All,
We have to audit all login attempts made by a particular login (ltest) if it is not coming from the App Server. So, we implemented an Event Notification system to email us whenever a login is attempted using the designated Login (ltest) from a different workstation other than the App Server.
The Event Notification system is working fine however instead of getting one mail per login we are getting multiple emails per login. We figured out that the issue seems to be with the number of Login attempts using client tools such as SSMS compared to sqlcmd.
We discovered that tools like IntelliSense were logging in further to validate other features and I was able to filter them using Application Name. So, this leaves us with two emails - one from the actual login and the other from ServerProperty Edition Check. Since both of them have the same Application name I'm not sure how to filter out the second one.
DECLARE @edition sysname; SET @edition = cast(SERVERPROPERTY(N'EDITION') as sysname); select case when @edition = N'SQL Azure' then 2 else 1 end as 'DatabaseEngineType'
Any encountered such an issue/requirement?
Thanks,
rgn
ALTER PROCEDURE [dbo].[usp_AuditLogin] AS BEGIN DECLARE @DefaultProfileName varchar(100) DECLARE @messageBody VARBINARY(MAX); DECLARE @messageTypeName NVARCHAR(256); --select @DefaultProfileName = P.Name --from sysmail_profile P --Inner Join sysmail_principalprofile PP --On P.profile_id = PP.profile_id --Where is_default = 1 select TOP 1 @DefaultProfileName = P.Name from msdb.dbo.sysmail_profile P SET NOCOUNT ON; -- Use an endless loop to receive messages WHILE (1 = 1) BEGIN WAITFOR ( RECEIVE TOP(1) @messageTypeName = message_type_name, @messageBody = message_body FROM AuditLoginQueue ), TIMEOUT 500 -- If there is no message, exit IF @@ROWCOUNT = 0 BEGIN BREAK ; END ; INSERT INTO dbo.AuditLoginEventNotification(eventMsg) SELECT @messageBody INSERT INTO dbo.AuditLoginEventNotificationMessageType(MsgType) values (@messageTypeName) -- If the message type is EventNotification do the actual work IF (@messageTypeName = 'http://schemas.microsoft.com/SQL/Notifications/EventNotification') BEGIN DECLARE @data XML; DECLARE @SPID VARCHAR(5); DECLARE @ApplicationName NVARCHAR(128); DECLARE @LoginName NVARCHAR(128); DECLARE @HostName NVARCHAR(128); SET @data = CAST(@messageBody AS XML); -- Get the SPID and the Login name using the value method SET @SPID = @data.value('(/EVENT_INSTANCE/SPID)[1]', 'VARCHAR(5)'); SET @ApplicationName = @data.value('(/EVENT_INSTANCE/ApplicationName)[1]', 'NVARCHAR(128)'); SET @LoginName = @data.value('(/EVENT_INSTANCE/LoginName)[1]', 'NVARCHAR(128)'); SET @HostName = @data.value('(/EVENT_INSTANCE/HostName)[1]', 'NVARCHAR(128)'); -- Check the login name -- IF (@LoginName = 'sa' and @HostName <> @@Servername) IF (@ApplicationName Not LIKE '%IntelliSense') BEGIN IF (@LoginName = 'ltest' and @HostName <> 'NJWS4134') BEGIN EXEC msdb.dbo.sp_send_dbmail @profile_name = @DefaultProfileName, @recipients = 'rgn@abc.com', @body = @messageBody, @subject = @LoginName ; END END END; END; END; GO