Using ::fn_dblog() to find who deleted the rows in a table.

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2008 » SQL Server 2008 Administration » Using ::fn_dblog() to find who deleted the...

16 posts, Page 2 of 2

««1 2

Using ::fn_dblog() to find who deleted the rows in a table.

Rate Topic

Display Mode

Topic Options

Author

Message

dedicatedtosql

Posted Wednesday, December 26, 2012 5:59 PM

Grasshopper

Group: General Forum Members
Last Login: Yesterday @ 12:55 PM
Points: 14, Visits: 100

Thank you very much for the advice.
Actualy We have both CDC as well as Auditing in place for the prod database. But this was a local environment. Where we have many sysadmins. I know it is a worst practice. I am new here and I adviced them not to. But they want it to stay this way.

Regards

Post #1400424

GilaMonster

Posted Thursday, December 27, 2012 2:37 AM

SSC-Dedicated

Group: General Forum Members
Last Login: Today @ 8:25 AM
Points: 37,683, Visits: 29,938

krishnarajeesh (12/23/2012)

That is OPERATION 'LOP_DELETE_ROWS' will not have have the login info, where as "LOP_BEGIN_XACT" for that delete will have.

No, it won't. It has the database user info, not the login info.

Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1400513

Lynn Pettis

Posted Thursday, December 27, 2012 6:50 AM

SSC-Insane

Group: General Forum Members
Last Login: Today @ 8:59 AM
Points: 21,599, Visits: 27,418

dedicatedtosql (12/26/2012)

Looks to me like you need to set up auditing and CDC in this environment as well.

Cool

Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)

Post #1400601

arnipetursson

Posted Friday, December 28, 2012 12:42 PM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Today @ 9:16 AM
Points: 135, Visits: 411

If you have default trace records from around the time of the delete, you may be able to compile a list of suspects. Hopefully you do not too may people that have sysadmin access on your system.

Post #1401020

Lowell

Posted Friday, December 28, 2012 1:20 PM

SSChampion

Group: General Forum Members
Last Login: Today @ 9:15 AM
Points: 11,617, Visits: 27,679

arnipetursson (12/28/2012)

If you have default trace records from around the time of the delete, you may be able to compile a list of suspects. Hopefully you do not too may people that have sysadmin access on your system.

That won't help, I'm afraid.
the default trace captured DDL changes..CREATE TABLE/INDEX etc kinds of things.

it does not capture any DML statements like INSERT/UPDATE/DELETE; for that you need a different custom trace set up prior to the changes occurring to get any relevant info from any trace.

Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son

Post #1401038

arnipetursson

Posted Friday, December 28, 2012 2:31 PM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Today @ 9:16 AM
Points: 135, Visits: 411

I am aware of that.
However you can deduce who is doing what based on the entries in the default trace.

Post #1401064

« Prev Topic | Next Topic »

16 posts, Page 2 of 2

««1 2

Permissions