SQL Logon/Logoff Auditing/Trigger?

Posted on 2014-12-01
Last Modified: 2014-12-01
Hello, I need some help coming up with the best method for checking user activity on our SQL Server.  I know I can enable server audits and such but I need a method that gives me all the information I want and does not hurt performance.

I don't need to audit select statements but I just need to know, what account logged in, what database they logged into, when they logged in and possibly when they logged out.   Other stuff like the hostname, what program they were using is helpful but not required.  My main target is trying to get the database they accessed.

Do any of you have a good procedure/trigger for this or is there a good way to configure the audit profiles?  I did some research but was a bit fuzzy with the built in SQL stuff.
Question by:Roxanne25
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 69

Expert Comment

by:Scott Pletcher
ID: 40473993
You can use a standard "FOR LOGON" trigger to do all of that except capturing logging out.  You would probably need to use extended events to capture the logout activity.
LVL 24

Accepted Solution

Phillip Burton earned 500 total points
ID: 40473995
By "I can enable server audits", do you mean right-hand clicking on the Server instance, go to Properties, go to Security and enable Login auditing?

If you want more than that, you do need to configure Database Audit Specifications etc. See for more information.
LVL 24

Assisted Solution

by:Phillip Burton
Phillip Burton earned 500 total points
ID: 40474000
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

LVL 69

Expert Comment

by:Scott Pletcher
ID: 40474014
Here's the shell for creating a logon trigger.  A logon trigger is synchronous, i.e., the trigger processing occurs before the logon completes.  Still, a properly-written trigger won't noticeably slow things down unless there are extremely large numbers of logons.

Event notifications are async and thus would not slow down logon.

Here's the basic, setup code for a logon trigger:

CREATE TRIGGER [Server_Trigger_Logon]
--WITH EXECUTE AS 'sa' --don't want to do this as we will lose original caller's info

INSERT INTO dbo.login_history ( login, login_datetime2, ... )
--WHERE ORIGINAL_LOGIN() NOT IN (...list of logins to exclude from logging...)

Author Comment

ID: 40474230

I took your advise with the database audit specification... but it doesn't work.  I'm trying to be more granular with it and do "select" as the audit type and then specify specific users and schemas I want audited...but when I do this nothing gets inserted into the log.  If I do the Schema_Object_Access_Group then it does work and captures stuff...but of course then it will log every little darned thing from every user...and I don't want the log getting clogged up with stuff I don't need.

Do you know why the "select" type won't work?

Author Comment

ID: 40474395
Nevermind, I figured it out... it didn't seem to like me putting multiple principals on the same line.  Once I separated each principal I wanted to audit into separate lines, it worked fine.  Thanks for the help!

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Viewers will learn how the fundamental information of how to create a table.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question