I'm playing around with triggers on our SQL Server. After dropping some logon triggers to allow login of some users from specific IP's only. Didn't get it to work.
Actually I do some auditing with a logon trigger.
When I try to login from grafana (was one of the users mentioned above) I get the message that it can't logon due to active triggers.
Here is the trigger:
ALTER TRIGGER [LogonAuditTrigger] /* Creates trigger for logons */
ON ALL SERVER
FOR LOGON
AS
BEGIN
DECLARE @LogonTriggerData xml,
@EventTime datetime,
@LoginName varchar(50),
@ClientHost varchar(50),
@LoginType varchar(50),
@HostName varchar(50),
@AppName varchar(500)
SET @LogonTriggerData = eventdata()
SET @EventTime = @LogonTriggerData.value('(/EVENT_INSTANCE/PostTime)[1]', 'datetime')
SET @LoginName = @LogonTriggerData.value('(/EVENT_INSTANCE/LoginName)[1]', 'varchar(50)')
SET @ClientHost = @LogonTriggerData.value('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(50)')
SET @HostName = HOST_NAME()
SET @AppName = APP_NAME()
INSERT INTO [LogonAudit].[dbo].[LogonAuditing]
(
SessionId,
LogonTime,
HostName,
ProgramName,
LoginName,
ClientHost
)
SELECT
@@spid,
@EventTime,
@HostName,
@AppName,
@LoginName,
@ClientHost
END
This is the error message:
Error logging in with the username 'grafana' due to trigger execution
Disabling the trigger let Grafana login to the SQL Server, but I expect to get it work with activated trigger to log the logins.
1条答案
按热度按时间7jmck4yq1#
It's possible you can start by changing
LoginName
in the audit table to allowNULL
, since this may not be available the way you're pulling from the XML in the case of SQL authentication logins. (And in fact I don't think you necessarily need the heavyEventData()
XML at all.)Next, you need to make sure your audit table supports the data that you might try to insert - login names, program names, and host names can all be up to
nvarchar(128)
, so that's how your columns and variable declarations should be declared.Though, I don't think it needs both
ClientHost
andHostName
since I don't know when those could be different.Then hopefully you can log any error messages somewhere else.
The only other problem would be if the
grafana
user doesn't have the ability to write to the audit table (or the logging table). Try to insert a row manually usingEXECUTE AS
.