January 31, 2009 at 2:27 pm
Hi all,
As many of us are still testing out the new features, I've been able to configure a an audit and ran a test. One of the limitations that I've seen so far is that the audit does not track the host name of the user issuing the command. Has anyone else seen this or seen any problems with this?
Example:
1. set up a new audit.
2. Set up a new audit specification in a test database to trace "SELECT" on an object.
3. Enable audit and audit specification.
4. Execute select statement against the object.
5. In SSMS, right click on the audit > view audit log.
6. See the entry that was logged for the select statement that was ran.
-- There is no "Host Name" listed
This seems to be a limitation of audits.
Real World situation:
We want to see if DOMAIN\user1 is executing select statements from his/her pc.
Interested to hear others' feedback.
Steve
January 31, 2009 at 3:09 pm
You're correct, the Audit object doesn't collect the hostname. The hostname, as it comes into SQL Server, can be forged. This is another case where like MySQL, I wish SQL Server would key in on IP address.
K. Brian Kelley
@kbriankelley
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply