• Home
• Topics
• Microsoft SQL Server Administration
• SQL-Transact SQL (T-SQL)
• Create DDL table in SQL Server 2005 to audit DDL trigger activity

Creating the DDL audit table

The audit table stores the event-related information that is generated each time a specified type of DDL event fires. For example, if you delete a view from your database, a DROP_VIEW event is generated. You can use a DDL trigger to capture the event information and store it to your table.

The audit table should, at the very least, contain an XML column that stores the event-related data. You'll see later how SQL Server generates the data in an XML format. The table, of course, should also include a primary key column. The following statement creates a basic audit table in the AdventureWorks database:

CREATE TABLE dbo.EventLog
(EventID INT PRIMARY KEY IDENTITY,
EventInstance XML NOT NULL)
GO

Notice that I've included the EventID column as the primary key and how the EventInstance column will hold the XML data related to each event. Every time a DDL event is generated, a row will be added to the table. You can then retrieve the contents of the EventInstance column to view information about a specific event.

Creating the DDL trigger

After you create your audit table, you should define the DDL trigger. The following CREATE TRIGGER statement defines a trigger that will insert event-related data into the EventLog table each time a DDL event occurs within the AdventureWorks database:

CREATE TRIGGER LogEvents
ON DATABASE
AFTER DDL_DATABASE_LEVEL_EVENTS
AS
INSERT INTO dbo.EventLog (EventInstance)
VALUES (EVENTDATA())

Let's take a look at each line of the code to better understand what I've done. The CREATE TRIGGER clause simply identifies the name of the new trigger, which in this case is LogEvents. The second line -- ON DATABASE -- indicates that the trigger will be created at the database level. You can also create triggers that fire whenever a DDL event occurs on the server, in which case you would use the ON ALL SERVER option. However, for this example, we're concerned only with DDL events related to the AdventureWorks database.

The next line of code -- AFTER DDL_DATABASE_LEVEL_EVENTS -- is the AFTER clause. The first part of this clause is the AFTER keyword, which indicates that the trigger should fire only after the related operation (specified in the second part of the clause) has executed successfully. Instead of specifying AFTER, you can specify the FOR keyword, which means that the event fires as soon as the DDL event occurs. In this case, I prefer to log these operations only after they have run successfully.

The next part of the AFTER clause specifies the event type or group. This is where you stipulate which DDL events should cause the trigger to fire. I chose the DDL_DATABASE_LEVEL_EVENTS option (an event group) because I want to audit all DDL events at the database level. However, you can choose another group or individual event types. If you specify more than one event group or type, use commas to separate the options. For details about each event type and group, see the "CREATE TRIGGER (Transact-SQL)" topic in Microsoft SQL Server Books Online.

After I specify the event group, I add an AS keyword, followed by an INSERT statement, which inserts a row into the EventLog table each time the trigger fires. I get the value for the EventInstance column by calling the EVENTDATA() system function, which retrieves event-related data (in XML format). When the event fires, the function provides the necessary value.

That's all there is to setting up a basic auditing solution. Now let's test it to verify the results.

Testing the auditing solution

The best way to test the solution is to run a couple DDL statements against the AdventureWorks database. The following statements create the Person.Contact2 table and then drop the table:

SELECT FirstName, LastName, EmailAddress
INTO Person.Contact2
FROM Person.Contact
GO
DROP TABLE Person.Contact2

Both statements should generate DDL events on the AdventureWorks database and subsequently fire the LogEvents trigger. To verify whether the trigger correctly logged these two events, simply run the following SELECT statement:
SELECT * FROM dbo.EventLog

The statement should return two rows. For each row, the EventInstance column should include the XML related to the specific event. If you were to view the XML for the first row, you should see the following results:

Notice that the event data includes the event type, the object that was created, and the command used to create the table, along with other information. If you prefer to retrieve only specific information from the EventInstance column, you can use XQuery expressions to access individual element values. For example, the following SELECT statement uses the XML value() method to retrieve the event type, schema name and object name:

SELECT EventID,
EventInstance.value('(//EventType)[1]',
'nvarchar(30)') AS EventType,
EventInstance.value('concat((//SchemaName)[1],
".", (//ObjectName)[1])', 'nvarchar(60)')
AS ObjectName
FROM dbo.EventLog

As you can see, I call the value() method by first specifying the EventInstance column, which is defined with the XML data type. I can call any XML method in this way. The value() method includes two arguments. The first identifies the XML element whose value I want to retrieve. The second identifies the data type. The first argument should be enclosed in parentheses and followed by [1] because the value() method returns only scalar values. Even if the specified element is unique within the XML (as in this case), you must still specify the [1]. When you run this SELECT statement, you should receive the following results:

(2 row(s) affected)

The results show the CREATE_TABLE and DROP_TABLE event types, exactly what you would expect based on the DDL statements I ran. Because SQL Server now supports Data Definition Language (DDL) triggers, it's quite easy to audit the events generated by these types of statements.

As I've shown you here, a simple approach to auditing events is to create an audit table in SQL Server and define a DDL trigger. However, you can use DDL triggers to take actions other than inserting a row in an audit table. For example, you can send an email message to a specified recipient when a particular DDL event occurs. When you create a DDL trigger, you can define one or more Transact-SQL statements that do whatever you want them to do, which lets you create triggers that can perform a wide variety of tasks.

ABOUT THE AUTHOR
Robert Sheldon is a technical consultant and the author of numerous books, articles, and training material related to Microsoft Windows, various relational database management systems, and business intelligence design and implementation. You can find more information at  http://www.rhsheldon.com.

More from Related TechTarget Sites

• Business Analytics
• Data Center
• Data Management
• Data Management UK
• Oracle
• Content Management
• Windows Server

• Business Analytics

  • Geospatial data could transform the way government does business

    With the help of geospatial data and visualization techniques, government can make decisions for constituents that are smarter and have more impact.

  • Mobile BI apps move up the corporate priority list

    The growing use of tablet PCs and smartphones is spurring demand for mobile business intelligence capabilities from end users. Are you ready?

  • BI competency center brings coordination -- but with complications

    Managed effectively, business intelligence competency centers help align BI projects with corporate goals. But they also can become BI bottlenecks.

• Data Center

  • Introducing the software-defined data center

    The software-defined data center is here to stay, but what does that mean for IT pros?

  • Five examples of doublespeak from cutting edge technology vendors

    The terms used by vendors to describe cutting edge technology are often colorful. Here are five examples of vendor claims and the truth behind the tech.

  • Two data center hosting companies, one building and Hurricane Sandy

    Updated: Two data center hosting companies make their home in one building in Manhattan, which flooded Sunday.

• Data Management

  • IBM executives, customers share 'big data' tips at Information on Demand

    An IBM VP and a user from Sprint took to the stage at the vendor's Information on Demand conference to offer advice on how to make sense of big data.

  • Zornes connects the dots between big data and master data management

    Consultant Aaron Zornes believes that MDM and big data were made for one another.

  • IT pros reveal benefits, drawbacks of data virtualization software

    Attendees at Composite Software's Data Virtualization Day conference had plenty of advice for companies considering a data virtualization project.

• DataManagement UK

  • Big data roundtable webcast: gaining value from big data

    Roundtable discussion on business value of big data, chaired by Brian McKenna, Editor, SearchDataManagementUK, and featuring Mike Ferguson, Roxane Edjlali (Gartner), Joshua LeCure (GlaxoSmithKline).

  • 2012 training courses: BI, data management, data warehousing

    Find out where to hone your business intelligence, data management and data warehouse skills with this list of training courses for 2012.

  • Poor data quality: what is dirty data costing UK organisations?

    Poor data quality can have serious financial consequences for businesses. Read about the current state of data quality management at UK companies, including dirty data problems.

• Oracle

  • Oracle Solaris 11.1 update focuses on database integration, cloud

    The Oracle Solaris 11.1 operating system update is keyed in on integration with Oracle Database and cloud computing features.

  • Oracle E-Business Suite R12 upgrade aided by checklists

    A pre- and post-upgrade checklist will go a long way toward ensuring a successful Oracle E-Business Suite R12 upgrade.

  • How to copy Oracle Database 9i to a new server

    Expert Brian Peasland explains to one puzzled reader how to copy Oracle Database 9i from one production server to another.

• Content Management

  • Successful social collaboration efforts have common key facets

    Three examples of companies that have taken different routes to implementing enterprise social collaboration demonstrate that they share similarities that might explain their success.

  • Personal privacy an issue in enterprise social plans at multinationals

    Different cultures view personal privacy matters differently. Multinationals wanting improved collaboration must plan enterprise social networks adoption carefully.

  • Three questions bring focus to document imaging, management planning

    Asking three questions about organizational needs helps map out an effective document management and imaging process, says IT consultant Steve Weissman.

• Windows Server

  • Microsoft signals 'Cloud OS' ambitions with Windows Server 2012

    With Windows Server 2012 out, Microsoft solidified its position as a cloud-oriented company. Experts wonder if the move will resonate with customers.

  • Microsoft tries 'kitchen sink' method for Windows Server 2012 upgrade

    With the Windows Server 2012 upgrade available, Microsoft experts analyze the risks and rewards of the feature-rich release.

  • FAQ: Clustering in Windows Server 2012

    Clustering in Windows went through major change with the Windows Server 2012 release. Here's what's new and how to take advantage of the improvements.

• About Us
• Contact Us
• Site Index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget Corporate site
• Reprints
• Site map