Logon Trigger
one of the great things i like about SQL 2005 is the implementation of the logon trigger. we have implemented at one of our clients which helps us track both sucessfull and unsucessfull logins. below is the script that i have used(given to me by Robert Djabrov). be sure that you have SQL 2005 SP2 along with the cumulative hotfix CU7 of SQL 2005 SP2.
/* ***************************************************************************
The script below creates all necessary objects to establish capability of capturing LOGON events against the instance where the script will be run. To check the last 100 LOGON events, pass 110 to the stored procedure,
e.g.: exec msdb.dbo.sp__logon_tracker 100
To display all events, do not pass any parameter, and it will return the last 2,100,000,000 records (2.1 billion). ****************************************************************************/
use msdb
go
if object_id('msdb.dbo.__logon_tracker') is not null
drop table msdb.dbo.__logon_tracker
go
use master
go
if exists (select * from sys.server_triggers where name = 'trg_logon_tracking')
drop trigger trg_logon_tracking on all server
go
create trigger trg_logon_tracking on all server with execute as 'sa' for logon
as
if object_id('msdb.dbo.__logon_tracker') is null
create table msdb.dbo.__logon_tracker ( logonEvent xml not null )
insert msdb.dbo.__logon_tracker select eventdata()
go
use msdb
go
if object_id('dbo.sp__logon_tracker') is not null drop procedure dbo.sp__logon_tracker
go
create procedure dbo.sp__logon_tracker
( @LastNumberOfEvents int = 2100000000)
as
select top (@LastNumberOfEvents) LogonTimeStamp = logonEvent.value('(/EVENT_INSTANCE/PostTime)[1]','datetime') ,LogonSPID = logonEvent.value('(/EVENT_INSTANCE/SPID)[1]','int') ,LoginName = logonEvent.value('(/EVENT_INSTANCE/LoginName)[1]','sysname') ,LoginClient = logonEvent.value('(/EVENT_INSTANCE/ClientHost)[1]','sysname')
from msdb.dbo.__logon_tracker order by 1 desc return (0)go
/* ***************************************************************************
The script below creates all necessary objects to establish capability of capturing LOGON events against the instance where the script will be run. To check the last 100 LOGON events, pass 110 to the stored procedure,
e.g.: exec msdb.dbo.sp__logon_tracker 100
To display all events, do not pass any parameter, and it will return the last 2,100,000,000 records (2.1 billion). ****************************************************************************/
use msdb
go
if object_id('msdb.dbo.__logon_tracker') is not null
drop table msdb.dbo.__logon_tracker
go
use master
go
if exists (select * from sys.server_triggers where name = 'trg_logon_tracking')
drop trigger trg_logon_tracking on all server
go
create trigger trg_logon_tracking on all server with execute as 'sa' for logon
as
if object_id('msdb.dbo.__logon_tracker') is null
create table msdb.dbo.__logon_tracker ( logonEvent xml not null )
insert msdb.dbo.__logon_tracker select eventdata()
go
use msdb
go
if object_id('dbo.sp__logon_tracker') is not null drop procedure dbo.sp__logon_tracker
go
create procedure dbo.sp__logon_tracker
( @LastNumberOfEvents int = 2100000000)
as
select top (@LastNumberOfEvents) LogonTimeStamp = logonEvent.value('(/EVENT_INSTANCE/PostTime)[1]','datetime') ,LogonSPID = logonEvent.value('(/EVENT_INSTANCE/SPID)[1]','int') ,LoginName = logonEvent.value('(/EVENT_INSTANCE/LoginName)[1]','sysname') ,LoginClient = logonEvent.value('(/EVENT_INSTANCE/ClientHost)[1]','sysname')
from msdb.dbo.__logon_tracker order by 1 desc return (0)go
Comments
Post a Comment