数据库审计、审查SSMS:
代码:
--------------------------------------------------------------------------------------------------------- --create Server Audit USE [master] GO CREATE SERVER AUDIT [RAPDB_CD_PRC_Audit_7] TO FILE ( FILEPATH = N'D:\RAPDB_AUDIT\RAPDB_CD_PRC' ,MAXSIZE = 50 MB ,MAX_ROLLOVER_FILES = 10 ,RESERVE_DISK_SPACE = ON ) WITH ( QUEUE_DELAY = 1000 ,ON_FAILURE = CONTINUE --AUDIT_GUID=uniqueidentifier ) --WHERE object_name='tb' GO alter server audit [RAPDB_CD_PRC_Audit_7] with (state=on) --Enable Server Audit GO -- 查询需要添加审计的表 USE [RAPDB_CD_PRC] GO select * from sys.objects where type = 'U' order by name --Create and enable Database Audit Specification USE [RAPDB_CD_PRC] GO CREATE DATABASE AUDIT SPECIFICATION [RAPDB_CD_PRC_Audit] FOR SERVER AUDIT [RAPDB_CD_PRC_Audit_157] ADD (SCHEMA_OBJECT_CHANGE_GROUP), --ADD (DELETE, INSERT, UPDATE ON OBJECT::[dbo].[a] BY [public]) ADD (DELETE, INSERT, UPDATE ON OBJECT::[dbo].[e_time] BY [public]), ······· -- 设置需要审计的表 WITH (STATE=ON) GO
-- 审核文件保存路径: I:\AUDIT\ -- select audit record SELECT DATEADD(hour,8, event_time) as '执行时间', CASE WHEN action_id = 'IN' THEN 'INSERT' WHEN action_id = 'AL' THEN 'ALTER' WHEN action_id = 'DL' THEN 'DELETE' WHEN action_id = 'SL' THEN 'SELECT' WHEN action_id = 'UP' THEN 'UPDATE' WHEN action_id = 'DR' THEN 'DROP' WHEN action_id = 'CR' THEN 'CREATE' ELSE action_id END as '操作类型', CASE WHEN succeeded = 1 THEN '成功' WHEN succeeded = 0 THEN '失败' ELSE ' ' END as '是否执行成功', session_id as '会话ID', session_server_principal_name as '执行人', object_name as '操作对象名称', statement as '执行操作', file_name , audit_file_offset from sys.fn_get_audit_file('I:\AUDIT\*',default,default) 这是查询审计结果
结果展示:
