February 10, 2020 at 12:33 pm
Hi All
I am looking for a way to find the source of a SPID that ran a query last night. I have inherited an SQL environment and there are DBCC queries being ran at 10pm each night. They are not being ran as SQL Agent Jobs or scheduled SP's so I assume they are being ran remotely from a monitoring platform or management server. I can see in the SQL Server log they are being ran under the local admin account and I can see the SPID but I am not sure if it is possible to query the hostname retrospectively.
I can connect at 10pm one night, check the logs for the SPID and run sp_who2 and get it that way but I would like to avoid working so late in the evening if there is another way.
Thanks 🙂
February 10, 2020 at 12:55 pm
You can get information of the DBCC executions by querying the default trace file for the Audit DBCC Event. It will have login, host name, application name, etc.
Sue
February 10, 2020 at 1:28 pm
If you want to capture the commands without having to run sp_who2 (and oh boy, a ton of ways to get information out of the database better than that), just set up an Extended Events session to capture the command.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
February 10, 2020 at 1:52 pm
You can get information of the DBCC executions by querying the default trace file for the Audit DBCC Event. It will have login, host name, application name, etc.
Sue
Just a caution here... the lifetime expectancy of data in the default trace can be extremely low on a really busy system. It's less than 90 seconds on my main production box. It would be nice if MS allowed us to increase the rollover rows a bit.
--Jeff Moden
Change is inevitable... Change for the better is not.
February 10, 2020 at 1:54 pm
Sue_H wrote:You can get information of the DBCC executions by querying the default trace file for the Audit DBCC Event. It will have login, host name, application name, etc.
Sue
Just a caution here... the lifetime expectancy of data in the default trace can be extremely low on a really busy system. It's less than 90 seconds on my main production box. It would be nice if MS allowed us to increase the rollover rows a bit.
Oh, god, you're going to hate me.
You could look to the system_health Extended Event session. Not only does it capture this data (and more), but you can edit it to capture more data if you want.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
February 10, 2020 at 2:07 pm
Jeff Moden wrote:Sue_H wrote:You can get information of the DBCC executions by querying the default trace file for the Audit DBCC Event. It will have login, host name, application name, etc.
Sue
Just a caution here... the lifetime expectancy of data in the default trace can be extremely low on a really busy system. It's less than 90 seconds on my main production box. It would be nice if MS allowed us to increase the rollover rows a bit.
Oh, god, you're going to hate me.
You could look to the system_health Extended Event session. Not only does it capture this data (and more), but you can edit it to capture more data if you want.
And likely to still be in the default trace as well. And yeah I'm aware they roll over. So do the built in extended events. Nothing wrong with looking at the default trace though - it's there, it's not adding any overhead to the system, a reference to look something up. Nothing wrong with that.
Sue
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply