How to read audit file from drive,CREATE SERVER level AUDIT
The below query will tell us about how to import data from SQLAUDIT file to table in a database. We are creating a table here and importing data from file
The below piece of code will explain about create server level audit with Windows Application Event logs and its specifiactions and how the logs information will be route to eventlogs(eventvwr) applicatin logs.
Before that we need to provide permissons at SECPOL.MSC(Local Security Policy). Below link will be explained about how give permissions that particular SQL Server serice account.
https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/write-sql-server-audit-events-to-the-security-log?view=sql-server-ver16
SELECT * INTO Audit_HumanResources_Department FROM(SELECT event_time ,action_id ,session_server_principal_name AS UserName ,server_instance_name ,database_name ,schema_name ,object_name ,statement FROM sys.fn_get_audit_file('G:\Audit\HumanResource_Department\*.sqlaudit', DEFAULT, DEFAULT) --WHERE YEAR(event_time)=YEAR(GETDATE()) --AND month(event_time)=month(getdate()) --and day(event_time)=day(getdate()) )T
USE master GO CREATE SERVER AUDIT [PushmetoWindowsLogServerAudit] TO APPLICATION_LOG WITH(QUEUE_DELAY = 1000, ON_FAILURE = CONTINUE, AUDIT_GUID = '9c78b3df-98c2-4c3e-8198-a7edd314ac49') GO CREATE SERVER AUDIT SPECIFICATION[First_Server_Audit_Specifications] FOR SERVER AUDIT [PushmetoWindowsLogServerAudit] ADD(DATABASE_ROLE_MEMBER_CHANGE_GROUP), ADD(SERVER_ROLE_MEMBER_CHANGE_GROUP), ADD(AUDIT_CHANGE_GROUP), ADD(FAILED_LOGIN_GROUP), ADD(DATABASE_PRINCIPAL_CHANGE_GROUP), ADD(SERVER_PRINCIPAL_CHANGE_GROUP), ADD(APPLICATION_ROLE_CHANGE_PASSWORD_GROUP) WITH(STATE=ON)
Comments