enabled, status
  FROM V$DG_BROKER_CONFIG;

DATABASE     DATAGUARD_ROLE     ENABL     STATUS
------------ ------------------ ----- ----------
failtesti1   PHYSICAL STANDBY   TRUE           0
failtesti2   PRIMARY            TRUE           0
failtesti3   PHYSICAL STANDBY   TRUE       16809

STATUS column is the most interesting. It gives you the current ORA error code for this destination. If it is 0 – ORA-0 means “normal, successful completion”.

Is FSFO target SYNCHRONIZED?

In case Fast-Start Failover is enabled – you need to be alerted if the FSFO target becomes UNSYNCHRONIZED. You can query it from V$DATABASE.

SYS @ failtesti2:>SELECT FS_FAILOVER_MODE, FS_FAILOVER_STATUS, FS_FAILOVER_CURRENT_TARGET, FS_FAILOVER_THRESHOLD
  FROM V$DATABASE;

FS_FAILOVER_MODE    FS_FAILOVER_STATUS     FS_FAILOVER_CURRENT_TARGET     FS_FAILOVER_THRESHOLD
------------------- ---------------------- ------------------------------ ---------------------
ZERO DATA LOSS      SYNCHRONIZED           failtesti1                                        25

-- After bouncing failtesti1

SYS @ failtesti2:>SELECT FS_FAILOVER_MODE, FS_FAILOVER_STATUS, FS_FAILOVER_CURRENT_TARGET, FS_FAILOVER_THRESHOLD
  FROM V$DATABASE;

FS_FAILOVER_MODE    FS_FAILOVER_STATUS     FS_FAILOVER_CURRENT_TARGET     FS_FAILOVER_THRESHOLD
------------------- ---------------------- ------------------------------ ---------------------
ZERO DATA LOSS      UNSYNCHRONIZED         failtesti1                                        25

Alert if FS_FAILOVER_STATUS has been UNSYNCHRONIZED for too long.

Is Observer connected?

In FSFO you also need to alert if observer is no longer present. If there is no observer, FSFO will not happen and you also loose quorum. If both standby database and observer are down – primary databases loses quorum and also shuts down.

Again, you can query V$DATABASE from the primary database.

SYS @ failtesti2:>SELECT FS_FAILOVER_MODE, FS_FAILOVER_CURRENT_TARGET, FS_FAILOVER_OBSERVER_PRESENT, FS_FAILOVER_OBSERVER_HOST
  FROM V$DATABASE;

FS_FAILOVER_MODE    FS_FAILOVER_CURRENT_TARGET     FS_FAIL FS_FAILOVER_OBSERVER_HOST
------------------- ------------------------------ ------- ------------------------------
ZERO DATA LOSS      failtesti1                     YES     failtest-observer

-- After stopping the observer
SYS @ failtesti2:>SELECT FS_FAILOVER_MODE, FS_FAILOVER_CURRENT_TARGET, FS_FAILOVER_OBSERVER_PRESENT
  FROM V$DATABASE;

FS_FAILOVER_MODE    FS_FAILOVER_CURRENT_TARGET     FS_FAIL
------------------- ------------------------------ -------
ZERO DATA LOSS      failtesti1                     NO

Alert if FS_FAILOVER_OBSERVER_PRESENT has been NO for too long.

Is the protection mode as intended?

Good to monitor to avoid DBA human errors. Maybe a DBA lowered the protection mode and forgot to reset it back to the original value. Again this information is available on V$DATABASE. Probably not needed, but it is an easy and check check.

SYS @ failtesti2:>SELECT PROTECTION_MODE, PROTECTION_LEVEL
    FROM V$DATABASE;

PROTECTION_MODE      PROTECTION_LEVEL
-------------------- --------------------
MAXIMUM AVAILABILITY MAXIMUM AVAILABILITY

Monitoring Apply and Transport lag

Probably this is one of the most asked about things to monitor about Data Guard. And the obvious way to do it is via Data Guard Broker.

First – you have ApplyLagThreshold and TransportLagThreshold properties for each database and if that is breached, Data Guard Broker will raise an alarm – the database status will change.

