SQLIdeas

Getting Started with Adobe After Effects - Part 6: Motion Blur


	Blogs

Upload Image

Close it

Select File

Towards the innovative SQL ideas


	Like

Invite Friends

Browse by Tags · View All

ms sql server	119
ms sql	118
sql server	116
sql	115
database	102
tsql	81
#SQL Server	78
t-sql	75
#sql	71
sql server general	67

Archive · View All

April 2011	14
July 2011	12
May 2011	12
August 2011	11
June 2011	10
September 2011	8
December 2011	6
November 2011	6
June 2013	5
April 2013	5

Home · Posts · Most Liked · Most Discussed · Ask a Question · Fans (165) · Preferences

Logon trigger in SQL Server

Oct 22 2012 12:00AM by Paresh Prajapati

As a security part, recently I worked with login details and the auditing for the same. I was needed to capture each events for login statistics like login name, the time when logon, the program through established connection, session and host or client IP. These event is raised when user sessions make connections with SQL Server instances where we configured LOGON trigger.

This will helpful to us to make auditing the logon details for each connections. For the small demo let us create required objects and implement it.

USE DemoDB
GO
-- Creating audit table
CREATE TABLE LogonAuditing
(
	SessionId int,
	LogonTime datetime,
	HostName varchar(50),
	ProgramName varchar(500),
	LoginName varchar(50),
	ClientHost varchar(50)
)
GO

USE Master
GO
-- Creating DDL trigger for logon
CREATE TRIGGER LogonAuditTrigger
	ON ALL SERVER 
FOR LOGON
AS
BEGIN
       DECLARE @LogonTriggerData xml,
                     @EventTime datetime,
                     @LoginName varchar(50),
                     @ClientHost varchar(50),
                     @LoginType varchar(50),
                     @HostName varchar(50),
                     @AppName varchar(500)
                     
       SET @LogonTriggerData = eventdata()
		
	   SET @EventTime = @LogonTriggerData.value('(/EVENT_INSTANCE/PostTime)[1]', 'datetime')
       SET @LoginName = @LogonTriggerData.value('(/EVENT_INSTANCE/LoginName)[1]', 'varchar(50)')
       SET @ClientHost = @LogonTriggerData.value('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(50)')
       SET @HostName = HOST_NAME()
       SET @AppName = APP_NAME()--,program_name()
	
	INSERT INTO DemoDB.dbo.LogonAuditing
	 (
		SessionId,
		LogonTime,
		HostName,
		ProgramName,
		LoginName,
		ClientHost
	)
	SELECT 
		@@spid,
		@EventTime,
		@HostName,
		@AppName,
		@LoginName,
		@ClientHost

END
GO

Audit table and the trigger to fill that table is created. Now it is time to evaluate ,test it and review the audit table.

We have all details for the login events from the table. Also one more interesting thing is as we can prevent unwanted user logins and connections with SQL Server. This prohibition can be for the login, program or host, for that we just need to add some code in logon trigger for conditions to make rollback at that time like following,

-- Preventing 'sa' login
IF @LoginName = 'sa'
BEGIN
ROLLBACK;
END
	 
-- Preventing the connections from SSMS
IF @AppName = 'Microsoft SQL Server Management Studio'
BEGIN
ROLLBACK;
END

For first criteria to prevent login ‘SA’ , if connection made for the same and the message fired at the time of event login,

You can make you criteria as per requirement as I implemented for login and program connections.

Are you using Logon Trigger?

Tags: Logon,Login,SQL,SQL Server,Database,SA,Audit,DDL Trigger,Security

Previous: Copy database backup files using XCOPY command
Next: Copy database backup files using SQLCMD and FOR /F commands

Paresh Prajapati

6 · 22% · 7054

Liked

Lifesaver

Refreshed

Learned

Incorrect


Like this
Post this to my facebook wall
Tweet this
This was a true life saver
Thanks, this helped me to refresh my memory
Very informative, I just learned something new
I disagree, this information is incorrect


	Submit

1 Comments

This FOR LOGON trigger is good to know.

But I think most applications do not authenticate a user via a SQL Server login (of either type). They do their own authentication and logging. And if your application is a a web app then you have the usual problem of not really knowing when a user logged off.

We could use this blog to compare our logging table definitions. I would be curious to see the tables other people have defined and use in the real world. Mine looks as follows:

create table myeventlog
  (
  eventid         int identity(1,1),
  processname    varchar(50),
  computername   varchar(50),
  networkuser    varchar(50),

  appuser        varchar(50),
  timestarted    datetime,
  timeended      datetime,
  elapsedminutes decimal(10,2),
  eventinfo1     varchar(1000),
  eventinfo2     varchar(1000),
  eventinfo3     varchar(1000)
  )

commented on Nov 2 2012 3:53AM

SQLIdeas

Logon trigger in SQL Server

1 Comments

Your Comment