INTRODUCTION: There are some differences between the standard SQL and T-sql
audit
audit (Audit) used to track and record incidents SQL Server instance or database audit including audit objects (Audit) and audit specification (Audit Specification), create an audit first need to create a SQL server instance-level audit object, and then create a subordinate to it "server audit specification" or "database audit specification." Audit audit data can be output to a file (File), security log (Security Log) and application logs (Application Log).
Enable auditing purpose generally is to monitor the operation of SQL Server performed, for example, recorded what people at what time the query data, modify data, landing instance of SQL Server, etc., since the data audit records may be very rich, therefore, enable auditing may produce large amounts of log data, take up a lot of disk space. Use audit is summarized in one sentence: Who recorded at what time do something, audit objects (Audit) Definition: Where the presence of configuration data, and audit specification (Audit Specification) Definition: Record what, once a specific event trigger, SQL Server engine information on the use of on-site audit records events.
General steps to create and use the audit are:
step1: Create a server-level audit objects and enable the auditees;
step2: create an audit specification database audit specification or a server audit specification, and mapped to audit object auditing to enable auditing standards, audit objects begin tracking and recording data;
step3: View audit data, you can view the recording by using the SSMS "log Files Viewer" function sys.fn_get_audit_file or log data.
Reference Documents
(1) Audit object creation
error shown above, but can be added manually Audit object of. Select the path 'D; \ ssms \ biao' , the following is the content of the file.
Select the database [security] Right-click Approve click New, to complete.
[Example] 4.15
create database audit specification audit_sc
for server audit audit1
add (
update on TEST.SC by public
)
alter database audit specification audit_sc with (state =on )
It can be observed for public audit in the update area.
Use the following statement to create a review of the alter, but there is a problem, the official document looking for a long time but could not find the object for in.
use[master]
create server audit specification audit11
for server audit audit1
add (DATABASE_CHANGE_GROUP )
with (state=on)
--创建了服务器审核规范
The expected result is that the object is a class object, the object schema is the name of the object is TEST SC, subject name is public, the result is absolutely not. But I do not know how to change, mentioned in official documents, DATABASE_CHANGE_GROUP is the database level, try added to the audit audit_sc
--先去掉audit_sc
create database audit specification audit_sc
for server audit audit1
add (DATABASE_CHANGE_GROUP ),
add (
update on TEST.SC by public
)
alter database audit specification audit_sc with (state =on )
[Example] 4.16
delete, use standard SQL noaudit, although the T-sql there is no simple keyword but deleted
alter database audit specification audit_sc with (state =off )
--先禁用审核规范才能删
drop database audit specification audit_sc
Finally:
My God, this is what
