问题
I want to track all failed logins to our production environment.
Including all selects to all objects.
Based on:
https://www.simple-talk.com/sql/database-administration/sql-server-audit-magic-without-a-wizard/
and
https://www.simple-talk.com/sql/database-administration/sql-server-security-audit-basics/
and in particular:
https://blogs.msdn.microsoft.com/sreekarm/2009/01/05/auditing-select-statements-in-sql-server-2008/
It suggests I need to name each object, in the schema for me to be able to save all the select statements, which I don't want to do. There are 1500 tables, and 2300 views.
Is it not possible for the audit, to take the database object, and any SELECT executed on that object is saved in the audit file, including user, statement and time etc.?
The failed login i get from the failed login principal group, but so far I've not been able to get the select statement, unless I specifically name the objects for which to audit.
Naming them, also means I have to update the audit every time a new view or table is added.
回答1:
You can use Extended Events
For your specific scenario,you might want to select batch starting
and batch completed
events..
You can also add more info in the next screens like username,host info ...
finally,you can add filters to filter this only for one database or all databases or proc with speficic name and a lot..
This info can be logged to file for later analysis..
https://www.simple-talk.com/sql/database-administration/getting-started-with-extended-events-in-sql-server-2012/
For Failed logins,you can right click server and go to below page to audit ..this will be enabled by default and it will be logged to error log
来源:https://stackoverflow.com/questions/42222187/sql-server-database-audit-selects-failed-logins-and-executed-code-for-entire-da