adicionado scritps de audit restantes

rrg92 · rrg92 · commit be4fed802b15 · 2025-06-20T13:26:43.000-03:00
diff --git a/Audit/AuditLogins.sql b/Audit/AuditLogins.sql
@@ -0,0 +1,70 @@
+/*#info 
+
+	# Autor 
+		Rodrigo Ribeiro Gomes 
+		
+	# Detalhes 
+	
+		Não lembro o motivo de ter criado isso, mas deve ter sido algum teste pontual.
+		De qualquer maneira, deixando ai pois tem algumas sintaxes e comandos que podem ser úteis algum dia (mesmo que pra lembrar rápido)
+*/
+
+/*
+	Uses following select to estimamte
+*/
+select *,MaxRollover = TotalRequiredSizeMB/SingleFileMB from (
+select *,TotalRequiredSizeMB = ((Lsec*RetentionTime*BytesPerL)/1024.00/1024.00)*1.3 from (
+select 
+	 Lsec  = (pc.cntr_value*1.00/datediff(ss,i.sqlserver_start_time,current_timestamp))*2
+	,BytesPerL = 15*1024
+	,RetentionTime = 3600*24*7 -- 7days
+	,SingleFileMB = 100
+from sys.dm_os_performance_counters pc
+	cross join sys.dm_os_sys_info i
+	where counter_name like '%logins%'
+) T
+) e
+
+
+CREATE SERVER AUDIT
+	AuditLogins
+TO
+	FILE (
+		FILEPATH  = 'D:\Traces\Audit'
+		,MAXSIZE  = 100MB
+		,MAX_ROLLOVER_FILES  = 600
+	)
+WHERE
+	server_principal_name != 'LOGIN_AUDIT'
+	OR
+	succeeded = 0
+
+
+
+CREATE SERVER AUDIT SPECIFICATION AuditAllLogins
+FOR SERVER AUDIT AuditLogins
+	ADD (FAILED_LOGIN_GROUP)
+	,ADD(SUCCESSFUL_LOGIN_GROUP)
+with (state = on)
+
+  
+ALTER SERVER AUDIT AuditLogins WITH(STATE = on)
+
+
+select * from sys.dm_server_audit_status
+	
+select server_principal_name,statement
+,convert(xml,additional_information)
+,*
+from sys.fn_get_audit_file('D:\Traces\Audit\AuditLogins_*.sqlaudit',null,null) af
+join sys.dm_audit_class_type_map tm
+	on tm.class_type = af.class_type
+order by event_time desc
+
+select * from 
+xp_cmdshell 'del /q D:\Traces\Audit\*'
+sp_configure 'xp_cmdshell',1
+reconfigure
+
+
+	
diff --git a/Audit/GetAuditReport.sql b/Audit/GetAuditReport.sql
@@ -0,0 +1,55 @@
+/*#info 
+
+	# Autor 
+		Rodrigo Ribeiro Gomes 
+		
+	# Detalhes 
+		Um exemplo de query para consultar o audit de login
+*/
+
+USE master
+GO
+
+IF OBJECT_ID('tempdb..#AuditInfo') IS NOT NULL
+	DROP TABLE #AuditInfo
+
+;WITH XMLNAMESPACES(DEFAULT 'http://schemas.microsoft.com/sqlserver/2008/sqlaudit_data')
+SELECT 
+	*
+INTO
+	#AuditInfo
+FROM (
+	SELECT
+		 Login = server_principal_name
+		,[IP] = CONVERT(xml,additional_information).value('(action_info/address)[1]','varchar(100)')
+		,Data = DATEADD(hh,-3,event_time)
+		,Resultado = succeeded
+		,Banco = isnull(nullif(database_name,''),p.default_database_name)
+		,Msg = statement
+	FROM 
+		(
+			select 
+				pat = log_file_path+name+'*.sqlaudit' 
+			From sys.server_file_audits
+			WHERE name = 'AuditLogins'
+		) AFP
+		CROSS APPLY
+		sys.fn_get_audit_file(AFP.pat,null,null) af
+		join 
+		sys.dm_audit_class_type_map tm
+			ON tm.class_type = af.class_type 
+		left join sys.server_principals p on p.name = server_principal_name
+) V
+
+
+select Login,IP,Banco
+,Sucessos = count(case when Resultado = 1 then Data end) 
+,Falhas = count(case when Resultado = 0 then Data end) 
+from #AuditInfo ai
+where Login  != ''
+group by Login,IP,Banco
+
+select Login,IP,Banco,Data,Msg 
+from #AuditInfo ai
+where Resultado = 0
+ORDER BY Data
