Audit logs#
The Server Audit feature enables you to audit server-level and database-level events and groups of events.
Audits consist of zero or more audit action items, which are recorded to an audit target. As of now, Querona supports a Microsoft SQL Server table as an audit target.
The records sent to the target contain the elements described in the following table:
Column name |
Description |
Type |
Always available |
|---|---|---|---|
Event time |
Date/time when the auditable action is fired. |
datetime2 |
Yes |
Sequence Number |
Tracks the sequence of records within a single audit record that was too large to fit in the write buffer for audits. |
int |
Yes |
Action ID |
ID of the action. |
varchar(4) |
Yes |
Succeeded |
Indicates whether or not the permission check of the action triggering the audit event succeeded or failed. |
bit (-1 = Success, 0 = Failure) |
Yes |
Permission Bit Mask |
When applicable, shows the permissions that were granted, denied, or revoked. |
bigint |
No |
Column Permission |
Flag indicating a column level permission |
bit (-1 = True, 0 = False) |
No |
Server Instance Name |
Name of the server instance where the audit occurred. |
nvarchar(120) |
Yes |
Class Type |
Type of auditable entity that the audit occurs on. |
varchar(2) |
Yes |
Server Principal ID |
ID of the login context that the action is performed in. |
int |
Yes |
Database Principal ID |
ID of the database user context that the action is performed in. |
int |
No |
Target Server Principal ID |
Server principal that the auditable action applies to. |
int |
Yes |
Target Database Principal ID |
Database principal that the auditable action applies to. |
int |
No |
Object ID |
The primary ID of the entity on which the audit occurred. This ID can be: server objects, databases, database objects, schema objects |
int |
No |
Server Principal Name |
Current login. |
sysname |
Yes |
Server Principal SID |
Current login SID. |
varbinary |
Yes |
Database Principal Name |
Current user. |
sysname |
No |
Target Server Principal Name |
Target login of the action. |
sysname |
No |
Target Server Principal SID |
SID of the target login. |
varbinary |
No |
Target Database Principal Name |
Target user of the action. |
sysname |
No |
Database Name |
The database context in which the action occurred. |
sysname |
No |
Schema Name |
The schema context in which the action occurred. |
sysname |
No |
Object Name |
The name of the entity of the entity on which the audit occurred. This name can be: server objects, databases, database objects, schema objects, TSQL statement (if any) |
sysname |
No |
Statement |
TSQL statement (if any) |
nvarchar(4000) |
No |
Additional Information |
Any additional information about the event, stored as XML. |
nvarchar(4000) |
No |
For more information about managing logging options see Engine configuration chapter in the Administration Guide.