In my last project, we had to implement Audit log functionality for SQL Server Data Changes. Due to very strict timeline(Project was of 2 months and Out of that Audit functionality was having only 10 days to implement), we were goggling for ready made design for Audit functionality. But our efforts gone into vain. Didn't find any good.
SQL Server 2008 is having in built functionality to capture data changes in the form of Change Data Capture Tool(CDC). We tried to convince the client to use the SQL Server 2008. But they didn't agree.:(. We had to go with SQL Server 2005.
We followed trigger based approach. We created AFTER INSERT, UPDATE, DELETE triggers on the all client tables, and recorded all the changes happened. The design was very simple. Hope this helps you guys.
Features included are:
- Audit Log SHOULD have turn off & turn on switch.
- Audit Log MUST capture information like who made the changes, what changes, when the changes occurred.
- Audit Log SHOULD have rollback facility.
- Retrieval of Audit details in Paging.
- Audit retrieval WOULD have following APIs
- Get all changes
- Get all today’s changes.
- Get all changes for period.
- Get all changes for particular transaction.
- Get single Audit Log entry for given Id
Block diagram to show entire architecture used for Audit:
Audit Log Table:
CREATE TABLE [Administration].[AuditLog]( |
Table Schema:
| Name | Data Type | Description |
ID | bigint | Primary key - AuditLogID | |
| TransactionID | bigint | Transaction ID used while performing DML query. This column is used to find out all the changes made in single transaction. |
| ApplicationName | nvarchar(max) | Application though which SQL query is made. |
| ObjectID | int | Table Id – To know on which table the operation happened. |
OperationID | tinyint | 1 = Delete | |
| PerformedBy | nvarchar(100) | To store who has performed the operation. |
| PerformedAt | datetime | Time when operation occurred. |
| TSQL | nvarchar(max) | To store exact query which made this AuditLog entry. |
| PrimaryKeyColumn | nvarchar(max) | To store primarykey column name of the Table on which operation occurred. |
| PrimaryKeyValue | int | Primary key value. |
| PreviousValue | XML | PreviousValue for changed row. |
| NextValue | XML | CurrentValue for changed row. |
Stored Procedures:
1. [Administration].[usp_EnableAuditLog]
Description: Enables Audit for database activities.
CREATE PROCEDURE [Administration].[usp_EnableAuditLog] AS BEGIN -- All 3 steps are done in transaction-block. -- 1. Create IUD trigger on all ARIC tables. -- 2. Create cleanup job. -- 3. Set Audit flag to true in database. END |
2. [Administration].[usp_DisableAuditLog]
Description: Disables Audit.
CREATE PROCEDURE [Administration].[usp_DisableAuditLog] BEGIN -- Both below steps are done in transaction-block. -- 3. Set Audit flag to false in database. |
3. [Administration].[usp_GetAuditLog]
Description: Retrieve log depending on specified input parameters.
CREATE PROCEDURE [Administration].[usp_GetAuditLog] BEGIN -- This Stored procedure is used by below 4 APIs |
4. [Administration].[usp_GetAuditLogEntry]
Description: Retrieves single log information according to AudiLogID.
CREATE PROCEDURE [Administration].[usp_GetAuditLogEntry] BEGIN -- Retrieves single log information according to AudiLogID |
5. [Administration].[usp_Rollback]
Description: Revert the update change occurred.
CREATE PROCEDURE [Administration].[usp_Rollback] BEGIN -- Reverts the update change occurred. |
Other Audit Log Fields can be found out by using In built SQL Server functions or DMVs. For example,
TransactionID:
SELECT TRANSACTION_ID FROM SYS.DM_TRAN_CURRENT_TRANSACTION;
ApplicationName:
SELECT program_name FROM sys.dm_exec_sessions WHERE session_id = @@SPID
ObjectID:
Here ObjectID is the tableID in which trigger got fired. We calculated it as follows:
SELECT @ObjectID = parent_id FROM sys.triggers WHERE object_id = @@PROCID;
TSQL:
Here TSQL represents, the query responsible for firing the trigger.
DECLARE @ExecStr NVARCHAR(100);
DECLARE @inputbuffer TABLE
(
EventType NVARCHAR(MAX),
Parameters INT,
EventInfo NVARCHAR(MAX)
)
SET @ExecStr = 'DBCC INPUTBUFFER(' + LTRIM(RTRIM(STR(@@SPID))) + ')'
INSERT INTO @inputbuffer
EXEC (@ExecStr)
SET @TSQL = (SELECT EventInfo FROM @inputbuffer);
OperationID:
SELECT @DeletedCount = COUNT(1) FROM deleted
SELECT @InsertedCount = COUNT(1) FROM inserted
IF @InsertedCount= 0 AND @DeletedCount = 0
RETURN;
SET @OperationID = CASE WHEN @DeletedCount > @InsertedCount THEN 1 – DELETE
WHEN @DeletedCount < @InsertedCount THEN 2 -- INSERT
WHEN @DeletedCount = @InsertedCount THEN 3 -- UPDATE
END
etc…..
~ Kiran
3 comments:
Thank you for the information. I came across your article while searching for 'audit logging thru trigger'. I am not an expert on SQL. Can you please give more details on how the Audit Log can have rollback facility. Also on how to store previous and next value in xml. Thank you in advance. Kittiphongs (Bangkok)
Good and comprehensive article. - sanjay
Exactly what I am working on. Can I get some more info. ?
Post a Comment