Someone had changed the SA password on one of my servers. I need to find out who did this. Can you tell me if there is any historical information kept on any of the system tables that can tell me who (what machine name) and when (date and time)this was done?
Does anyone have a 3rd party or inhouse developed task/procedure to report this kind of security issues?
We are finding ourselves editing data within a sql database using tools such as MS Query, Access or VB. Is there anyway to log these edits? Auditing is set up within the application to log changes made by the users but not by third pary applications. ANy thoughts?
On the other database types, there is an audit capability in that yourecord such items asfailed login attemptsattemtped access to tables user is not authroized tochanges to databse schemachanges to permissionschanges to logins (add, delete, lock, unlock, passwrod reset)All I can find in the SQLServer documentation is the reference totracking failed logins when you set up a database, plus the Profiler'sactivities.Yes, I'm taking voer my first SQLServer database and have been asked tomake sure that this database is closely monitored for inappripriateactivity.Questions:1) Does SQLServer have this capability? (Sybase has this, which iswhere I'm coming from)2) Does SQLServer do this automatically or do I have to set up theevents to be tracked as happens with Sybase?3) What commands are there for setting up these events to be tracked?Thanks in advance!
Hi, I've a table named Attività there I can have many type "IDAttivitaTipo" field:T TelefonataV VisitaP PreventivoC Chiuso CREATE TABLE [dbo].[Attivita]( [IDAttivita] [int] IDENTITY(1,1) NOT NULL, [IDAttivitaStato] [varchar](1) COLLATE Latin1_General_CI_AS NULL, [IDAttivitaTipo] [varchar](2) COLLATE Latin1_General_CI_AS NULL, [IDAnagrafica] [int] NULL, [Data] [datetime] NULL CONSTRAINT [DF_Attivita_Data] DEFAULT (getdate()), [Descrizione] [varchar](max) COLLATE Latin1_General_CI_AS NULL, CONSTRAINT [PK_Attivita] PRIMARY KEY CLUSTERED ( [IDAttivita] ASC)WITH (PAD_INDEX = OFF, IGNORE_DUP_KEY = OFF) ON [PRIMARY]) ON [PRIMARY] with "IDAttivitaTipo":T TelefonataV VisitaP PreventivoC Chiuso with "IDAttivitaStato" E Eseguita (held)D Da Eseguire (not held)I would like to see the state of each IDAnagrafica (company) creating a query with X rows (X companies ... X IDAzienda) and 4 fields 1/0 (true/false ....bit) that tell me if there is or there isn't an activity (IDAttivita) in T V P C type for each IDAzienda (company) .... with IDAttivitaStato E (held)T -> 1/0V -> 1/0P -> 1/0C -> 1/0I've created a SP with a parameter "IDAttivitaTipo" that allow me to view all campanies (IDAnagrafica) stopped in the "IDAttivitaTipo"if I use 'V' parameter in the SPI want to see all the companies stopped in V (IDAttivitaStato E -> Held) ...that don't have activities in P and C state .... I'm not interested if there are activities in T stateif I use 'P' parameter in the SP I want to see all the companies stopped in P (IDAttivitaStato P -> Held) ...that don't have activities C state .... I'm not interested if there are activities in T or V state if I use 'C' parameter in the SP I want to see all the companies stopped in C (IDAttivitaStato C -> Held) ...that don't have activities after C .... I'm not interested if there are activities in T or V or P state I've tried with these query but the result insn't right ... I can't to see some activieswhere is it my error??IF(@IDAttivitaTipo= 'V') BEGIN SELECT (case when exists (SELECT 1 FROM Attivita WHERE (Attivita.IDAnagrafica = Anagrafica.IDAnagrafica) AND (IDAttivitaTipo='T') AND (IDAttivitaStato='E') AND (Privato = 0)) then 1 else 0 end) as Telefonata, (case when exists (SELECT 1 FROM Attivita WHERE (Attivita.IDAnagrafica = Anagrafica.IDAnagrafica) AND (IDAttivitaTipo='V') AND (IDAttivitaStato='E') AND (Privato = 0)) then 1 else 0 end) as Visita, (case when exists (SELECT 1 FROM Attivita WHERE (Attivita.IDAnagrafica = Anagrafica.IDAnagrafica) AND (IDAttivitaTipo='P') AND (IDAttivitaStato='E') AND (Privato = 0)) then 1 else 0 end) as Preventivo, (case when exists (SELECT 1 FROM Attivita WHERE (Attivita.IDAnagrafica = Anagrafica.IDAnagrafica) AND (IDAttivitaTipo='C') AND (IDAttivitaStato='E') AND (Privato = 0)) then 1 else 0 end) as Chiuso FROM Anagrafica WHERE ('V' in (SELECT IDAttivitaTipo FROM Attivita WHERE Attivita.IDAnagrafica = Anagrafica.IDAnagrafica)) AND ('P' not in (SELECT IDAttivitaTipo FROM Attivita WHERE Attivita.IDAnagrafica = Anagrafica.IDAnagrafica)) AND ('C' not in (SELECT IDAttivitaTipo FROM Attivita WHERE Attivita.IDAnagrafica = Anagrafica.IDAnagrafica)) ENDIF(@IDAttivitaTipo = 'P') BEGIN SELECT (case when exists (SELECT 1 FROM Attivita WHERE (Attivita.IDAnagrafica = Anagrafica.IDAnagrafica) AND (IDAttivitaTipo='T') AND (IDAttivitaStato='E') AND (Privato = 0)) then 1 else 0 end) as Telefonata, (case when exists (SELECT 1 FROM Attivita WHERE (Attivita.IDAnagrafica = Anagrafica.IDAnagrafica) AND (IDAttivitaTipo='V') AND (IDAttivitaStato='E') AND (Privato = 0)) then 1 else 0 end) as Visita, (case when exists (SELECT 1 FROM Attivita WHERE (Attivita.IDAnagrafica = Anagrafica.IDAnagrafica) AND (IDAttivitaTipo='P') AND (IDAttivitaStato='E') AND (Privato = 0)) then 1 else 0 end) as Preventivo, (case when exists (SELECT 1 FROM Attivita WHERE (Attivita.IDAnagrafica = Anagrafica.IDAnagrafica) AND (IDAttivitaTipo='C') AND (IDAttivitaStato='E') AND (Privato = 0)) then 1 else 0 end) as Chiuso FROM Anagrafica WHERE ('P' in (SELECT IDAttivitaTipo FROM Attivita WHERE Attivita.IDAnagrafica = Anagrafica.IDAnagrafica)) AND ('C' not in (SELECT IDAttivitaTipo FROM Attivita WHERE Attivita.IDAnagrafica = Anagrafica.IDAnagrafica)) AND END
We are having blocking issues on our server. Recently, I noticed that we no longer have any thing under Current Activity. When I click the plus sign beside it, it shows no items - that is, no process info, locks/process ID, or the locks/object. Does anybody know why and how I can reset it?? Thanks for your help.
Sybase and DB2 both have the capability of tracking user activities ata number of levels: invalid access attempts to databases, table, etc.;creation/deletion/modification of database objects/users/groups,grants/revokes.For MS SQLServer, the only setting that I've seen in the documentationis access attempts (none, fail only, etc.)The monitor program has the capability of tracking the events that Iwant to be monitored, but it seems as though these settings persistonly while the monitor program is running.I'd like these settings to persist permanently and the event records tobe sent to the system log.I can't seem to find the right term to get this information out of theMS Books On LIne.Help!
Am I able to do this in SS Express -like a backup or something or do I need to purhcase a SQL Server Agent (I believe I saw a 3rd party company always advertising this in SQL Server Central.com). It's cheap -- just curious if I really need it.
Hi Gurus, I have a database server running on a sql server 7.0. Some external app is accessing this db server, reading and updating some tables. For some reason, some updating actions didn't work. I just want to track those updating actions, and see if there're some logs reporting failure reason. Is there some tool in sql server 7.0 that could help me do that? Thank you.
INSERT INTO Temp VALUES('Org Name', '2014-06-20 14:25:00.000', '2014-06-20 15:25:00.000') - AND many more like these with different START_TIME and END_TIME.
The Task:
- I need to calculate the duration of the activities PER HOUR.
i.e. in the example above, if I want to see the productivity for 2PM (i.e. activity duration from 2-3PM), I should only get 35 mins (as the activity started at 14:25). In the same way, if I see the productivity for 3PM (i.e activity duration from 3-4 PM), I should only see 25 minutes (as activity ended at 15:25).
There would technically be many activities with overlapping times - for example, there might be 5 activities starting at 14:30 and ending at 15:10. In this case, if I were to see the productivity for 2PM, I'd see 150 minutes (as each activity starts at 14:30, so 30 min per activity = 150 min). In the same way, if I saw the productivity for 3PM for those 5 activities, I'd see 50 minutes.
Is there a way for me to set up CDC so that all the processing (SQL Agent, etc) happens on the machine receiving the data? I'd like to move as much of the processing as possible to the destination.
The requirement is to customize database admin activities by creating new user group.
Need to create a group of user / dbauser1 which will have restriction in seeing the data but they should be able to alter database - add / remove the data file , increase or decrease the data file space when required.
