April 29, 2013 at 3:27 am
Hi,
I've been asked to produce a report on who has accessed a particular database on an SQL server we have. The system (a third party with no internal auditing) uses sql authentication.
Logging on the server is set to record failed and successful login attempts. I can read the log files using xp_readerrorlog but that only gives the the time and name of the user and not the database.
Any one got any ideas on how I can do this report?
Thanks.
April 29, 2013 at 6:16 am
since the accessing of data is done after the login, the log isn't going to help you.
you would need to add a new level of auditing to capture those events in the future; you will not be able to find out whodunnit /who accessed data from the past.
So you can set something up going forward.
I've done this with a server side DML trace like in this post: http://www.sqlservercentral.com/Forums/FindPost745586.aspx , and you can use Event Notifications, which (i've heard) have a lesser impact than a trace, like this post from Colleen M. Morrow: http://www.sqlservercentral.com/Forums/FindPost1360378.aspx
alternatively the built in 2008 SQL Audit, the Change Data Capture or the Change Tracking features might be useful to you, and the full C2 Level auditing (which is just a server side trace anyway) is another option.
Lowell
May 2, 2013 at 1:56 am
To generate the report on who accessed the particular database on an SQL Server as well as to get the details regarding what is the name of the database I can recommend you to try in Lepide's tool. I have tested this tool and it performs these operations excellently. Besides this it also has the quality to give sufficient details for the user who had successful logins and failed logins in the SQL Server.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply