关于MSSQL audit记录1
发表于:2025-02-06 作者:千家信息网编辑
千家信息网最后更新 2025年02月06日,点击(此处)折叠或打开-----创建审核对象之前需要切换到master数据库--USE [master]--GO--CREATE SERVER AUDIT MyAudit TO FILE(FI
千家信息网最后更新 2025年02月06日关于MSSQL audit记录1
the following sql show how to read the bitry audt file
{color:red}* how to change the audit actions{color}
--each time diable the audit before you chagne anything
{code:sql}
use datayesdb
go
alter DATABASE AUDIT SPECIFICATION CaptureDBActionToEventLog with (STATE =OFF)
use master
ALTER SERVER AUDIT MyAudit WITH(STATE =OFF)
{code}
--switch to user db and change your audit actions
{code:Sql}
use datayesdb
go
alter DATABASE AUDIT SPECIFICATION CaptureDBActionToEventLog
FOR SERVER AUDIT MyAudit
Drop (INSERT,UPDATE,DELETE ON schema::dbo BY PUBLIC),
Add (UPDATE,DELETE ON schema::dbo BY PUBLIC)
alter DATABASE AUDIT SPECIFICATION CaptureDBActionToEventLog WITH (STATE =ON)
{code}
--select the detail into from database_audit_specification_details for verification
{code:sql}select * from sys.database_audit_specification_details
{code}}
database_specification_id audit_action_id audit_action_name class class_desc major_id minor_id audited_principal_id audited_result is_group
------------------------- --------------- ------------------------------------------------------------ ----- ------------------------------------------------------------ ----------- ----------- -------------------- ------------------------------------------------------------ --------
65536 MNDO DATABASE_OBJECT_CHANGE_GROUP 0 DATABASE 0 0 0 SUCCESS AND FAILURE 1
65536 DL DELETE 3 SCHEMA 1 0 0 SUCCESS AND FAILURE 0
65536 UP UPDATE 3 SCHEMA 1 0 0 SUCCESS AND FAILURE 0
(3 行受影响)
--the following script will help you get the audit records
{code:sql}
use datayesdb
gp
SELECT CONVERT(datetime,SWITCHOFFSET(CONVERT(datetimeoffset, event_time),DATENAME(TzOffset, SYSDATETIMEOFFSET()))) AS event_time,
'触发审核的日期和时间' ,
sequence_number AS '单个审核记录中的记录顺序' ,
action_id AS '操作的 ID' ,
succeeded AS '触发事件的操作是否成功' ,
permission_bitmask AS '权限掩码' ,
is_column_permission AS '是否为列级别权限' ,
a.session_id AS '发生该事件的会话的 ID' ,
server_principal_id AS '执行操作的登录上下文 ID' ,
database_principal_id AS '执行操作的数据库用户上下文 ID' ,
target_server_principal_id AS '执行 GRANT/DENY/REVOKE 操作的服务器主体' ,
target_database_principal_id AS '执行 GRANT/DENY/REVOKE 操作的数据库主体' ,
object_id AS '发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)' ,
class_type AS '可审核实体的类型' ,
session_server_principal_name AS '会话的服务器主体' ,
server_principal_name AS '当前登录名' ,
server_principal_sid AS '当前登录名 SID' ,
database_principal_name AS '当前用户' ,
target_server_principal_name AS '操作的目标登录名' ,
target_server_principal_sid AS '目标登录名的 SID' ,
target_database_principal_name AS '操作的目标用户' ,
server_instance_name AS '审核的服务器实例的名称' ,
database_name AS '发生此操作的数据库上下文' ,
schema_name AS '此操作的架构上下文' ,
object_name AS '审核的实体的名称' ,
statement AS 'TSQL 语句(如果存在)' ,
additional_information AS '单个事件的唯一信息,以 XML 的形式返回' ,
file_name AS '记录来源的审核日志文件的路径和名称' ,
audit_file_offset AS '包含审核记录的文件中的缓冲区偏移量' ,
user_defined_event_id AS '作为 sp_audit_write 参数传递的用户定义事件 ID' ,
user_defined_information AS '于记录用户想要通过使用 sp_audit_write 存储过程记录在审核日志中的任何附加信息',
b.CLIENT_NET_ADDRESS AS 'ClientIPAddress'
FROM sys.[fn_get_audit_file]('D:\SqlAudits\*.sqlaudit',
DEFAULT, DEFAULT) a left join SYS.DM_EXEC_CONNECTIONS b
on a.session_id=b.session_id
where event_time between
dateadd(mi, -10,event_time) and event_time
{code}
--you can get the audit file path and detail info with the following scipt
select * from sys.server_file_audits
--create procedure
-- ================================================
-- Template generated from Template Explorer using:
-- Create Procedure (New Menu).SQL
--
-- Use the Specify Values for Template Parameters
-- command (Ctrl-Shift-M) to fill in the parameter
-- values below.
--
-- This block of comments will not be included in
-- the definition of the procedure.
-- ================================================
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author:
-- Create date:
-- Description:
-- =============================================
CREATE PROCEDURE audit_record
@i int = 10
AS
BEGIN
/****** Script for SelectTopNRows command from SSMS ******/
insert into [MyAudit].[dbo].[Audit_DYDB_UPDL]
( [event_time]
,[sequence_number]
,[action_id]
,[succeeded]
,[permission_bitmask]
,[is_column_permission]
,[session_id]
,[server_principal_id]
,[database_principal_id]
,[target_server_principal_id]
,[target_database_principal_id]
,[object_id]
,[class_type]
,[session_server_principal_name]
,[server_principal_name]
,[server_principal_sid]
,[database_principal_name]
,[target_server_principal_name]
,[target_server_principal_sid]
,[target_database_principal_name]
,[server_instance_name]
,[database_name]
,[schema_name]
,[object_name]
,[statement]
,[additional_information]
,[file_name]
,[audit_file_offset]
,[user_defined_event_id]
,[user_defined_information]
,[CLIENT_NET_ADDRESS])
SELECT CONVERT(datetime,SWITCHOFFSET(CONVERT(datetimeoffset, event_time),DATENAME(TzOffset, SYSDATETIMEOFFSET()))) AS '触发审核的日期和时间' ,
--b.connect_time,
sequence_number AS '单个审核记录中的记录顺序' ,
action_id AS '操作的 ID' ,
succeeded AS '触发事件的操作是否成功' ,
permission_bitmask AS '权限掩码' ,
is_column_permission AS '是否为列级别权限' ,
a.session_id AS '发生该事件的会话的 ID' ,
server_principal_id AS '执行操作的登录上下文 ID' ,
database_principal_id AS '执行操作的数据库用户上下文 ID' ,
target_server_principal_id AS '执行 GRANT/DENY/REVOKE 操作的服务器主体' ,
target_database_principal_id AS '执行 GRANT/DENY/REVOKE 操作的数据库主体' ,
object_id AS '发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)' ,
class_type AS '可审核实体的类型' ,
session_server_principal_name AS '会话的服务器主体' ,
server_principal_name AS '当前登录名' ,
server_principal_sid AS '当前登录名 SID' ,
database_principal_name AS '当前用户' ,
target_server_principal_name AS '操作的目标登录名' ,
target_server_principal_sid AS '目标登录名的 SID' ,
target_database_principal_name AS '操作的目标用户' ,
server_instance_name AS '审核的服务器实例的名称' ,
database_name AS '发生此操作的数据库上下文' ,
schema_name AS '此操作的架构上下文' ,
object_name AS '审核的实体的名称' ,
statement AS 'TSQL 语句(如果存在)' ,
additional_information AS '单个事件的唯一信息,以 XML 的形式返回' ,
file_name AS '记录来源的审核日志文件的路径和名称' ,
audit_file_offset AS '包含审核记录的文件中的缓冲区偏移量' ,
user_defined_event_id AS '作为 sp_audit_write 参数传递的用户定义事件 ID' ,
user_defined_information AS '于记录用户想要通过使用 sp_audit_write 存储过程记录在审核日志中的任何附加信息',
b.CLIENT_NET_ADDRESS AS 'ClientIPAddress' --into MyAudit..Audit_DYDB_UPDL
FROM sys.[fn_get_audit_file]('D:\SqlAudits\*.sqlaudit',
DEFAULT, DEFAULT) a left join SYS.DM_EXEC_CONNECTIONS b
on a.session_id=b.session_id
where
CONVERT(datetime,SWITCHOFFSET(CONVERT(datetimeoffset, event_time),DATENAME(TzOffset, SYSDATETIMEOFFSET()))) between dateadd(mi, -@i,getdate()) and getdate()
END
GO
------------------------------------------
--create job
USE [msdb]
GO
DECLARE @jobId BINARY(16)
EXEC msdb.dbo.sp_add_job @job_name=N'DBA_Audit_10min',
@enabled=1,
@notify_level_eventlog=0,
@notify_level_email=2,
@notify_level_netsend=2,
@notify_level_page=2,
@delete_level=0,
@description=N'record the audit each 10 min',
@category_name=N'[Uncategorized (Local)]',
@owner_login_name=N'dba_monitor', @job_id = @jobId OUTPUT
select @jobId
GO
EXEC msdb.dbo.sp_add_jobserver @job_name=N'DBA_Audit_10min', @server_name = N'SH-DM-DB04'
GO
USE [msdb]
GO
EXEC msdb.dbo.sp_add_jobstep @job_name=N'DBA_Audit_10min', @step_name=N'DBA_audit_record_10',
@step_id=1,
@cmdexec_success_code=0,
@on_success_action=1,
@on_fail_action=2,
@retry_attempts=0,
@retry_interval=0,
@os_run_priority=0, @subsystem=N'TSQL',
@command=N'MyAudit..audit_record 10',
@database_name=N'datayesdb',
@flags=0
GO
USE [msdb]
GO
EXEC msdb.dbo.sp_update_job @job_name=N'DBA_Audit_10min',
@enabled=1,
@start_step_id=1,
@notify_level_eventlog=0,
@notify_level_email=2,
@notify_level_netsend=2,
@notify_level_page=2,
@delete_level=0,
@description=N'record the audit each 10 min',
@category_name=N'[Uncategorized (Local)]',
@owner_login_name=N'dba_monitor',
@notify_email_operator_name=N'',
@notify_netsend_operator_name=N'',
@notify_page_operator_name=N''
GO
USE [msdb]
GO
DECLARE @schedule_id int
EXEC msdb.dbo.sp_add_jobschedule @job_name=N'DBA_Audit_10min', @name=N'DBA_audit_10',
@enabled=1,
@freq_type=4,
@freq_interval=1,
@freq_subday_type=4,
@freq_subday_interval=10,
@freq_relative_interval=0,
@freq_recurrence_factor=1,
@active_start_date=20170719,
@active_end_date=99991231,
@active_start_time=0,
@active_end_time=235959, @schedule_id = @schedule_id OUTPUT
select @schedule_id
GO
点击(此处)折叠或打开
- -----创建审核对象之前需要切换到master数据库
- --USE [master]
- --GO
- --CREATE SERVER AUDIT MyAudit TO FILE(FILEPATH='D:\SqlAudits') --这里指定文件夹不能指定文件,生成文件都会保存在这个文件夹
- --GO
- --实际上,我们在创建审核对象的同时可以指定审核选项,下面是相关脚本
- --把日志放在磁盘的好处是可以使用新增的TVF:sys.[fn_get_audit_file] 来过滤和排序审核数据,如果把审核数据保存在Windows 事件日志里查询起来非常麻烦
- USE [master]
- GO
- CREATE SERVER AUDIT MyAudit TO FILE(
- FILEPATH='D:\SqlAudits',
- MAXSIZE=2GB,
- MAX_ROLLOVER_FILES=12)
- WITH (
- ON_FAILURE=CONTINUE,
- QUEUE_DELAY=1000);
- ALTER SERVER AUDIT MyAudit WITH(STATE =ON)
- --MAXSIZE:指明每个审核日志文件的最大大小是4GB
- --MAX_ROLLOVER_FILES:指明滚动文件数目,类似于SQL ERRORLOG,达到多少个文件之后删除前面的历史文件,这里是6个文件
- --ON_FAILURE:指明当审核数据发生错误时的操作,这里是继续进行审核,如果指定shutdown,那么将会shutdown整个实例
- --queue_delay:指明审核数据写入的延迟时间,这里是1秒,最小值也是1秒,如果指定0表示是实时写入,当然性能也有一些影响
- --STATE:指明启动审核功能,STATE这个选项不能跟其他选项共用,所以只能单独一句
- --在修改审核选项的时候,需要先禁用审核,再开启审核
- --ALTER SERVER AUDIT MyFileAudit WITH(STATE =OFF)
- --ALTER SERVER AUDIT MyFileAudit WITH(QUEUE_DELAY =1000)
- --ALTER SERVER AUDIT MyFileAudit WITH(STATE =ON)
- USE [T_restore]
- GO
- CREATE DATABASE AUDIT SPECIFICATION CaptureDBActionToEventLog
- FOR SERVER AUDIT MyAudit
- ADD (database_object_change_group),
- ADD (INSERT,UPDATE,DELETE ON schema::dbo BY PUBLIC)
- WITH (STATE =ON)
- --我们先在D盘创建sqldbaudits文件夹
- --第一个操作组对数据库中所有对象的DDL语句create,alter,drop等进行记录
- --第二个语句监视由任何public用户(也就是所有用户)对dbo架构的任何对象所做的DML操作
the following sql show how to read the bitry audt file
点击(此处)折叠或打开
- SELECT [event_time] AS '触发审核的日期和时间' ,
- sequence_number AS '单个审核记录中的记录顺序' ,
- action_id AS '操作的 ID' ,
- succeeded AS '触发事件的操作是否成功' ,
- permission_bitmask AS '权限掩码' ,
- is_column_permission AS '是否为列级别权限' ,
- session_id AS '发生该事件的会话的 ID' ,
- server_principal_id AS '执行操作的登录上下文 ID' ,
- database_principal_id AS '执行操作的数据库用户上下文 ID' ,
- target_server_principal_id AS '执行 GRANT/DENY/REVOKE 操作的服务器主体' ,
- target_database_principal_id AS '执行 GRANT/DENY/REVOKE 操作的数据库主体' ,
- object_id AS '发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)' ,
- class_type AS '可审核实体的类型' ,
- session_server_principal_name AS '会话的服务器主体' ,
- server_principal_name AS '当前登录名' ,
- server_principal_sid AS '当前登录名 SID' ,
- database_principal_name AS '当前用户' ,
- target_server_principal_name AS '操作的目标登录名' ,
- target_server_principal_sid AS '目标登录名的 SID' ,
- target_database_principal_name AS '操作的目标用户' ,
- server_instance_name AS '审核的服务器实例的名称' ,
- database_name AS '发生此操作的数据库上下文' ,
- schema_name AS '此操作的架构上下文' ,
- object_name AS '审核的实体的名称' ,
- statement AS 'TSQL 语句(如果存在)' ,
- additional_information AS '单个事件的唯一信息,以 XML 的形式返回' ,
- file_name AS '记录来源的审核日志文件的路径和名称' ,
- audit_file_offset AS '包含审核记录的文件中的缓冲区偏移量' ,
- user_defined_event_id AS '作为 sp_audit_write 参数传递的用户定义事件 ID' ,
- user_defined_information AS '于记录用户想要通过使用 sp_audit_write 存储过程记录在审核日志中的任何附加信息'
- FROM sys.[fn_get_audit_file]('D:\SqlAudits\MyAudit_1FE965A7-77D0-41A6-9D40-543162C722F2_0_131447450891790000.sqlaudit',
- DEFAULT, DEFAULT)
{color:red}* how to change the audit actions{color}
--each time diable the audit before you chagne anything
{code:sql}
use datayesdb
go
alter DATABASE AUDIT SPECIFICATION CaptureDBActionToEventLog with (STATE =OFF)
use master
ALTER SERVER AUDIT MyAudit WITH(STATE =OFF)
{code}
--switch to user db and change your audit actions
{code:Sql}
use datayesdb
go
alter DATABASE AUDIT SPECIFICATION CaptureDBActionToEventLog
FOR SERVER AUDIT MyAudit
Drop (INSERT,UPDATE,DELETE ON schema::dbo BY PUBLIC),
Add (UPDATE,DELETE ON schema::dbo BY PUBLIC)
alter DATABASE AUDIT SPECIFICATION CaptureDBActionToEventLog WITH (STATE =ON)
{code}
--select the detail into from database_audit_specification_details for verification
{code:sql}select * from sys.database_audit_specification_details
{code}}
database_specification_id audit_action_id audit_action_name class class_desc major_id minor_id audited_principal_id audited_result is_group
------------------------- --------------- ------------------------------------------------------------ ----- ------------------------------------------------------------ ----------- ----------- -------------------- ------------------------------------------------------------ --------
65536 MNDO DATABASE_OBJECT_CHANGE_GROUP 0 DATABASE 0 0 0 SUCCESS AND FAILURE 1
65536 DL DELETE 3 SCHEMA 1 0 0 SUCCESS AND FAILURE 0
65536 UP UPDATE 3 SCHEMA 1 0 0 SUCCESS AND FAILURE 0
(3 行受影响)
--the following script will help you get the audit records
{code:sql}
use datayesdb
gp
SELECT CONVERT(datetime,SWITCHOFFSET(CONVERT(datetimeoffset, event_time),DATENAME(TzOffset, SYSDATETIMEOFFSET()))) AS event_time,
'触发审核的日期和时间' ,
sequence_number AS '单个审核记录中的记录顺序' ,
action_id AS '操作的 ID' ,
succeeded AS '触发事件的操作是否成功' ,
permission_bitmask AS '权限掩码' ,
is_column_permission AS '是否为列级别权限' ,
a.session_id AS '发生该事件的会话的 ID' ,
server_principal_id AS '执行操作的登录上下文 ID' ,
database_principal_id AS '执行操作的数据库用户上下文 ID' ,
target_server_principal_id AS '执行 GRANT/DENY/REVOKE 操作的服务器主体' ,
target_database_principal_id AS '执行 GRANT/DENY/REVOKE 操作的数据库主体' ,
object_id AS '发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)' ,
class_type AS '可审核实体的类型' ,
session_server_principal_name AS '会话的服务器主体' ,
server_principal_name AS '当前登录名' ,
server_principal_sid AS '当前登录名 SID' ,
database_principal_name AS '当前用户' ,
target_server_principal_name AS '操作的目标登录名' ,
target_server_principal_sid AS '目标登录名的 SID' ,
target_database_principal_name AS '操作的目标用户' ,
server_instance_name AS '审核的服务器实例的名称' ,
database_name AS '发生此操作的数据库上下文' ,
schema_name AS '此操作的架构上下文' ,
object_name AS '审核的实体的名称' ,
statement AS 'TSQL 语句(如果存在)' ,
additional_information AS '单个事件的唯一信息,以 XML 的形式返回' ,
file_name AS '记录来源的审核日志文件的路径和名称' ,
audit_file_offset AS '包含审核记录的文件中的缓冲区偏移量' ,
user_defined_event_id AS '作为 sp_audit_write 参数传递的用户定义事件 ID' ,
user_defined_information AS '于记录用户想要通过使用 sp_audit_write 存储过程记录在审核日志中的任何附加信息',
b.CLIENT_NET_ADDRESS AS 'ClientIPAddress'
FROM sys.[fn_get_audit_file]('D:\SqlAudits\*.sqlaudit',
DEFAULT, DEFAULT) a left join SYS.DM_EXEC_CONNECTIONS b
on a.session_id=b.session_id
where event_time between
dateadd(mi, -10,event_time) and event_time
{code}
--you can get the audit file path and detail info with the following scipt
select * from sys.server_file_audits
--create procedure
-- ================================================
-- Template generated from Template Explorer using:
-- Create Procedure (New Menu).SQL
--
-- Use the Specify Values for Template Parameters
-- command (Ctrl-Shift-M) to fill in the parameter
-- values below.
--
-- This block of comments will not be included in
-- the definition of the procedure.
-- ================================================
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author:
-- Create date:
-- Description:
-- =============================================
CREATE PROCEDURE audit_record
@i int = 10
AS
BEGIN
/****** Script for SelectTopNRows command from SSMS ******/
insert into [MyAudit].[dbo].[Audit_DYDB_UPDL]
( [event_time]
,[sequence_number]
,[action_id]
,[succeeded]
,[permission_bitmask]
,[is_column_permission]
,[session_id]
,[server_principal_id]
,[database_principal_id]
,[target_server_principal_id]
,[target_database_principal_id]
,[object_id]
,[class_type]
,[session_server_principal_name]
,[server_principal_name]
,[server_principal_sid]
,[database_principal_name]
,[target_server_principal_name]
,[target_server_principal_sid]
,[target_database_principal_name]
,[server_instance_name]
,[database_name]
,[schema_name]
,[object_name]
,[statement]
,[additional_information]
,[file_name]
,[audit_file_offset]
,[user_defined_event_id]
,[user_defined_information]
,[CLIENT_NET_ADDRESS])
SELECT CONVERT(datetime,SWITCHOFFSET(CONVERT(datetimeoffset, event_time),DATENAME(TzOffset, SYSDATETIMEOFFSET()))) AS '触发审核的日期和时间' ,
--b.connect_time,
sequence_number AS '单个审核记录中的记录顺序' ,
action_id AS '操作的 ID' ,
succeeded AS '触发事件的操作是否成功' ,
permission_bitmask AS '权限掩码' ,
is_column_permission AS '是否为列级别权限' ,
a.session_id AS '发生该事件的会话的 ID' ,
server_principal_id AS '执行操作的登录上下文 ID' ,
database_principal_id AS '执行操作的数据库用户上下文 ID' ,
target_server_principal_id AS '执行 GRANT/DENY/REVOKE 操作的服务器主体' ,
target_database_principal_id AS '执行 GRANT/DENY/REVOKE 操作的数据库主体' ,
object_id AS '发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)' ,
class_type AS '可审核实体的类型' ,
session_server_principal_name AS '会话的服务器主体' ,
server_principal_name AS '当前登录名' ,
server_principal_sid AS '当前登录名 SID' ,
database_principal_name AS '当前用户' ,
target_server_principal_name AS '操作的目标登录名' ,
target_server_principal_sid AS '目标登录名的 SID' ,
target_database_principal_name AS '操作的目标用户' ,
server_instance_name AS '审核的服务器实例的名称' ,
database_name AS '发生此操作的数据库上下文' ,
schema_name AS '此操作的架构上下文' ,
object_name AS '审核的实体的名称' ,
statement AS 'TSQL 语句(如果存在)' ,
additional_information AS '单个事件的唯一信息,以 XML 的形式返回' ,
file_name AS '记录来源的审核日志文件的路径和名称' ,
audit_file_offset AS '包含审核记录的文件中的缓冲区偏移量' ,
user_defined_event_id AS '作为 sp_audit_write 参数传递的用户定义事件 ID' ,
user_defined_information AS '于记录用户想要通过使用 sp_audit_write 存储过程记录在审核日志中的任何附加信息',
b.CLIENT_NET_ADDRESS AS 'ClientIPAddress' --into MyAudit..Audit_DYDB_UPDL
FROM sys.[fn_get_audit_file]('D:\SqlAudits\*.sqlaudit',
