简体繁体 English

在SQL Server中实现审计表的建议？

[英]Suggestions for implementing audit tables in SQL Server?

原文 2008-08-06 18:39:33 8 6 sql/ sql-server/ database/ audit

One simple method I've used in the past is basically just creating a second table whose structure mirrors the one I want to audit, and then create an update/delete trigger on the main table. 我过去使用的一个简单方法基本上就是创建第二个表，其结构镜像我想要审计的表，然后在主表上创建更新/删除触发器。 Before a record is updated/deleted, the current state is saved to the audit table via the trigger. 在更新/删除记录之前，当前状态将通过触发器保存到审计表中。

While effective, the data in the audit table is not the most useful or simple to report off of. 虽然有效，但审计表中的数据并不是最有用或最简单的报告。 I'm wondering if anyone has a better method for auditing data changes? 我想知道是否有人有更好的方法来审核数据变更？

There shouldn't be too many updates of these records, but it is highly sensitive information, so it is important to the customer that all changes are audited and easily reported on. 这些记录的更新不应太多，但它是高度敏感的信息，因此对客户而言，所有更改都经过审核并易于报告，这一点非常重要。

6 个解决方案

How much writing vs. reading of this table(s) do you expect? 你对这张表的阅读与阅读量有多大关系？

I've used a single audit table, with columns for Table, Column, OldValue, NewValue, User, and ChangeDateTime - generic enough to work with any other changes in the DB, and while a LOT of data got written to that table, reports on that data were sparse enough that they could be run at low-use periods of the day. 我使用了一个审计表，其中包含Table，Column，OldValue，NewValue，User和ChangeDateTime的列 - 通用程序足以与DB中的任何其他更改一起使用，并且当大量数据写入该表时，报告这些数据非常稀少，可以在当天的低使用期运行。

Added: If the amount of data vs. reporting is a concern, the audit table could be replicated to a read-only database server, allowing you to run reports whenever necessary without bogging down the master server from doing their work. 补充：如果需要考虑数据量与报告的数量，可以将审计表复制到只读数据库服务器，这样您就可以在必要时运行报告，而不会让主服务器停止工作。

We are using two table design for this. 我们正在使用两个表设计。

One table is holding data about transaction (database, table name, schema, column, application that triggered transaction, host name for login that started transaction, date, number of affected rows and couple more). 一个表保存有关事务的数据（数据库，表名，模式，列，触发事务的应用程序，启动事务的登录的主机名，日期，受影响的行数以及更多）。

Second table is only used to store data changes so that we can undo changes if needed and report on old/new values. 第二个表仅用于存储数据更改，以便我们可以根据需要撤消更改并报告旧/新值。

Another option is to use a third party tool for this such as ApexSQL Audit or Change Data Capture feature in SQL Server. 另一种选择是使用第三方工具，例如SQL Server中的ApexSQL Audit或Change Data Capture功能。

I have found these two links useful: 我发现这两个链接很有用：

Using CLR and single audit table. 使用CLR和单个审计表。
Creating a generic audit trigger with SQL 2005 CLR 使用SQL 2005 CLR创建通用审计触发器

Using triggers and separate audit table for each table being audited. 为每个被审计的表使用触发器和单独的审计表。
How do I audit changes to SQL Server data? 如何审核对SQL Server数据的更改？

Are there any built-in audit packages? 有没有内置的审计包？ Oracle has a nice package, which will even send audit changes off to a separate server outside the access of any bad guy who is modifying the SQL. Oracle有一个很好的软件包，它甚至可以将审计更改发送到一个单独的服务器，而不是任何正在修改SQL的坏人访问。

Their example is awesome... it shows how to alert on anybody modifying the audit tables. 他们的例子很棒......它显示了如何警告修改审计表的任何人。

OmniAudit might be a good solution for you need. OmniAudit可能是您需要的好解决方案。 I've never used it before because I'm quite happy writing my own audit routines, but it sounds good. 我之前从未使用它，因为我很乐意编写自己的审计程序，但听起来不错。