Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
15 views

SQL Server Auditing Quick Reference Guide

This document provides a quick reference guide for auditing SQL Server from versions 2005 to 2014. It outlines the steps for creating, managing, and stopping a trace, as well as how to view and import trace data. Additionally, it lists common SQL trace events and table columns relevant to auditing activities.

Uploaded by

vkiev3000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

SQL Server Auditing Quick Reference Guide

This document provides a quick reference guide for auditing SQL Server from versions 2005 to 2014. It outlines the steps for creating, managing, and stopping a trace, as well as how to view and import trace data. Additionally, it lists common SQL trace events and table columns relevant to auditing activities.

Uploaded by

vkiev3000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Quick Reference Guide

SQL Server Auditing


SQL Server 2005-2014

Trace Creation
 Run MS SQL Management Studio > Connect to database you want to Common SQL
audit > New Query > Copy the following script into new query box:
DECLARE @RC int, @TraceID int, @on BIT Trace Events:
 12 – SQL:BatchCompleted
EXEC @rc = sp_trace_create @TraceID output, 2,
 13 – SQL:BatchStarting
N'C:\pathname\file'  105 – Audit Login GDR Event
SELECT RC = @RC, TraceID = @TraceID  109 – Audit Add DB User Event
-- Follow Common SQL trace event list and common sql trace  110 – Audit Add Member to DB
Role Event
-- tables to define which events and tables you want to  111 – Audit Add/Drop Role
capture  113 – Audit Statement
Permission
SELECT @on = 1
 128 – Audit Database
EXEC sp_trace_setevent @TraceID, 111, 1, @on Management Event
-- (111-Event Audit Add/Drop Role, 1-TextData table column)  131 – Audit Schema Object
Management Event
EXEC sp_trace_setevent @TraceID, 111, 11, @on  176 – Audit Server Object
EXEC sp_trace_setevent @TraceID, 111, 14, @on Management Event
EXEC @RC = sp_trace_setstatus @TraceID, 1  177 – Audit Server Principal
Management Event
GO
Common SQL
 Define file trace location and hit “Execute” to start a new trace Trace Table
Columns:
Trace Management  1 – TextData
 Execute this query to stop the trace:  6 – NTUserName
sp_trace_setstatus @traceid = 2, @status = 0  11 – LoginName
 14 – StartTime
 Execute this query to delete the trace:  15 – EndTime
sp_trace_setstatus @traceid = 2, @status = 2  26 – ServerName
 35 – DatabaseName
You can find full events and tables
 Execute this query in order to import the trace into database table: list here: url2open.com/sqltrace
USE DBname
SELECT * INTO tablename FROM ::fn_trace_gettable
('C:\pathname\file.trc', DEFAULT)
GO
 Execute this query in order to view trace data:
SELECT TOP 1000 [TextData] ,[HostName] ,[LoginName] ,[StartTime] ,[EndTime] ,
[ServerName] ,[EventClass]
FROM [DBname].[dbo].[tablename]

 Inspect “TextData” table for events like: CREATE LOGIN, ALTER SERVER
ROLE, DROP LOGIN etc...

Get #completevisibility into what's going on inside your Microsoft SQL


Server for free: netwrix.com/go/trial-ss

Corporate Headquarters: Toll-free: 888-638-9749 Int'l: 1-949-407-5125


300 Spectrum Center Drive, Suite 1100, EMEA: 44 (0) 203-318-0261 netwrix.com/social
Irvine, CA

You might also like