November 27, 2011 at 1:40 am
Comments posted to this topic are about the item What, When and who? Auditing 101
-Roy
November 28, 2011 at 9:40 am
Nice job Roy.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
November 28, 2011 at 9:57 am
The article was thorough and straighforward.
I find the problem with ChangeTracking and ChangeDataCapture is that there is so much hardcoding going on. That means whenever you add or delete a column, it is another area that needs to be touched. Plus the queries are pretty unwieldly and verbose.
There is a need in my group to send out an email when anything changes among multiple tables. That would be a very long query, and pretty unwieldy.
I have a lot going on with dynamic SQL to do that, but there is a performance hit.
November 28, 2011 at 10:18 am
Great job, Roy.
It's been my pleasure to help out.:smooooth:
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
November 28, 2011 at 10:29 am
November 28, 2011 at 11:01 am
Thx everyone. It was fun writing this series. I need to finish the SQL Audit in the coming week so that I can send it to you guys for review before I submit. I have already submitted CDC and I am waiting for it to be reviewed.
Andre, What I saw in CT is that it is using the old Tran replication technology to get the job done. For instance, if you add a column you have to do so many things to get the CT to track the changes just like replication of SQL 2000.
-Roy
November 28, 2011 at 12:43 pm
Roy, an excellent walkthrough on the mechanics of something I've basically avoided. You highlighted its difficulties and its uses quite well.
Thanks for the article.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA
November 28, 2011 at 2:54 pm
Excelent article, Roy.
I'm thinking that one of the ideal business solutions to use CT is for database synchronization from mobile devices or off-site databases.
To help CT become more "auditable", maybe we could use the syntax:
WITH CHANGE_TRACKING_CONTEXT(@context)
--<INSERT or UPDATE command here>
and send some information about the username or changes inside the @context VARBINARY(128) column. Is there a limitation for using the CT context and would it also become a major pain to maintain like described in the article?
Change Tracking comes with all SQL Server editions so it's a great little feature to have at our disposal. 🙂
Best regards,
Best regards,
Andre Guerreiro Neto
Database Analyst
http://www.softplan.com.br
MCITPx1/MCTSx2/MCSE/MCSA
November 28, 2011 at 3:45 pm
I am not sure I agree with,
"Data auditing is the process of doing a profile check and assessing the quality of data, to find how accurate it is. This can be achieved by keeping track of all the data changes."
A couple of points:
- you can't always know that data is correct. If the data is based on mathematical formula, and you have the inputs, you can. But you can't tell that my mobile telephone number is correct, or my date of birth. At least not without external validation. Quality is abstract.
- auditing goes beyond changing data. Tracking the viewing of data, or the printing of data, is very important. Examples can include celebrities who are hospitalized - you want to know if 300 hospital workers are viewing the patients chart (and shouldn't be).
I like this definition better: "[a] systematic examination of information use, resources and flows, with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organisation’s objectives"
But interesting article.
David
November 28, 2011 at 4:08 pm
Just one small correction: ALLOW_SNAPSHOT_ISOLATION is not needed for Change Tracking but it's the probably the safer way to use it with.
Best regards,
Best regards,
Andre Guerreiro Neto
Database Analyst
http://www.softplan.com.br
MCITPx1/MCTSx2/MCSE/MCSA
November 28, 2011 at 6:58 pm
When SQL 2005 came out, I cringed at the way SQL Notification services worked and basically threw it out the window as an option for change tracking. However, I re-tooled the same concept using SQL Service Broker, and using a simple, generic Trigger, was able to audit ANY table's changes (real-time, with both previous and new values) asynchronously and we were able to audit all databases into one or many audit databases if we wished. Views were created against the meta-data to make "pseudo" tables which resembled the originals, so comparisons could be made. Anyway, it's worked for years and was completely scalable. If we wanted to move the auditing database(s) to another server, it was as easy as "changing the channel" on the service broker, no messy Trigger or Proc changes.
November 29, 2011 at 6:02 am
codebyo (11/28/2011)
Just one small correction: ALLOW_SNAPSHOT_ISOLATION is not needed for Change Tracking but it's the probably the safer way to use it with.Best regards,
Andre, what you stated here is true. You do NOT need SNAPSHOT ISOLATION on but if you do not, you will need to do some extra work to make sure that all requirements are met. You can read here to get more details regarding how it should be done without snapshot isolation.
EDIT : Regarding CHANGE_TRACKING_CONTEXT, it will work fine if all data changes are done only using applications. Then you have control of it and you get more context of the data change. It is a good info to pass to everyone. Thanks. I missed that in the article.
-Roy
November 29, 2011 at 6:09 am
Thanks David for the compliment.
To agree to the definition of an Audit is difficult. Everyone has their own take on it. Your definition is easier to understand as well. Thanks for sharing it. 🙂
-Roy
November 29, 2011 at 6:11 am
Evil Kraig F (11/28/2011)
Roy, an excellent walkthrough on the mechanics of something I've basically avoided. You highlighted its difficulties and its uses quite well.Thanks for the article.
Thanks Craig. When I look back, I realized that I could have added a bit more in depth information.
-Roy
November 29, 2011 at 8:42 am
Good article, thanks for the summary.
The biggest issues I've encountered, save for a server side trace, is catching the originating hostname for the incoming connection. To me this is a critical aspect of "who" and without it, it can be difficult in tracking down an individual in the situation where a common SQL login is utilized by multiple individuals (or even a service account implemented on several servers). In this, SQL Server Audit is woefully lacking. Sure we *wish* we could always avoid folks using a SQL login but life is rarely perfect especially when you've inherited someone else's mess to straighten out. To me this is the whole point of auditing is catching non-standard activity but without capturing *correct* hostname you can't easily complete the picture of *who* (all hostname captured information in SQL Audit is the actual host SQL server or blank and not the host of the originating connection).
This of course is Microsoft's issue to resolve, not the author's.
Viewing 15 posts - 1 through 15 (of 26 total)
You must be logged in to reply to this topic. Login to reply