1.在数据库上创建审计
USE [master]
GO
CREATE SERVER AUDIT [audit_mssql]
TO FILE
( FILEPATH = N'D:\audit\mssql'
,MAXSIZE = 100 MB
,MAX_ROLLOVER_FILES = 100
,RESERVE_DISK_SPACE = OFF
)
WITH
( QUEUE_DELAY = 1000
,ON_FAILURE = CONTINUE
)
GO
2.在数据库上启用审计
USE [master]
GO
ALTER SERVER AUDIT [audit_mssql]
WITH (STATE = ON);
GO
3.在数据库上创建审计规则
USE [master]
GO
CREATE SERVER AUDIT SPECIFICATION [test_mssql_spec]
FOR SERVER AUDIT [audit_mssql]
ADD (AUDIT_CHANGE_GROUP),
ADD (SUCCESSFUL_LOGIN_GROUP),
ADD (SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP),
ADD (FAILED_LOGIN_GROUP),
ADD (FAILED_DATABASE_AUTHENTICATION_GROUP),
ADD (LOGOUT_GROUP),
ADD (DATABASE_LOGOUT_GROUP),
ADD (BROKER_LOGIN_GROUP),
ADD (DATABASE_MIRRORING_LOGIN_GROUP),
ADD (LOGIN_CHANGE_PASSWORD_GROUP),
ADD (APPLICATION_ROLE_CHANGE_PASSWORD_GROUP),
ADD (USER_CHANGE_PASSWORD_GROUP),
ADD (DATABASE_PERMISSION_CHANGE_GROUP),
ADD (DATABASE_ROLE_MEMBER_CHANGE_GROUP),
ADD (DATABASE_PRINCIPAL_CHANGE_GROUP),
ADD (SERVER_OBJECT_PERMISSION_CHANGE_GROUP),
ADD (SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP),
ADD (SERVER_PERMISSION_CHANGE_GROUP),
ADD (SERVER_ROLE_MEMBER_CHANGE_GROUP),
ADD (BACKUP_RESTORE_GROUP),
ADD (DATABASE_CHANGE_GROUP),
ADD (SERVER_OPERATION_GROUP),
ADD (SERVER_STATE_CHANGE_GROUP),
ADD (SERVER_PRINCIPAL_CHANGE_GROUP)
GO
4.启用审计规则
USE [master]
GO
ALTER SERVER AUDIT SPECIFICATION [test_mssql_spec]
WITH (STATE = ON);
GO
审计策略回滚操作
禁用审计规则
USE [master]
GO
ALTER SERVER AUDIT SPECIFICATION [test_mssql_spec]
WITH (STATE = OFF);
GO
禁用审计
USE [master]
GO
ALTER SERVER AUDIT [audit_mssql]
WITH (STATE = OFF);
GO
删除审计规则
DROP SERVER AUDIT SPECIFICATION [test_mssql_spec]
删除审计
DROP SERVER AUDIT [audit_mssql]