我需要登录触发器。我需要从 Excel Pivot 文件中捕获进入 SQL Server 的 SQL 查询。
目前我正在使用以下代码:
CREATE TRIGGER [MyLogonTrigger] ON ALL SERVER FOR LOGON
AS
BEGIN
IF PROGRAM_NAME() <> 'Microsoft%'
DECLARE @sqltext VARBINARY(128)
SELECT @sqltext = sql_handle
FROM sys.sysprocesses
WHERE spid = @@spid
DECLARE @SQLQuery varchar(MAX)
set @SQLQuery = (select TEXT
FROM sys.dm_exec_sql_text(@sqltext))
INSERT INTO TestDatabase.dbo.LogonAudit
(
... audit columns ...
)
Select
SUSER_SNAME()
,GETDATE()
,@@SPID
,PROGRAM_NAME()
,ORIGINAL_DB_NAME()
,HOST_NAME()
,client_net_address
,@SQLQuery
FROM sys.dm_exec_connections
WHERE session_id = @@SPID
END;
我面临的问题是@SQLQuery每次都是创建触发器定义代码,而不是刷新数据透视表时从 Excel 文件传递给 SQL 的实际查询。
我认为这与登录和实际选择查询执行发生在两个不同的事务(SPID)上有关。
知道如何获得excel用来检索登录触发器中数据的实际选择查询吗?
正如 Brent Ozar 在他的回答中指出的那样,您正试图将登录触发器用于非设计目的。登录触发器通常用于捕获有关谁登录到服务器的详细信息,或拒绝用户/机器等的特定组合进行连接。
幸运的是,Extended Events 提供了一种在内存中捕获 T-SQL 的机制,如果配置正确,系统资源会相当少。
我过去使用过类似以下代码的东西来捕获来自特定用户或机器的 T-SQL:
IF EXISTS
(
SELECT 1
FROM sys.server_event_sessions dxs
WHERE dxs.name = 'queries'
)
BEGIN
IF EXISTS (
SELECT 1
FROM sys.dm_xe_sessions dxs
WHERE dxs.name = 'queries'
)
BEGIN
ALTER EVENT SESSION queries
ON SERVER
STATE = STOP;
END
DROP EVENT SESSION queries
ON SERVER;
END
CREATE EVENT SESSION queries ON SERVER
ADD EVENT sqlserver.sql_statement_starting
(
ACTION
(
package0.collect_system_time
, package0.event_sequence /* SQL Server 2012+ */
, sqlserver.client_app_name
, sqlserver.client_hostname
, sqlserver.database_name /* SQL Server 2012+ */
, sqlserver.plan_handle
, sqlserver.sql_text
, sqlserver.username
, sqlserver.request_id
, sqlserver.session_id
)
WHERE sqlserver.username = N'some_user_name'
AND sqlserver.database_id = 6 /* track a specific database only */
AND sqlserver.client_hostname <> 'excluded_host_name'
)
, ADD EVENT sqlserver.sql_statement_completed
(
ACTION
(
package0.collect_system_time
, package0.event_sequence /* SQL Server 2012+ */
, sqlserver.client_app_name
, sqlserver.client_hostname
, sqlserver.database_name /* SQL Server 2012+ */
, sqlserver.plan_handle
, sqlserver.sql_text
, sqlserver.username
, sqlserver.request_id
, sqlserver.session_id
)
WHERE sqlserver.username = N'some_user_name'
AND sqlserver.database_id = 6
AND sqlserver.client_hostname <> 'excluded_host_name'
)
, ADD EVENT sqlserver.error_reported
(
ACTION
(
package0.collect_system_time
, package0.event_sequence /* SQL Server 2012+ */
, sqlserver.client_app_name
, sqlserver.client_hostname
, sqlserver.database_name /* SQL Server 2012+ */
, sqlserver.plan_handle
, sqlserver.sql_text
, sqlserver.username
, sqlserver.request_id
, sqlserver.session_id
)
WHERE sqlserver.username = N'some_user_name'
AND sqlserver.database_id = 6
AND sqlserver.client_hostname <> 'excluded_host_name'
/* fluff errors below - for SQL Server 2008 R2, use "error" instead of "error_number" */
AND error_number <> 5703 /* Changed language setting to %.*ls. */
AND error_number <> 5701 /* Changed database context to '%.*ls'. */
AND error_number <> 2528 /* DBCC execution completed. If DBCC printed error messages, contact
your system administrator. */
AND error_number <> 7969 /* No active open transactions. */
AND error_number <> 4035 /* Processed %I64d pages for database '%ls', file '%ls' on file %d. */
AND error_number <> 18265/* Log was backed up. Database: %s, creation date(time): %s(%s),
first LSN: %s, last LSN: %s, number of dump devices: %d, device information: (%s).
