October 22, 2003 at 8:06 am
Someone performed a nonlogged operation on a production database causing my hourly trx log backup to fail. The handful of people who have permissions to do this were in a meeting at the time this occurred. Other users access the db through a third party app. and cannot access directly with their login. Any ideas on how I might track down what was inserted by whom?
October 22, 2003 at 9:01 am
Did you have any traces running at the time? Do you audit login successes?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
October 22, 2003 at 9:18 am
No, I have no trace or audit of login attempts.
October 22, 2003 at 12:50 pm
It's going to be very hard to track down who did, then, since there is no audit trail. Probably the best thing to do is verify only that handful of people does have access. If you see an exception, investigate it. Otherwise, it's a needle in the haystack.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
October 23, 2003 at 6:39 am
Thanks Brian!
October 23, 2003 at 6:57 am
In addition to what Brian mentioned, you should take a look at BOL for WRITETEXT.
I found this to be the cause why my log backups failed from time to time.
If so, you should take a look at what your users were doing at that time with this third-party app.
Frank
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply