Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

What, when and who? Auditing 101 - Part 2 Expand / Collapse
Author
Message
Posted Sunday, January 15, 2012 2:30 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Thursday, July 17, 2014 10:43 AM
Points: 3,309, Visits: 6,700
Comments posted to this topic are about the item What, when and who? Auditing 101 - Part 2

-Roy
Post #1236252
Posted Monday, January 16, 2012 6:09 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, July 3, 2014 3:40 AM
Points: 40, Visits: 143
CDC is fine for tracking DATA but what about WHO changed it? I can't even seem to write a join query to show the changes to the data by who?

Back to audit triggers then, unless anyone can enlighten me.

Thanks



Post #1236551
Posted Monday, January 16, 2012 6:46 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Thursday, July 17, 2014 10:43 AM
Points: 3,309, Visits: 6,700
Who can be done by SQL Audit... I am half way through writing that article. That is the 3rd part of this series.

-Roy
Post #1236583
Posted Monday, January 16, 2012 7:49 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 1:22 PM
Points: 11,148, Visits: 12,889
Nice article. One question, you mention that it would be a good idea to have the database in Snapshot Isolation mode, but you don't really give any details as to why? I'd really like to know why I should use snapshot isolation along with CDC.





Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #1236629
Posted Monday, January 16, 2012 8:06 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Thursday, July 17, 2014 10:43 AM
Points: 3,309, Visits: 6,700
I gave a recommendation that for CDC to use Snapshot isolation due to two reason.

1. To make sure that there is no blocking caused when trying to get the LSN.
2. To make sure that you get the right LSN.

On a busy OLTP server, you are going to have high number of data changes and that means that the Max LSN will be changing at a very rapid rate. You want to make sure that the MAX LSN is the same through out the query you are using to retrieve the changes.

But it all depends on how you are retrieving the changes. There fore it is just a recommendation. It is not a must. I hope I was able to answer that question.


-Roy
Post #1236634
Posted Monday, January 16, 2012 9:23 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, January 7, 2013 11:47 AM
Points: 3, Visits: 21
Hey Roy,

Looking forward to Part #3. I really think 'Who' changed the data or 'What Process' is critical when it comes to logging.

I wanted to let you know how my company handles auditing 'WHO' in the hopes you may 'speak to it' in your next article.

We use a table similar to "Product". In the stored procedures that change data in this table we force developers to specify a LogUserID and a LogProcessID. The LogUserID represents the person logged into the system that pressed the 'save button' or 'delete button' on the GUI or it may be a system user. The LogProcessID is used to indicate if the change was triggered by a Web Application, A Nightly 'Product Price Update' Job sql server job, a windows service, a web service etc.



PRODUCT TABLE SCHEMA
----------------------------------
ProductID
Description
Price
LogUserID
AppProcessID
DateTimeModified
DateTimeInserted


PRODUCT TABLE SCHEMA IN LOG DATABASE - A trigger inserts into a duplicate table
------------------------------------------
AuditID
Action
ProductID
Description
Price
LogUserID
AppProcessID
DateTimeModified
DateTimeInserted



Anyway - I am really curious about the 'Who' in part #3 and hope you can cover this scenario in your article.
Post #1236689
Posted Monday, January 16, 2012 10:45 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Thursday, July 17, 2014 10:43 AM
Points: 3,309, Visits: 6,700
Hey Trevor,
Half of the article is already done. That part covers the "who". I have to do some work on the article to cover writing to Event log. Once that is done, I will submit it for publication.

Your present idea works when you have a controlled system like that. It just wont store the data if the update or select is done using SSMS. SQL Audit will be able to catch that.


-Roy
Post #1236744
Posted Monday, January 16, 2012 12:32 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, January 7, 2013 11:47 AM
Points: 3, Visits: 21
Hey Roy,

You are right. The current method we don't catch SSMS changes. There also isn't a way to "Force" developers to supply a LogUserID. In some cases when we troubleshoot the database will say it was "Roy" that made the change, but really it was a System User because the developer script didn't update the LogUserID column. It gets messy when we delete rows from a table. The first thing we have to do is update the LogUserID for the rows we delete. Then we delete them.

Looking forward to part 3.

-Trevor
Post #1236794
Posted Monday, January 16, 2012 12:50 PM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Yesterday @ 9:44 PM
Points: 21,187, Visits: 14,879
Nicely done Roy.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server


SQL RNNR

Posting Performance Based Questions - Gail Shaw
Posting Data Etiquette - Jeff Moden
Hidden RBAR - Jeff Moden
VLFs and the Tran Log - Kimberly Tripp
Post #1236802
Posted Monday, January 16, 2012 2:27 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 8:09 AM
Points: 6,580, Visits: 8,856
Nice article Roy. Thanks!

Wayne
Microsoft Certified Master: SQL Server 2008
If you can't explain to another person how the code that you're copying from the internet works, then DON'T USE IT on a production system! After all, you will be the one supporting it!
Links: For better assistance in answering your questions, How to ask a question, Performance Problems, Common date/time routines,
CROSS-TABS and PIVOT tables Part 1 & Part 2, Using APPLY Part 1 & Part 2, Splitting Delimited Strings
Post #1236860
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse