The extrainfo column contains a sequence of data separated by semicolons. The data is organized in the following categories.
Position |
Category |
Description |
|---|---|---|
1 |
Roles |
A list of active roles, separated by blanks. |
2 |
Keywords or Options |
The name of the keyword or option that was used for the event. For example, for the alter table command, the add column or drop constraint options might have been used. If multiple keywords or options are listed, they are separated by commas. |
3 |
Previous value |
If the event resulted in the update of a value, this item contains the value prior to the update. |
4 |
Current value |
If the event resulted in the update of a value, this item contains the new value. |
5 |
Other information |
Additional security-relevant information that is recorded for the event. |
6 |
Proxy information |
The original login name if the event occurred while a set proxy was in effect. |
7 |
Principal name |
The principal name from the underlying security mechanism if the user’s login is the secure default login, and the user logged into Adaptive Server via unified login. The value of this item is NULL if the secure default login is not being used. |
This example shows an extrainfo column entry for the event of changing an auditing configuration parameter.
sso_role;suspend audit when device full;1;0;;ralph;
This entry indicates that a System Security Officer changed suspend audit when device full from 1 to 0. There is no “other information” for this entry. The sixth category indicates that the user “ralph” was operating with a proxy login. No principal name is provided.
The other fields in the audit record give other pertinent information. For example, the record contains the server user ID (suid) and the login name (loginname).
Table 12-6 lists the values that appear in the event column, arranged by sp_audit option. The “Information in extrainfo” column describes information that might appear in the extrainfo column of an audit table, based on the categories described in Table 12-5.
Audit Option |
Command or access to be audited |
event |
Information in extrainfo |
|---|---|---|---|
(Automatically audited event not controlled by an option) |
Enabling auditing with: sp_configure auditing |
73 |
— |
(Automatically audited event not controlled by an option) |
Disabling auditing with: sp_configure auditing |
74 |
— |
adhoc |
User-defined audit record |
1 |
extrainfo is filled by the text parameter of sp_addauditrecord |
alter |
alter database |
2 |
Keywords or options:
|
alter table |
3 |
Keywords or options:
|
|
bcp |
bcp in |
4 |
— |
bind |
sp_bindefault |
6 |
Other information: Name of the default |
sp_bindmsg |
7 |
Other information: Message ID |
|
sp_bindrule |
8 |
Other information: Name of the rule |
|
create |
create database |
9 |
— |
create default |
14 |
— |
|
create procedure |
11 |
— |
|
create rule |
13 |
— |
|
create table |
10 |
— |
|
create trigger |
12 |
— |
|
create view |
16 |
— |
|
sp_addmessage |
15 |
Other information: Message number |
|
dbaccess |
Any access to the database by any user |
17 |
Keywords or options:
|
dbcc |
dbcc (all keywords) |
81 |
Keywords or options: Any of the dbcc keywords such as checkstorage and the options for that keyword. |
delete |
delete from a table |
18 |
Keywords or options: delete |
delete from a view |
19 |
Keywords or options: delete |
|
disk |
disk init |
20 |
Keywords or options: disk init Other information: Name of the disk |
disk mirror |
23 |
Keywords or options: disk mirror Other information: Name of the disk |
|
disk refit |
21 |
Keywords or options: disk refit Other information: Name of the disk |
|
disk reinit |
22 |
Keywords or options: disk reinit Other information: Name of the disk |
|
disk remirror |
25 |
Keywords or options: disk remirror Other information: Name of the disk |
|
disk unmirror |
24 |
Keywords or options: disk unmirror Other information: Name of the disk |
|
drop |
drop database |
26 |
— |
drop default |
31 |
— |
|
drop procedure |
28 |
— |
|
drop table |
27 |
— |
|
drop trigger |
29 |
— |
|
drop rule |
30 |
— |
|
drop view |
33 |
— |
|
sp_dropmessage |
32 |
Other information: Message number |
|
dump |
dump database |
34 |
— |
dump transaction |
35 |
— |
|
errors |
Fatal error |
36 |
Other information: Error number.Severity.State |
Non-fatal error |
37 |
Other information: Error number.Severity.State |
|
exec_procedure |
Execution of a procedure |
38 |
Other information: All input parameters |
exec_trigger |
Execution of a trigger |
39 |
— |
func_obj_access, func_dbaccess |
Accesses to objects and databases via Transact-SQL functions |
85 |
— |
grant |
grant |
40 |
— |
insert |
insert into a table |
41 |
Keywords or options:
|
insert into a view |
42 |
Keywords or options: insert |
|
load |
load database |
43 |
— |
load transaction |
44 |
— |
|
login |
Any login to the server |
45 |
Other information: Host name of the machine from which login was done |
logout |
Any logouts from the server |
46 |
Other information: Host name of the machine from which login was done |
reference |
Creation of references to tables |
91 |
Keywords or options: reference Other information: Name of the referencing table |
revoke |
revoke |
47 |
— |
roles |
create role, drop role, alter role, grant role, revoke role |
85 |
— |
rpc |
Remote procedure call from another server |
48 |
Keywords or options: Name of client program Other information: Server name, host name of the machine from which the RPC was done. |
Remote procedure call to another server |
49 |
Keywords or options: Procedure name |
|
security |
connect to (CIS only) |
90 |
Keywords or options: connect to |
kill (CIS only) |
89 |
Keywords or options: kill |
|
online database |
83 |
— |
|
proc_role function (executed from within a system procedure) |
80 |
Other information: Required roles |
|
Regeneration of a password by an SSO |
76 |
Keywords or options: Setting SSO password Other information: Login name |
|
Role toggling |
55 |
Previous value: on or off Current value: on or off Other information: Name of the role being set |
|
Server start |
50 |
Other information:
|
|
Server shutdown |
51 |
Keywords or options: shutdown |
|
set proxy or set session authorization |
88 |
Previous value: Previous suid Current value: New suid |
|
sp_configure |
82 |
Other information:
|
|
valid_user |
85 |
Keywords or options: valid_user |
|
select |
select from a table |
62 |
Keywords or options:
|
select from a view |
63 |
Keywords or options:
|
|
setuser |
setuser |
84 |
Other information: Name of the user being set |
table_access |
delete |
18 |
Keywords or options: delete |
insert |
41 |
Keywords or options: insert |
|
select |
62 |
Keywords or options:
|
|
update |
70 |
Keywords or options:
|
|
truncate |
truncate table |
64 |
— |
unbind |
sp_unbindefault |
67 |
— |
sp_unbindmsg |
69 |
— |
|
sp_unbindrule |
68 |
— |
|
update |
update to a table |
70 |
Keywords or options:
|
update to a view |
71 |
Keywords or options:
|
|
view_access |
delete |
19 |
Keywords or options: delete |
insert |
42 |
Keywords or options: insert |
|
select |
63 |
Keywords or options:
|
|
update |
71 |
Keywords or options:
|
