Quantcast
Channel: SQL Service Broker forum
Viewing all articles
Browse latest Browse all 461

Audit Logins and Event Notification

$
0
0

All,

We have to audit all login attempts made by a particular login (ltest) if it is not coming from the App Server. So, we implemented an Event Notification system to email us whenever a login is attempted using the designated Login (ltest) from a different workstation other than the App Server.

The Event Notification system is working fine however instead of getting one mail per login we are getting multiple emails per login. We figured out that the issue seems to be with the number of Login attempts using client tools such as SSMS compared to sqlcmd.

We discovered that tools like IntelliSense were logging in further to validate other features and I was able to filter them using Application Name. So, this leaves us with two emails - one from the actual login and the other from ServerProperty Edition Check. Since both of them have the same Application name I'm not sure how to filter out the second one.

DECLARE @edition sysname; SET @edition = cast(SERVERPROPERTY(N'EDITION') as sysname); select case when @edition = N'SQL Azure' then 2 else 1 end as 'DatabaseEngineType'

Any encountered such an issue/requirement?

Thanks,

rgn

ALTER PROCEDURE [dbo].[usp_AuditLogin]
AS
BEGIN

DECLARE @DefaultProfileName varchar(100)
DECLARE @messageBody VARBINARY(MAX);
DECLARE @messageTypeName NVARCHAR(256);

--select @DefaultProfileName = P.Name
--from sysmail_profile P
--Inner Join  sysmail_principalprofile PP
--On P.profile_id = PP.profile_id
--Where is_default = 1

	select TOP 1 @DefaultProfileName = P.Name
	from msdb.dbo.sysmail_profile P

SET NOCOUNT ON;
-- Use an endless loop to receive messages
WHILE (1 = 1)
    BEGIN

           WAITFOR (
                  RECEIVE TOP(1)
                    @messageTypeName = message_type_name,
                    @messageBody = message_body
                    FROM AuditLoginQueue
                 ), TIMEOUT 500

      -- If there is no message, exit
      IF @@ROWCOUNT = 0
        BEGIN
         BREAK ;
        END ;


            INSERT INTO dbo.AuditLoginEventNotification(eventMsg)
            SELECT @messageBody

			INSERT INTO dbo.AuditLoginEventNotificationMessageType(MsgType) values (@messageTypeName)

      -- If the message type is EventNotification do the actual work
        IF (@messageTypeName = 'http://schemas.microsoft.com/SQL/Notifications/EventNotification')
          BEGIN
			 DECLARE @data XML;
			 DECLARE @SPID VARCHAR(5);
			 DECLARE @ApplicationName NVARCHAR(128);
			 DECLARE @LoginName NVARCHAR(128);
			 DECLARE @HostName NVARCHAR(128);
			 SET @data = CAST(@messageBody AS XML);
			 -- Get the SPID and the Login name using the value method
			 SET @SPID = @data.value('(/EVENT_INSTANCE/SPID)[1]', 'VARCHAR(5)');
			 SET @ApplicationName = @data.value('(/EVENT_INSTANCE/ApplicationName)[1]', 'NVARCHAR(128)');
			 SET @LoginName = @data.value('(/EVENT_INSTANCE/LoginName)[1]', 'NVARCHAR(128)');
			 SET @HostName = @data.value('(/EVENT_INSTANCE/HostName)[1]', 'NVARCHAR(128)');
			 -- Check the login name

--			 IF  (@LoginName = 'sa' and @HostName <> @@Servername)

			 IF (@ApplicationName Not LIKE '%IntelliSense')
			 BEGIN
				 IF  (@LoginName = 'ltest' and @HostName <> 'NJWS4134')
				 BEGIN

 	   	   			EXEC msdb.dbo.sp_send_dbmail
						@profile_name = @DefaultProfileName,
						@recipients = 'rgn@abc.com',
						@body = @messageBody,
						@subject = @LoginName ;
				  END
			 END
		END;
END;
END;
GO



Viewing all articles
Browse latest Browse all 461

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>