This is an informational message only. No user action is required. */
AND error_number <> 3014 /* %hs successfully processed %I64d pages in %d.%03d seconds (%d.%03d MB/sec). */
AND error_number <> 14570/* (Job outcome) */
AND error_number <> 8153 /* Warning: Null value is eliminated by an aggregate or other SET operation. */
)
ADD TARGET package0.ring_buffer
(
SET max_memory = 1024
)
/* add or remove the below target as required. */
, ADD TARGET package0.asynchronous_file_target
(
SET filename = 'C:\temp\queries_xe_target.xel'
, max_file_size = 10 /* max size in MB */
, max_rollover_files = 10
, increment = 1 /* file growth increment in MB */
)
/* Don't start this Extended Events session automatically when the server starts */
WITH
(
STARTUP_STATE = OFF /* Extended Event Session will NOT be automatically
started at server startup */
, TRACK_CAUSALITY = ON
, MAX_MEMORY = 5MB /* buffer size to use */
, EVENT_RETENTION_MODE = ALLOW_SINGLE_EVENT_LOSS /* ALLOW_MULTIPLE_EVENT_LOSS or NO_EVENT_LOSS */
, MAX_DISPATCH_LATENCY = 15 SECONDS /* maximum number of seconds until buffer contents
are written to the target */
, MEMORY_PARTITION_MODE = PER_NODE /* NONE, PER_NODE, PER_CPU */
);
GO
使用它根据需要启动会话:
IF EXISTS
(
SELECT 1
FROM sys.server_event_sessions dxs
WHERE dxs.name = 'queries'
)
BEGIN
ALTER EVENT SESSION queries ON SERVER STATE = START;
END
这显示了会话目标详细信息:
SELECT SessionName = xe.name
, TargetName = xet.target_name
, EventData = CONVERT(xml, xet.target_data)
FROM sys.dm_xe_session_targets AS xet
INNER JOIN sys.dm_xe_sessions AS xe ON (xe.address = xet.event_session_address)
WHERE xe.name = 'queries';
使用它来查看环形缓冲区的结果:
DECLARE @xml XML;
SELECT TOP(1) @xml = CONVERT(xml, xet.target_data)
FROM sys.dm_xe_session_targets AS xet
INNER JOIN sys.dm_xe_sessions AS xe ON (xe.address = xet.event_session_address)
WHERE xe.name = 'queries'
AND xet.target_name = 'ring_buffer';
IF OBJECT_ID('tempdb..#xmlResults') IS NOT NULL
DROP TABLE #xmlResults;
CREATE TABLE #xmlResults
(
RowNum INT NOT NULL
PRIMARY KEY CLUSTERED
IDENTITY(1,1)
, xeXML XML NOT NULL
);
INSERT INTO #xmlResults (xeXML)
SELECT xm.s.query('.')
FROM @xml.nodes('/RingBufferTarget/event') AS xm(s)
OPTION (Optimize FOR (@xml = Null)); -- immensely improves performance in SQL Server 2008
SELECT t.EventName
, DateStamp = DATEADD(HOUR, -6, t.EventDateStamp)
, DatabaseName = d.name
, t.ErrorNumber
, t.ErrorSeverity
, t.ErrorState
, t.ErrorMessage
, t.CollectSystemTime
, t.ClientAppName
, t.ClientHostName
, t.PlanHandle
, t.SqlText
, t.UserName
FROM (
SELECT EventName = xeXML.value('(event/@name)[1]','varchar(500)')
, EventDateStamp = xeXML.value('(event/@timestamp)[1]','datetime')
, DatabaseID = xeXML.value('(event/data[(@name)[1] eq "source_database_id"]/value/text())[1]','varchar(255)')
, ErrorNumber = xeXML.value('(event/data[(@name)[1] eq "error"]/value/text())[1]','varchar(255)')
, ErrorSeverity = xeXML.value('(event/data[(@name)[1] eq "severity"]/value/text())[1]','varchar(255)')
, ErrorState = xeXML.value('(event/data[(@name)[1] eq "state"]/value/text())[1]','varchar(255)')
, ErrorMessage = xeXML.value('(event/data[(@name)[1] eq "message"]/value/text())[1]','varchar(255)')
, CollectSystemTime = xeXML.value('(event/action[(@name)[1] eq "collect_system_time"]/text/text())[1]','varchar(255)')
, ClientAppName = xeXML.value('(event/action[(@name)[1] eq "client_app_name"]/value/text())[1]','varchar(255)')
, ClientHostName = xeXML.value('(event/action[(@name)[1] eq "client_hostname"]/value/text())[1]','varchar(255)')
, PlanHandle = CONVERT(xml, xeXML.value('(event/action[(@name)[1] eq "plan_handle"]/value/text())[1]','varchar(255)')).value('(plan/@handle)[1]', 'varchar(255)')
, SqlText = xeXML.value('(event/action[(@name)[1] eq "sql_text"]/value/text())[1]','nvarchar(max)')
, UserName = xeXML.value('(event/action[(@name)[1] eq "username"]/value/text())[1]','varchar(128)')
FROM #xmlResults xm
) t
LEFT JOIN sys.databases d ON t.DatabaseID = d.database_id
WHERE t.UserName NOT IN (
'user_1' COLLATE SQL_Latin1_General_CP1_CI_AS
, 'user_2' COLLATE SQL_Latin1_General_CP1_CI_AS
, 'user_3' COLLATE SQL_Latin1_General_CP1_CI_AS
)
ORDER BY t.UserName
, t.EventDateStamp;
SELECT *
FROM #xmlResults
登录触发器在 SQL Server 看到用户传递的任何查询文本之前发生(想想牙医在打开 X 光机之前试图检查你的 X 光片)。他们需要在被允许提交任何查询之前进行身份验证,并且只是为了澄清,当登录已通过身份验证并在会话期间发出多个查询时,他们session_id(SPID在过去)不会改变。
重要的是要注意,它被称为登录触发器(仅响应登录行为而触发的东西),而不是登录触发器(每当服务器主体(也称为登录)执行某些操作时触发的东西)。
与其将此视为“我需要在任何查询运行时立即记录某些内容”的问题,为什么不利用 SQL Server 已经跟踪的内容呢?您没有提到版本,但sys.dm_exec_query_stats在现代版本中会告诉您最近运行的所有查询,如果您足够频繁地轮询它,您可以记录所有查询实例以及聚合指标。假设 Excel 中的查询有一些共同点,您可以通过解析查询文本或进一步链接到相关对象来隔离这些内容。
SELECT [Query] = SUBSTRING(st.[text],(qs.statement_start_offset + 2) / 2,
(CASE
WHEN qs.statement_end_offset = -1
THEN LEN(CONVERT(nvarchar(max), st.text)) * 2
ELSE qs.statement_end_offset + 2
END - qs.statement_start_offset) / 2),
qs.execution_count,
qs.total_elapsed_time,
average_time = qs.total_elapsed_time * 1.0 / qs.execution_count
FROM sys.dm_exec_query_stats AS qs
CROSS APPLY sys.dm_exec_sql_text(qs.plan_handle) AS st
--WHERE st.[text] LIKE N'%some object or schema relevant to Excel%';
其他几个快速说明:
PROGRAM_NAME()应该使用NOT LIKE而不是<>. APP_NAME()无论如何,这应该是(PROGRAM_NAME()未记录且不受支持)。BEGIN/ ENDafter IF(尽管我认为无论后面有多少语句,您都应该始终拥有BEGIN/ END)。sysprocesses了。这已被弃用,并且提供 - 至少现在 - 仅用于向后兼容遗留代码。| 归档时间: |
|
| 查看次数: |
2043 次 |
| 最近记录: |