This requirement came we wanted to create a new dba group they should not be able to any user data / any table but increase / decrease / add / modify space etc.
It seems to me there are two common strategies for doing DB audit trails via a trigger:
1. On an update to a row, duplicate that row in another table with identical rows, except for perhaps the extra columns which represent change date and changed by. Eg. When there is an update to the Customer table, record the changes in Customer_Audit.
2. On an update to a row, check which fields were updated. Then in a common audit table record the table, row ID, field, previous value and new value of the field.
I'm wondering about the pros and cons of each. More specifically, do the pros and cons change if you are using an O/R mapper (I'm using NHibernate.)
Some thoughts on method 1 . It seems nice for an O/R mapper, since you could have, say, a CustomerAudit Object inherit from your Customer object and just add the properties change date and changed by. A problem with this is you're going to add a whole lot of objects - one for each object which you want to audit. Another drawback is that it could be difficult to generate a history for a particular property which was updated. Let's say I want to see the history of changes to the customer's status. I have to load a collection of CustomerAudit objects (which could be costly). Then I have to iterate through them and compare the status properties to generate a history of statuses. This is a pretty labor instensive method if you compare it to method 2, where the change is recorded by field, not row.
Some thoughts on method 2. It's nice since the changes are by field, not row, which (as above) makes generating a history easy. On the other hand, you can never have a snapshot of a particular object at a particular point in time. Moreover, I'm not sure how foreign keys would be handled elegantly. I record that customer.statusID changes from 3 to 6. I'd have to do a seperate join to the customerstatus table to get meaning for 3 and 6 (which method 1 would do automatically).
Thoughts? Any preferred way to do this with an O/R mapper?
A few days ago I saw a article on the internet (i don't know where), which described a way for auditing all database activities (like deleting records per user etc.) Unfortunally I can't find this document. Can anyone help me with this?
We looking to audit tables in the database. In the tables auditing needs to be done only on few columns not all the columns. Is there any 3rd party tool available to do it can it auditing be done on columns only with sql server 2005. Trigger doesnt work in this scenario as it works per row it does not say which column in the row was updated/inserted/deleted.
For example in the below employee table, I want to audit(history) only ssn and dob columns - all the updates/inserts/deletes made to this column should be audited.
I have a table and the data in this table (for no rhyme or reason)is being deleted somehow. I'm looking for suggestions on how to audit this table and find out who or what process could be deleting my data.
Hi, i need to set up some security standands in sql 6.5/7 . These includes auditing login attempts success and failure, access to db objects etc. I know sql is has very limited capabilities . can anyone tell me how to implement this without using event viewer etc??
Hi folks. I am a new DBA and working on taking over several existing MSSQL 6.5 applications.
My company needs to be able to audit the following actions on MSSQL.
login logout insert into specific tables update in specific tables delete from specific tables
I am looking for a 3rd party product that provides these services for SQL 6.5. I have found Braintree products and they have really nice auditing but for Oracle and not MSSQL. I have also looking into using triggers to build an audit log for me but the applications we are using require periodic updates that would force me to rebuild the triggers. This may cause too much administrativia.
I need some help with this. I have a development server and all the developers log in as sa. Lately test data has been mysteriously deleted from selected tables. I need to track the time that the activity is taking place so I can figure out who might be playing this little game. Can anyone suggest what I can do to find this out? Your quick response will be appreciated.
hey all, i found this auditing trigger, currently it just kicks out what was changed and when, id like to add who cause the trigger to fire as well (currently its just set to the "inventory" table). check under the "add the audit fields" comment for info:
CREATE TRIGGER TRG_inventory ON [DBO].[inventory] FOR DELETE,INSERT,UPDATE AS
DECLARE @ACT CHAR(6) DECLARE @DEL BIT DECLARE @INS BIT DECLARE @SQLSTRING VARCHAR(2000)
SET @DEL = 0 SET @INS = 0
IF EXISTS (SELECT TOP 1 1 FROM DELETED) SET @DEL=1 IF EXISTS (SELECT TOP 1 1 FROM INSERTED) SET @INS = 1
IF @INS = 1 AND @DEL = 1 SET @ACT = 'UPDATE' IF @INS = 1 AND @DEL = 0 SET @ACT = 'INSERT' IF @DEL = 1 AND @INS = 0 SET @ACT = 'DELETE'
IF @INS = 0 AND @DEL = 0 RETURN
IF NOT EXISTS (SELECT * FROM SYSOBJECTS WHERE ID = OBJECT_ID(N'[DBO].[AUDIT_inventory]') AND OBJECTPROPERTY(ID, N'ISUSERTABLE') = 1) BEGIN -- CREATE A MEMORY TABLE CONTAINING THE FIELDS AND TYPES OF THE TABLE DECLARE @MEMTABLE TABLE ( ID INT IDENTITY ,COLUMNAME SYSNAME ,TYPENAME VARCHAR(20) ) -- INSERT THE COLUMNAMES AND THE DATATYPES INSERT @MEMTABLE (COLUMNAME,TYPENAME) SELECT NAME,TYPE_NAME(XTYPE) FROM SYSCOLUMNS WHERE ID = OBJECT_ID('[DBO].[inventory]') ORDER BY COLID
DECLARE @CUR INTEGER DECLARE @MAX INTEGER DECLARE @SQLSTR AS VARCHAR(8000) DECLARE @CURCOL SYSNAME DECLARE @COLTYPE AS VARCHAR(10)
-- SETUP VARIABLES SET @SQLSTR = '' SET @CUR=1 SELECT @MAX = MAX(ID) FROM @MEMTABLE
-- LOOP EVEY FIELD WHILE @CUR <= @MAX BEGIN
-- GET VALUES FROM THE MEMTABLE SELECT @CURCOL = COLUMNAME,@COLTYPE = TYPENAME FROM @MEMTABLE WHERE ID = @CUR IF @COLTYPE = 'INT' OR @COLTYPE = 'BIGINT' OR @COLTYPE='UNIQUEIDENTIFIER'
-- WE DO WANT TO COPY INT/BIGINT/UNIQUEIDENTIFIER FIELDS BUT IF THEY ARE AN -- IDENTITY OR A ROWGUIDCOLUMN WE DO NOT WANT TO COPY THOSE ATTRIBUTES
SET @SQLSTR = @SQLSTR + ' CAST('+@CURCOL + ' AS '+@COLTYPE+') AS [' + @CURCOL +'] ' ELSE
-- ANOTHER FIELD DO NOTHING JUST COPY IT AS IT IS SET @SQLSTR = @SQLSTR + ' '+@CURCOL + ' AS [' + @CURCOL +'] ' IF @CUR <= @MAX - 1 SET @SQLSTR=@SQLSTR + ',' SET @CUR = @CUR + 1 END
-- ADD THE AUDIT FIELDS SET @SQLSTR = @SQLSTR +',CAST('' '' AS CHAR(6)) AS TRG_ACTION,CAST(GETDATE() AS DATETIME) AS TRG_DATE ' - tryin to add who made the update here, figure out what GETUSER translates to
-- SET UP THE SELECT FOR CREATING THE AUDIT TABLE SET @SQLSTR = 'SELECT TOP 0 ' + @SQLSTR + ' INTO [DBO].[AUDIT_inventory] FROM [DBO].[inventory]' EXEC(@SQLSTR) END
IF @ACT = 'INSERT' INSERT [DBO].[AUDIT_inventory] SELECT *,'INSERT' ,GETDATE() FROM INSERTED IF @ACT = 'DELETE' INSERT [DBO].[AUDIT_inventory] SELECT *,'DELETE' ,GETDATE() FROM DELETED IF @ACT = 'UPDATE' INSERT [DBO].[AUDIT_inventory] SELECT *,'UPDATE' ,GETDATE() FROM INSERTED
Hello I am more of a reporting person, recently I was asked to create stored procedure for an upcoming ASP.NET application. We have a problem that we are facing and any suggestion would be very helpfull.
The problem is that we have like 8 differtent tables each with 10 to 15 columns in it. The front end application has pages with save , update , delete button which are insert,update,delete for each of the 8 tables i.e they save , update , delete these 8 tables
They want to a way to Update , this audit table which stores information like ---
Date User Table Column name Previous column name new column name
So for each row that was updated in those 8 tables , each column will have the above fields updated as a row of data
Initially we thought about triggers but it will be like 60 triggers ...Is there a better or other way of handling this?
I want to log all changes made to a table (only updates, since there will be no deletes or inserts).
I would like to see the user who changed it, the date and time, fieldname, old value, new value. If more fields are changed during the update, than add more records into the logging table.
I would like to create a simple trigger on a Customer table to fullfill two fields, on should be filled when a new customer is inserted (DateAdded) and the other when the customer is edited (DateEdited), Yes I know it is quite simple but as I am not a database expert I do not know how to solve this problem.
I am to try to find documentation about C2 auditing into SQL Server 2005. The only one doc I fand about it is: SQL 2000 C2 Admin and User Guide It cover SQL Server 2000 and Windows NT4.0.
I do not find any document who cover the security from SQL Server 2005.
I'm wanting to do some auditing with sql 2k and wish to get the users first and last name of the windows account to log into a table. You can easily access the windows account name by using the System_User keyword. However, is it possible to get the first and last name of the system_user? If so, how?