July 20, 2015 at 9:01 am
I have some questionable issues going on and I need to look at the transaction log. I am using the fn_dump_dblog on a dev server, yes I know it writes a thread and the only way to get rid of it is to reboot that's why I am on a dev server looking in the log file. What I am looking for though is the machine id, should it not be in the trans log backup? I cannot find any documents online that lets me know how to find the machine id, does anyone else know? I really need the machine name to prove it was SharePoint that deleted the information and not someone in SQL.
Thanks!:w00t:
MCSE SQL Server 2012\2014\2016
July 20, 2015 at 1:30 pm
I don't think the machine id is there, but you can get the user and I'd assume that SharePoint is running under a unique service account. You do this using SUSER_SNAME() passing the Transaction SID from fn_dump_dblog
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
July 20, 2015 at 4:17 pm
Yes Jack you are correct. It's under a service account. I just wanted to make sure I was missing anything. We have our security team looking through there logs as well. Funny thing though, no table name is listed under allocname column. It's either null or blank which makes me believe it was done in SharePoint admin console.
MCSE SQL Server 2012\2014\2016
July 21, 2015 at 6:39 am
The info in the transaction log will be the same no matter if the admin console is used, management studio or anything else. The host name won't be there. The transaction log is for recovery, rollbackups and similar, it's not an audit log.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply