USE master
-- 创建一个名为 "SQL_Audit" 的服务器审核
CREATE SERVER AUDIT SQL_Audit
TO FILE (FILEPATH = 'D:SQLAudit');
GO
-- 创建一个名为 "SQL_Audit_Specification" 的服务器审核规范,记录了登陆失败情况到上述 "SQL_Audit" 审核中
CREATE SERVER AUDIT SPECIFICATION SQL_Audit_Specification
FOR SERVER AUDIT SQL_Audit
ADD (FAILED_LOGIN_GROUP);
GO
-- 启用审核
ALTER SERVER AUDIT SQL_Audit
WITH (STATE = ON);
GO
-- 切换到数据库
USE AuditTestDB;
GO
-- 创建数据库审核规范
CREATE DATABASE AUDIT SPECIFICATION Audit_User_Tables
FOR SERVER AUDIT SQL_Audit
ADD (SELECT , INSERT , UPDATE , DELETE ON tbl_sysUserInfo BY dbo )
WITH (STATE = ON);
GO
-- 查询审核文件
SELECT * FROM sys.fn_get_audit_file ('D:SQLAuditSQL_Audit_xxxxx.sqlaudit',default,default);
GO参考:https://docs.microsoft.com/zh-cn/sql/relational-databases/security/auditing/create-a-server-audit-and-server-audit-specification?view=sql-server-linux-ver15
https://docs.microsoft.com/zh-cn/sql/relational-databases/security/auditing/create-a-server-audit-and-database-audit-specification?view=sql-server-linux-ver15
https://docs.microsoft.com/zh-cn/sql/relational-databases/system-functions/sys-fn-get-audit-file-transact-sql?view=sql-server-linux-ver15