-- On my standby database I have ApplyLagThreshold and TransportLagThreshold set
DGMGRL> show database failtesti3 ApplyLagThreshold;
  ApplyLagThreshold = '30'
DGMGRL> show database failtesti3 TransportLagThreshold;
  TransportLagThreshold = '30'

-- I do breach both of the thresholds
DGMGRL> show database failtesti3;

Database - failtesti3

  Role:               PHYSICAL STANDBY
  Intended State:     APPLY-ON
  Transport Lag:      1 minute 38 seconds (computed 49 seconds ago)
  Apply Lag:          1 minute 38 seconds (computed 49 seconds ago)
  Average Apply Rate: 6.00 KByte/s
  Real Time Query:    ON
  Instance(s):
    failtesti3

  Database Warning(s):
    ORA-16853: apply lag has exceeded specified threshold
    ORA-16855: transport lag has exceeded specified threshold
    ORA-16857: member disconnected from redo source for longer than specified threshold

Database Status:
WARNING

-- If I query V$DG_BROKER_CONFIG from PRIMARY the status reflects that
SYS @ failtesti2:>SELECT database, dataguard_role, status
    FROM V$DG_BROKER_CONFIG;

DATABASE        DATAGUARD_ROLE         STATUS
--------------- ------------------ ----------
failtesti1      PHYSICAL STANDBY            0
failtesti2      PRIMARY                     0
failtesti3      PHYSICAL STANDBY        16809

$ oerr ora 16809
16809, 00000, "multiple warnings detected for the member"
// *Cause:  The broker detected multiple warnings for the member.
// *Action: To get a detailed status report, check the status of the member
//          specified using either Enterprise Manager or the DGMGRL CLI SHOW
//          command.

-- If I fix the transport lag
SYS @ failtesti2:>SELECT database, dataguard_role, status
    FROM V$DG_BROKER_CONFIG;

DATABASE        DATAGUARD_ROLE         STATUS
--------------- ------------------ ----------
failtesti1      PHYSICAL STANDBY            0
failtesti2      PRIMARY                     0
failtesti3      PHYSICAL STANDBY        16853

$ oerr ora 16853
16853,0000, "apply lag has exceeded specified threshold"
// *Cause:  The current apply lag exceeded the value specified by the
//          ApplyLagThreshold configurable property. It may be caused either by
//          a large transport lag or poor performance of apply services on the 
//          standby database.
// *Action: Check for gaps on the standby database. If no gap is present, tune
//          the apply services.

Really good for monitoring and the monitoring agent only needs to connect to the primary database. If status != 0, we have a problem.

OK good, but that will only tell you that the threshold was breached – but how big is the lag actually? Managers like charts. If you can query from standby database, V$DATAGUARD_STATS is your friend.

-- Has to be executed from standby database
WITH
    FUNCTION interval_to_seconds(p_int interval day to second) RETURN number
        DETERMINISTIC
    IS
    BEGIN
        -- Converts interval to seconds
        RETURN 
            extract(day from p_int)*86400+
            extract(hour from p_int)*3600+
            extract(minute from p_int)*60+
            extract(second from p_int);
    END;
SELECT name, interval_to_seconds(to_dsinterval(value)) lag_s
FROM v$dataguard_stats
WHERE name IN ('transport lag','apply lag')

Another view to get more details about the apply process is V$RECOVERY_PROGRESS. Again have to query it from the standby database itself. You can see apply rates for example from there.

What if you can not (do not want to) connect to (each) standby database, maybe it is in MOUNTED mode (I object to connecting remotely as SYS)? How to get standby lag querying from primary database?

Documented option is to query V$ARCHIVE_DEST, not great and does not work for cascaded destinations.

SYS @ failtesti2:>SELECT dest_id, dest_name, applied_scn, scn_to_timestamp(applied_scn)
  FROM v$archive_dest
  WHERE status = 'VALID' and applied_scn > 0;

   DEST_ID DEST_NAME            APPLIED_SCN SCN_TO_TIMESTAMP(APPLIED_SCN)
---------- -------------------- ----------- -----------------------------
         2 LOG_ARCHIVE_DEST_2     409036447 2023-03-11 07:40:00
         3 LOG_ARCHIVE_DEST_3     409173280 2023-03-11 07:41:27

Not really great for monitoring.

Is there a possibility to query Broker data from primary database? Currently not in a documented way.

-- Query from Broker. NB! DBMS_DRS is currently undocumented.
-- X$DRC is X$, so it will never be documented, and you can only query it as SYS/SYSDG.

SYS @ failtesti2:>SELECT value database_name, dbms_drs.get_property_obj(object_id, 'ApplyLag') apply_lag
  FROM x$drc
  WHERE attribute='DATABASE' and value != 'failtesti2';

DATABASE_NAM APPLY_LAG
------------ ------------
failtesti1   0 0
failtesti3   1174 40

-- As a comparison
SYS @ failtesti2:>SELECT dest_id, dest_name, applied_scn, cast(systimestamp as timestamp) - scn_to_timestamp(applied_scn) lag
  FROM v$archive_dest
  WHERE status = 'VALID' and applied_scn > 0;

   DEST_ID DEST_NAME            APPLIED_SCN LAG
---------- -------------------- ----------- ------------------------------
         2 LOG_ARCHIVE_DEST_2     409036447 +000000000 00:20:13.863936000
         3 LOG_ARCHIVE_DEST_3     411005382 +000000000 00:00:40.863936000

-- Comparing these numbers it seems to me that "1174 40" should be interpreted as "lag_in_seconds measurement_age_in_seconds"
-- So failtesti3 had 1174 seconds of lag measured 40 seconds ago

-- The same also works for TransportLag
SYS @ failtesti2:>SELECT value database_name, dbms_drs.get_property_obj(object_id, 'TransportLag') transport_lag
  FROM x$drc
  WHERE attribute='DATABASE' and value != 'failtesti2';

DATABASE_NAM TRANSPORT_LAG
------------ -------------
failtesti1   0 0
failtesti3   107 56

Also – my favourite actually – if you have Active Data Guard licence and the standby is open – just have a pinger job in primary database updating a row every minute (or 30s??) to the current UTC timestamp sys_extract_utc(systimestamp). And have your monitoring agent check on the standby side how old that timestamp is. It is my favourite, because it is a true end-to-end check, it does not depend on any dark unseen Data Guard inner workings and wonderings if the reported numbers by Broker are correct.

Is MRP running (the apply process)?

Monitoring lag via Broker is great, but if by DBA accident you set APPLY-OFF for a maintenance – and forget to start it again. Since administrator has told Broker that APPLY should be OFF, Broker will not raise ApplyLag warnings anymore. So if Failover happens – it will be very slow, since it also needs to apply all the missing logs.

-- To demonstrate the problem

DGMGRL> show database failtesti3 ApplyLagThreshold;
  ApplyLagThreshold = '30'

-- ApplyLagThreshold is 30s and current Apply Lag is 25 min, but status is SUCCESS!
-- This is because Intended State: APPLY-OFF
DGMGRL> show database failtesti3;

Database - failtesti3

  Role:               PHYSICAL STANDBY
  Intended State:     APPLY-OFF
  Transport Lag:      0 seconds (computed 1 second ago)
  Apply Lag:          25 minutes 3 seconds (computed 1 second ago)
  Average Apply Rate: (unknown)
  Real Time Query:    OFF
  Instance(s):
    failtesti3

Database Status:
SUCCESS

-- Same from primary, failtesti3 has status=0
SYS @ failtesti2:> SELECT database, dataguard_role, enabled, status
    FROM V$DG_BROKER_CONFIG;

DATABASE     DATAGUARD_ROLE     ENABL     STATUS
------------ ------------------ ----- ----------
failtesti1   PHYSICAL STANDBY   TRUE           0
failtesti2   PRIMARY            TRUE           0
failtesti3   PHYSICAL STANDBY   TRUE           0

-- Sure will still show Apply Lag from Broker
SYS @ failtesti2:> SELECT value database_name, dbms_drs.get_property_obj(object_id, 'ApplyLag') apply_lag
    FROM x$drc
    WHERE attribute='DATABASE' and value = 'failtesti3';

DATABASE_NAM APPLY_LAG
------------ ------------
failtesti3   1792 0

How to check that all targets are applying? One option is to actually check on standby side, if MRP0 process is running.

SYS @ failtesti3:>SELECT process
    FROM V$MANAGED_STANDBY
    WHERE process = 'MRP0';

PROCESS
---------
MRP0

-- I shut down apply
DGMGRL> edit database failtesti3 set state='apply-off';
Succeeded.

-- No MRP0 anymore
SYS @ failtesti3:>SELECT process FROM V$MANAGED_STANDBY WHERE process = 'MRP0';

no rows selected

But for automated monitoring I don’t really like to connect to each standby, especially if no Active Data Guard is in use. How to get it from primary? It gets a little tricky.

-- To check the intended state, could also go for the unsupported route.
-- APPLY-READY means APPLY-OFF
SYS @ failtesti2:>SELECT value database_name, dbms_drs.get_property_obj(object_id, 'intended_state') intended_state
    FROM x$drc
    WHERE attribute='DATABASE' and value = 'failtesti3';

DATABASE_NAM INTENDED_STATE
------------ --------------------
failtesti3   PHYSICAL-APPLY-READY

-- After turning APPLY-ON
DGMGRL> edit database failtesti3 set state='apply-on';
Succeeded.
SYS @ failtesti2:>SELECT value database_name, dbms_drs.get_property_obj(object_id, 'intended_state') intended_state
    FROM x$drc
    WHERE attribute='DATABASE' and value = 'failtesti3';

DATABASE_NAM INTENDED_STATE
------------ --------------------
failtesti3   PHYSICAL-APPLY-ON

Here could check that Broker has the intended state correct for all standby databases.

Broker also has export configuration option, that could possibly be used for some automated checks. It is a documented DGMGRL command, but the resulting XML file is placed under database trace directory and the contents of that XML file are not documented.

[oracle@failtest-2 ~]$ dgmgrl / "export configuration to auto-dg-check.xml"
DGMGRL for Linux: Release 19.0.0.0.0 - Production on Sat Mar 11 09:04:17 2023
Version 19.16.2.0.0

Copyright (c) 1982, 2019, Oracle and/or its affiliates.  All rights reserved.

Welcome to DGMGRL, type "help" for information.
Connected to "FAILTESTI2"
Connected as SYSDG.
Succeeded.

-- The result is an XML file with all interesting Broker configurations that could be used for automated monitoring

[oracle@failtest-2 ~]$ cat /u01/app/oracle/diag/rdbms/failtesti2/failtesti2/trace/auto-dg-check.xml

...
  <Member MemberID="1" CurrentPath="True" Enabled="True" MultiInstanced="True" Name="failtesti1">
    <DefaultState>STANDBY</DefaultState>
    <IntendedState>STANDBY</IntendedState>
    <Status>
      <Severity>Success</Severity>
      <Error>0</Error>
      <Timestamp>1678525406</Timestamp>
    </Status>
    <Role>
      <Condition>STANDBY</Condition>
      <DefaultState>PHYSICAL-APPLY-ON</DefaultState>
      <IntendedState>PHYSICAL-APPLY-ON</IntendedState>
    </Role>
...
  </Member>
...
  <Member MemberID="3" CurrentPath="True" Enabled="True" MultiInstanced="True" Name="failtesti3">
    <Status>
      <Severity>Success</Severity>
      <Error>0</Error>
      <Timestamp>1678525396</Timestamp>
    </Status>
    <Role>
      <Condition>STANDBY</Condition>
      <DefaultState>PHYSICAL-APPLY-ON</DefaultState>
      <IntendedState>PHYSICAL-APPLY-READY</IntendedState>
    </Role>
...
  </Member>
...

Recovery Area

Need to cover also the basics – like Recovery Area usage. When using Data Guard you have most likely set ArchivelogDeletionPolicy to Applied On (All) Standby… or shipped, so if any of the standby databases fall behind, the recovery are on primary (or other standby databases) will also start to grow. Keep an eye on that.

Useful views: V$RECOVERY_FILE_DEST (or V$RECOVERY_AREA_USAGE to see the breakdown into individual consumers).

SELECT sys_extract_utc(systimestamp) time
    , name recovery_dest_location
    , round(space_limit/1024/1024/1024) size_gb
    , round((space_used-space_reclaimable)/1024/1024/1024) used_gib
    , round((space_used-space_reclaimable)*100/space_limit) used_pct
FROM V$RECOVERY_FILE_DEST

Connecting to the alert.log topic below… if you have been slow to react on the proactive recovery area check above, always good to keep mining alert.log for ORA-19809. If that is seen, raise the highest immediate alert – recovery area is full and archiving is stopped.

Alert.log

Always a good idea to keep an eye on important messages from alert.log even if they are not directly related to Data Guard. I’ve blogged about how I mine and monitor alert.log here.

What to alert on? Anything where level < 16 also keep an eye on if comp_id=’VOS’.

System wait events

In case of using FSFO, your standby database is most likely in SYNC or FASTSYNC mode, this is having an impact on end user commit times. So good to keep an eye on commit timings.

V$SYSTEM_EVENT is a good view for this, but you have to sample it regularly and report on the deltas.

-- Need to sample this regularly. Report on deltas.
SELECT sys_extract_utc(systimestamp) sample_time, event
    , time_waited_micro_fg
    , time_waited_micro
FROM v$system_event
WHERE event in ('log file sync','log file parallel write','Redo Transport MISC','SYNC Remote Write');

<RANT/>

Please only use UTC times (or TIMESTAMP WITH TIME ZONE) when developing your internal monitoring (or any other software). This is the global time standard for our planet. It is always growing, no strange jumps, everyone knows what it is. Local times belong only to the user interface layer.

Did I miss anything?

Most likely – but please tell me! I’m very interested in getting Data Guard FSFO monitoring rock solid.

Oracle REST Data Services

Recently ORDS also added a REST interface to query Data Guard properties. I have not yet checked it out, but potential for monitoring is high – especially to get around using the undocumented features.

https://docs.oracle.com/en/database/oracle/oracle-database/21/dbrst/op-database-dataguard-databases-database-properties-get.html

At minimum need to trace what queries it is executing in the background to replicate them for custom monitoring 🙂