How to read audit file from drive,CREATE SERVER level AUDIT

The below query will tell us about how to import data from SQLAUDIT file to table in a database. We are creating a table here and importing data from file
SELECT * INTO Audit_HumanResources_Department
FROM(SELECT event_time
	,action_id
	,session_server_principal_name AS UserName
	,server_instance_name
	,database_name
	,schema_name
	,object_name
	,statement
FROM sys.fn_get_audit_file('G:\Audit\HumanResource_Department\*.sqlaudit', DEFAULT, DEFAULT)
--WHERE YEAR(event_time)=YEAR(GETDATE())
--AND month(event_time)=month(getdate()) 
--and day(event_time)=day(getdate())
)T
The below piece of code will explain about create server level audit with Windows Application Event logs and its specifiactions and how the logs information will be route to eventlogs(eventvwr) applicatin logs. Before that we need to provide permissons at SECPOL.MSC(Local Security Policy). Below link will be explained about how give permissions that particular SQL Server serice account. https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/write-sql-server-audit-events-to-the-security-log?view=sql-server-ver16
USE master
GO
CREATE SERVER AUDIT [PushmetoWindowsLogServerAudit]
TO APPLICATION_LOG WITH(QUEUE_DELAY = 1000, ON_FAILURE = CONTINUE,
AUDIT_GUID = '9c78b3df-98c2-4c3e-8198-a7edd314ac49')
GO
CREATE SERVER AUDIT SPECIFICATION[First_Server_Audit_Specifications]
FOR SERVER AUDIT [PushmetoWindowsLogServerAudit]
ADD(DATABASE_ROLE_MEMBER_CHANGE_GROUP),
ADD(SERVER_ROLE_MEMBER_CHANGE_GROUP),
ADD(AUDIT_CHANGE_GROUP),
ADD(FAILED_LOGIN_GROUP),
ADD(DATABASE_PRINCIPAL_CHANGE_GROUP),
ADD(SERVER_PRINCIPAL_CHANGE_GROUP),
ADD(APPLICATION_ROLE_CHANGE_PASSWORD_GROUP)
WITH(STATE=ON)

Comments

Popular posts from this blog

System.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out

Pre login Handshake or Connection Timeout Period

Transparent Data Encryption(TDE) with Master Key and Certificate in SQL Server