Databases Reference
In-Depth Information
In our example, the relevant trace events are:
14: Successful user sign-on
15: Sign out of the database
20: Sign-on failure
Once you define which events to include in the trace, you can define
which values you want to capture; the available columns are shown in Table
9.2. As you can see, a lot of information would be available to an attacker
based on these columns and the events.
Table 9.2
Available column entries for a SQL Server trace event
Column
number
Column name
Description
1
TextData
Text value dependent on the event class that is captured in the trace.
2
BinaryData
Binary value dependent on the event class captured in the trace.
3
DatabaseID
ID of the database specified by the USE
database
statement, or the
default database if no USE
database
statement is issued for a given
connection.
The value for a database can be determined by using the DB_ID
function.
4
TransactionID
System-assigned ID of the transaction.
6
NTUserName
Microsoft Windows NT® username.
7
NTDomainName
Windows NT domain to which the user belongs.
8
ClientHostName
Name of the client computer that originated the request.
9
ClientProcessID
ID assigned by the client computer to the process in which the cli-
ent application is running.
10
ApplicationName
Name of the client application that created the connection to an
instance of SQL Server. This column is populated with the values
passed by the application rather than the displayed name of the pro-
gram.
11
SQLSecurityLoginName
SQL Server login name of the client.
12
SPID
Server Process ID assigned by SQL Server to the process associated
with the client.
13
Duration
Amount of elapsed time (in milliseconds) taken by the event. This
data column is not populated by the Hash Warning event.
14
StartTime
Time at which the event started, when available.
Search WWH ::
Custom Search