dbTalk Databases Forums  

Help with SQL Profiler

Go Back dbTalk Databases Forums Databases microsoft.public.sqlserver.tools Help with SQL Profiler

microsoft.public.sqlserver.tools microsoft.public.sqlserver.tools


Discuss Help with SQL Profiler in the microsoft.public.sqlserver.tools forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
rich
 
Posts: n/a

Default Help with SQL Profiler - 01-13-2009 , 02:56 PM





Hello All,

I am charged with using SQL Profiler for the purposes of auditing the use of
SQL accounts with elevated privileges. These are essentially accounts which
get checked out when needed. Corporate auditors have requested a monthly
report.

We run SQL 2005 on Windows Server 2003.

Please note that I am brand new to SQL 2005.

At a minimum, we want to capture the following for every Insert, Delete,
Modify to data, as well as any configuration changes:

UserID Start Time The
SQL Statement
Login Name Login SID NT User
name
Host name (the client) Object Name Object Type
Server Name (The SQL Server)

Other suggestions are welcome.

I was given a printout with the above but don't know where they are in
Profiler.

If anyone can suggest an overall strategy on how to do this, that would be
great.

TIA,

Rich

Reply With Quote
  #2  
Old   
Erland Sommarskog
 
Posts: n/a

Default Re: Help with SQL Profiler - 01-13-2009 , 05:11 PM





rich (rich (AT) discussions (DOT) microsoft.com) writes:
Quote:
I am charged with using SQL Profiler for the purposes of auditing the
use of SQL accounts with elevated privileges. These are essentially
accounts which get checked out when needed. Corporate auditors have
requested a monthly report.
Are corporate auditors computer savvy? I mean will they be able to read
what comes out of Profiler?

Quote:
We run SQL 2005 on Windows Server 2003.

Please note that I am brand new to SQL 2005.

At a minimum, we want to capture the following for every Insert, Delete,
Modify to data, as well as any configuration changes:

UserID Start Time The
SQL Statement
Login Name Login SID NT
User
name
Host name (the client) Object Name Object Type
Server Name (The SQL Server)

Other suggestions are welcome.
To start with, you should not run this from Profiler, but a server-
side trace. To set up a server-side trace is not difficult: you set up
the trace in Profiler, and the export the script. The reason for is
that a server-side trace is much leaner on resources. Unfortunately, the
export facility is somewhat buggy with regards to multiple filters, so
you need to review the script.

Since I don't know your application or database, it's difficult to say
exactly how should profile. If there is a lot of access from stored
procedures you may need to trace on statement level. But constantly
running a statement-level trace, even if only filtered for some accounts
is a bit too much overhead.

One very important thing: you need the OriginalLogin column. In SQL 2005
you can impersonate antoher user with EXECUTE AS, in which case the
LoginName may change to the impersonated user and mask the real user.

For configuration changes, I think using DDL triggers is better than
profiling.

--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx



Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top