Re: SQL Server AUDIT component SQL Server 2008 EE or SQL Server 2012 EE
1) Has anyone been able to create a test harness (i.e. T-SQL) that displays which DDL statements trigger audit events? For example. DROP TABLE [table-name]fires an event DATABASE_CHANGE_GROUP.
Yes, this test harness would be quite large, but very well worth the reference. Currently, I don’t have time to do this, and I don’t see any easy / quick way to “reverse engineer” this information from a log file .sqlaudit(although there should be a way I can see a commercial product called “LOGbinder SQL” that does something like that - see http://www.logbinder.com/products/LOGbinderSQL/default.aspx ).
2) Has anyone thought of how to parse the log file .sqlauditin relation to my point 1 above? I suspect that there is a way to join tables ( .sqlauditand others such as sys.dm_audit_class_type) using action_idand class_typeetc. From .sqlauditto get more specific information (ala LOGbinder).
Cheers, Mark
source
share