Can't login to SQL Server due to active trigger

r1wp621o  于 8个月前  发布在  SQL Server
关注(0)|答案(1)|浏览(89)

I'm playing around with triggers on our SQL Server. After dropping some logon triggers to allow login of some users from specific IP's only. Didn't get it to work.

Actually I do some auditing with a logon trigger.

When I try to login from grafana (was one of the users mentioned above) I get the message that it can't logon due to active triggers.

Here is the trigger:

ALTER TRIGGER [LogonAuditTrigger] /* Creates trigger for logons */
ON ALL SERVER 
FOR LOGON
AS

BEGIN
DECLARE @LogonTriggerData xml,
@EventTime datetime,
@LoginName varchar(50),
@ClientHost varchar(50),
@LoginType varchar(50),
@HostName varchar(50),
@AppName varchar(500)

SET @LogonTriggerData = eventdata()

SET @EventTime = @LogonTriggerData.value('(/EVENT_INSTANCE/PostTime)[1]', 'datetime')
SET @LoginName = @LogonTriggerData.value('(/EVENT_INSTANCE/LoginName)[1]', 'varchar(50)')
SET @ClientHost = @LogonTriggerData.value('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(50)')
SET @HostName = HOST_NAME()
SET @AppName = APP_NAME()

INSERT INTO [LogonAudit].[dbo].[LogonAuditing]
(
SessionId,
LogonTime,
HostName,
ProgramName,
LoginName,
ClientHost
)
SELECT
@@spid,
@EventTime,
@HostName,
@AppName,
@LoginName,
@ClientHost

END

This is the error message:

Error logging in with the username 'grafana' due to trigger execution

Disabling the trigger let Grafana login to the SQL Server, but I expect to get it work with activated trigger to log the logins.

sql-server

1条答案

按热度按时间
7jmck4yq

7jmck4yq1#

It's possible you can start by changing LoginName in the audit table to allow NULL , since this may not be available the way you're pulling from the XML in the case of SQL authentication logins. (And in fact I don't think you necessarily need the heavy EventData() XML at all.)

Next, you need to make sure your audit table supports the data that you might try to insert - login names, program names, and host names can all be up to nvarchar(128) , so that's how your columns and variable declarations should be declared.

Though, I don't think it needs both ClientHost and HostName since I don't know when those could be different.

Then hopefully you can log any error messages somewhere else.

ALTER TRIGGER [LogonAuditTrigger]
ON ALL SERVER 
FOR LOGON
AS
BEGIN
  DECLARE @EventTime  datetime      = getutcdate(),
          @LoginName  nvarchar(128) = ORIGINAL_LOGIN(),
          @HostName   nvarchar(128) = HOST_NAME(),
          @AppName    nvarchar(128) = APP_NAME();

  BEGIN TRY
    INSERT LogonAudit.dbo.LogonAuditing
    (
      SessionId,
      LogonTime,
      HostName,
      ProgramName,
      LoginName
    )
    SELECT
      @@spid,
      @EventTime,
      @HostName,
      @AppName,
      @LoginName;
  END TRY
  BEGIN CATCH
    INSERT dbo.LoggingTable ... stuff including ERROR_MESSAGE() ...
    THROW();
  END CATCH
END

The only other problem would be if the grafana user doesn't have the ability to write to the audit table (or the logging table). Try to insert a row manually using EXECUTE AS .

赞(0)分享  回复(0)举报  8个月前
我来回答

相关问题

    查看更多
    微信公众号

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com