DEFAULT, DEFAULT) a left join SYS.DM_EXEC_CONNECTIONS b
on a.session_id=b.session_id
where
CONVERT(datetime,SWITCHOFFSET(CONVERT(datetimeoffset, event_time),DATENAME(TzOffset, SYSDATETIMEOFFSET()))) between dateadd(mi, -@i,getdate()) and getdate()
END
GO
------------------------------------------
--create job
USE [msdb]
GO
DECLARE @jobId BINARY(16)
EXEC msdb.dbo.sp_add_job @job_name=N'DBA_Audit_10min',
@enabled=1,
@notify_level_eventlog=0,
@notify_level_email=2,
@notify_level_netsend=2,
@notify_level_page=2,
@delete_level=0,
@description=N'record the audit each 10 min',
@category_name=N'[Uncategorized (Local)]',
@owner_login_name=N'dba_monitor', @job_id = @jobId OUTPUT
select @jobId
GO
EXEC msdb.dbo.sp_add_jobserver @job_name=N'DBA_Audit_10min', @server_name = N'SH-DM-DB04'
GO
USE [msdb]
GO
EXEC msdb.dbo.sp_add_jobstep @job_name=N'DBA_Audit_10min', @step_name=N'DBA_audit_record_10',
@step_id=1,
@cmdexec_success_code=0,
@on_success_action=1,
@on_fail_action=2,
@retry_attempts=0,
@retry_interval=0,
@os_run_priority=0, @subsystem=N'TSQL',
@command=N'MyAudit..audit_record 10',
@database_name=N'datayesdb',
@flags=0
GO
USE [msdb]
GO
EXEC msdb.dbo.sp_update_job @job_name=N'DBA_Audit_10min',
@enabled=1,
@start_step_id=1,
@notify_level_eventlog=0,
@notify_level_email=2,
@notify_level_netsend=2,
@notify_level_page=2,
@delete_level=0,
@description=N'record the audit each 10 min',
@category_name=N'[Uncategorized (Local)]',
@owner_login_name=N'dba_monitor',
@notify_email_operator_name=N'',
@notify_netsend_operator_name=N'',
@notify_page_operator_name=N''
GO
USE [msdb]
GO
DECLARE @schedule_id int
EXEC msdb.dbo.sp_add_jobschedule @job_name=N'DBA_Audit_10min', @name=N'DBA_audit_10',
@enabled=1,
@freq_type=4,
@freq_interval=1,
@freq_subday_type=4,
@freq_subday_interval=10,
@freq_relative_interval=0,
@freq_recurrence_factor=1,
@active_start_date=20170719,
@active_end_date=99991231,
@active_start_time=0,
@active_end_time=235959, @schedule_id = @schedule_id OUTPUT
select @schedule_id
GO
点击(此处)折叠或打开
- USE [master]
- GO
- CREATE SERVER AUDIT SPECIFICATION [MyAudit_login]
- FOR SERVER AUDIT [MyAudit]
- ADD (SUCCESSFUL_LOGIN_GROUP)
- GO
- ALTER SERVER AUDIT SPECIFICATION [MyAudit_login] WITH(STATE =ON)
数据
用户
文件
登录
数据库
事件
对象
上下
上下文
服务器
服务
主体
名称
实体
日志
目标
架构
信息
单个
权限
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
安卓应用如何连接数据库
忘记密码显示连接服务器出现问题
网络安全攻防的理解
党内网络安全和信息化法规体系
网络技术职业院校排名
热门云服务器招商平台
银行软件开发下班早
甘肃网络安全等级保护网
南宁微信小程序服务器托管
新教育和网络安全
集团网络安全部署毕业设计
吴忠小程序软件开发公司
软件开发与应用技术前景
配置数据库流程
鸠鸠互联网科技的代理咋做
北方银证软件开发有限公司
网易我的世界服务器维护多久
服务器油瓶漫画的启示作文
软件开发销售费用一般有哪些
手机mc服务器能用模组吗
软件开发测试叫什么
批量添加字段到数据库
徐州运营软件开发商家
网络安全保险英文
租阿里云服务器怎么安全维护
如何看服务器是否绑定其他域名
nba2k22服务器怎么样
出行软件开发费用
服务器连接超时
阴阳师如何改服务器
