接受一個朋友的委託,希望對SBO的事務日誌進行記錄,並且提供查詢分析功能,說實話,行爲日誌與審計不管對於操作系統、數據庫系統或者是用戶軟件,儘管都是安全考慮所需要的,但是要真正的實現並且通用起來審計,是有難度的。
不過受人之託,還是忠人之事吧,用純Sql方式實現了一個簡單的日誌記錄與查詢【姑且算是審計吧】。畢竟運行於SBO之上採用的是沒有經過任何的控制介入的方法,侷限太多,但是對於要求不太高的單位,還是夠用了。
第一步 請在Sql server的查詢分析器中運行一下腳本
1.1 創建日誌表
if exists(_select* from dbo.sysobjects where id = object_id(N'fsTransLog') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table fsTransLog
go
if exists(_select* from dbo.sysobjects where id = object_id(N'fsTransLog') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table fsTransLog
go
create table fsTransLog
(
AutoKey int IDENTITY (1, 1) NOT FOR REPLICATION NOT null,
ObjectType nvarchar(25),
TransType nvarchar(1),
KeyNum int,
KeyColumns nvarchar(255),
KeyValues nvarchar(255),
Result int default 0,
ErrNotes nvarchar(255),
TransUser int,
TransTime datetime
)
go
(
AutoKey int IDENTITY (1, 1) NOT FOR REPLICATION NOT null,
ObjectType nvarchar(25),
TransType nvarchar(1),
KeyNum int,
KeyColumns nvarchar(255),
KeyValues nvarchar(255),
Result int default 0,
ErrNotes nvarchar(255),
TransUser int,
TransTime datetime
)
go
1.2 創建事務表單對應表,在此表中定義的事務才進行日誌記錄,請務必填寫此表單【表單內容個填寫方式可以參見附件內容】,以確保您的事務日誌被記錄,和日誌報表信息的明晰。
if exists(_select* from dbo.sysobjects where id = object_id(N'fsTransTable') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table fsTransTable
go
if exists(_select* from dbo.sysobjects where id = object_id(N'fsTransTable') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table fsTransTable
go
create table fsTransTable
(
AutoKey int IDENTITY (1, 1) NOT FOR REPLICATION NOT null,
TransType nvarchar(25) not null, --事務類型:13,銷售發票;15,銷售交貨....
TransName nvarchar(50), --事務類型名稱:13,銷售發票;15,銷售交貨....
TransTable nvarchar(30), --事務對應的數據表:銷售發票對應OINV,銷售交貨對應ORIN
TransKey nvarchar(255) not null,
KeyName nvarchar(1000),
UserField nvarchar(30) default 'UserSign',
IsActive bit default 0
)
go
(
AutoKey int IDENTITY (1, 1) NOT FOR REPLICATION NOT null,
TransType nvarchar(25) not null, --事務類型:13,銷售發票;15,銷售交貨....
TransName nvarchar(50), --事務類型名稱:13,銷售發票;15,銷售交貨....
TransTable nvarchar(30), --事務對應的數據表:銷售發票對應OINV,銷售交貨對應ORIN
TransKey nvarchar(255) not null,
KeyName nvarchar(1000),
UserField nvarchar(30) default 'UserSign',
IsActive bit default 0
)
go
if exists(_select* from dbo.sysobjects where id = object_id(N'fsTransType') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table fsTransType
go
drop table fsTransType
go
create table fsTransType
(
TransType nvarchar(1) not null,
TransName nvarchar(50)
)
go
(
TransType nvarchar(1) not null,
TransName nvarchar(50)
)
go
_insertINTO fsTransType(TransType,TransName)VALUES(N'A',N'添加')
_insertINTO fsTransType(TransType,TransName)VALUES(N'U',N'修改')
_insertINTO fsTransType(TransType,TransName)VALUES(N'D',N'刪除')
_insertINTO fsTransType(TransType,TransName)VALUES(N'C',N'取消')
_insertINTO fsTransType(TransType,TransName)VALUES(N'L',N'關閉')
_insertINTO fsTransType(TransType,TransName)VALUES(N'U',N'修改')
_insertINTO fsTransType(TransType,TransName)VALUES(N'D',N'刪除')
_insertINTO fsTransType(TransType,TransName)VALUES(N'C',N'取消')
_insertINTO fsTransType(TransType,TransName)VALUES(N'L',N'關閉')
1.3 創建保存事務日誌的存儲過程
如果希望對所有的日誌進行記錄,就去掉 if exists(_select...) 那一行語句
if exists (_select* from dbo.sysobjects where id = object_id(N'[dbo].[fsup_WriteTransLog]') and OBJECTPROPERTY(id, N'IsProcedure') = 1)
drop procedure [dbo].[fsup_WriteTransLog]
go
如果希望對所有的日誌進行記錄,就去掉 if exists(_select...) 那一行語句
if exists (_select* from dbo.sysobjects where id = object_id(N'[dbo].[fsup_WriteTransLog]') and OBJECTPROPERTY(id, N'IsProcedure') = 1)
drop procedure [dbo].[fsup_WriteTransLog]
go
create procedure fsup_WriteTransLog
@ObjectType nvarchar(25),
@TransType nchar(1),
@KeyNum int,
@KeyColumns nvarchar(255),
@KeyValues nvarchar(255),
@Result int,
@ErrNotes nvarchar(255)
as
begin
if exists(_select* FROM fsTransTable WHERE Upper(TransType)=Upper(@ObjectType) AND IsActive=1)
begin
_declare@table nvarchar(30), @TransKey nvarchar(300), @UserField nvarchar(50), @strSql nvarchar(4000), @UserId int
@ObjectType nvarchar(25),
@TransType nchar(1),
@KeyNum int,
@KeyColumns nvarchar(255),
@KeyValues nvarchar(255),
@Result int,
@ErrNotes nvarchar(255)
as
begin
if exists(_select* FROM fsTransTable WHERE Upper(TransType)=Upper(@ObjectType) AND IsActive=1)
begin
_declare@table nvarchar(30), @TransKey nvarchar(300), @UserField nvarchar(50), @strSql nvarchar(4000), @UserId int
CREATE TABLE #TransUser (UserId int)
_select@table=TransTable, @TransKey=TransKey, @UserField=UserField FROM fsTransTable WHERE Upper(TransType)=Upper(@ObjectType)
if (IsNull(@UserField,'')<>'')
begin
_select@strSql = '_insertINTO #TransUser(UserId) _select' + @UserField + ' FROM ' + @table + ' WHERE ' + @TransKey + '=N''' + @KeyValues + ''''
__execUTE(@strSql)
_select@UserId=UserId FROM #TransUser
end
if (IsNull(@UserField,'')<>'')
begin
_select@strSql = '_insertINTO #TransUser(UserId) _select' + @UserField + ' FROM ' + @table + ' WHERE ' + @TransKey + '=N''' + @KeyValues + ''''
__execUTE(@strSql)
_select@UserId=UserId FROM #TransUser
end
_insertINTO fsTransLog(ObjectType,TransType,KeyNum,KeyColumns,KeyValues,Result,ErrNotes,TransTime,TransUser)
VALUES(@ObjectType,@TransType,@KeyNum,@KeyColumns,@KeyValues,@Result,@ErrNotes,getdate(),@UserId)
end
end
go
VALUES(@ObjectType,@TransType,@KeyNum,@KeyColumns,@KeyValues,@Result,@ErrNotes,getdate(),@UserId)
end
end
go
第二步 在 SBO_SP_TransactionNotification 過程的最後部分的_select@error, @error_message之前,加入以下語句。 對於自定義的中途捕捉到事務錯誤提前返回的,應該在 return 之前加入以下語句, 沒有這個添加就不會記錄日誌
__exec fsup_WriteTransLog @object_type,@transaction_type,@num_of_cols_in_key,@list_of_key_cols_tab_del,@list_of_cols_val_tab_del, @error, @error_message
__exec fsup_WriteTransLog @object_type,@transaction_type,@num_of_cols_in_key,@list_of_key_cols_tab_del,@list_of_cols_val_tab_del, @error, @error_message
第三步 事務日誌報表,在自定義報表中作如下定義
侷限:
-- 1、由於SBO的原因,查詢條件顯示的不很友好,都是最後登錄時間
-- 2、由於SBO的報表侷限,無法實現深度關聯查詢
_declare@sd datetime, @ed datetime, @userid int
侷限:
-- 1、由於SBO的原因,查詢條件顯示的不很友好,都是最後登錄時間
-- 2、由於SBO的報表侷限,無法實現深度關聯查詢
_declare@sd datetime, @ed datetime, @userid int
_select@sd=min(a.lastLogin) FROM OUSR a WHERE a.LastLogin>='[%0]'
_select@ed=max(b.lastLogin) FROM OUSR b WHERE b.LastLogin<='[%1]'
_select@userid=c.INTERNAL_K FROM OUSR c WHERE c.U_Name<='[%2]'
_select@ed=max(b.lastLogin) FROM OUSR b WHERE b.LastLogin<='[%1]'
_select@userid=c.INTERNAL_K FROM OUSR c WHERE c.U_Name<='[%2]'
_select@sd=__cast(Convert(nvarchar(10), IsNull(@sd, '2000-1-1'), 121) as datetime)
_select@ed=__cast(Convert(nvarchar(10), IsNull(@ed, getdate()), 121) + ' 23:59:59' as datetime)
_select@userid=IsNull(@userid,-100)
_select@ed=__cast(Convert(nvarchar(10), IsNull(@ed, getdate()), 121) + ' 23:59:59' as datetime)
_select@userid=IsNull(@userid,-100)
_selectTransTime 事務時間, TransUser 用戶標識, User_Code 用戶代碼, U_NAME 用戶名, b.TransType 事務代碼, b.TransTable 事務表單, b.TransName 事務名稱, a.TransType 事務類型, d.TransName 事務類型名稱, KeyColumns 事務標識, KeyName 事務標識名稱, KeyValues 事務標識值, case when Result=0 then N'成功' else N'失敗:'+ErrNotes + N'[' + __cast(Result as nvarchar(20)) +']' end 事務結果
from fsTransLog a left join fsTransTable b on a.ObjectType=b.TransType
left join OUSR c on a.TransUser=c.INTERNAL_K
inner join fsTransType d on a.TransType=d.TransType
WHERE a.TransTime BETWEEN @sd AND @ed AND (a.TransUser=@userid OR @userid=-100)
from fsTransLog a left join fsTransTable b on a.ObjectType=b.TransType
left join OUSR c on a.TransUser=c.INTERNAL_K
inner join fsTransType d on a.TransType=d.TransType
WHERE a.TransTime BETWEEN @sd AND @ed AND (a.TransUser=@userid OR @userid=-100)
執行效果,進入到SBO查詢分析器,執行上述查詢分析代碼,選擇日誌時段和日誌對象,得到相應的結果如下:
