This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 96%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
Hi Expert,
How to exclude Column [Action ID] with record 'SELECT','EXECUTE' & 'VIEW' action?
I've filtered [Action ID] using conversion to INT type to getting ID of the action(Select,Execute,View)
but it still not worked ..
any suggestion?
great thanks for all respond
warm regards,
UrBel
Core component of SQL Server for storing, processing, and securing data
Hi,
I mean filtered on Audit Properties...
Hi,
I mean filtered on Audit Properties..
[action_id]<>(12345678) AND ...
(12345678) refer to SELECT action
i think it require integer value on Audit Properties
regards,
UrBel
Can you tell what you are trying to achieve? That is, what do you want to audit? And what do you want to exclude? This AuditID? is this a column in your table/view? Are you setting up a server or database audit?
Hi Erland,
I just want to exclude SELECT and EXECUTE action on my Database\Server Audit Specification, so Only INSERT,DELETE,UPDATE action I need to be logged & displayed on View Audit log as well
I've set filter for excluding SELECT & EXECUTE action on my Database\Server Audit Specification Properties but action of SELECT & EXECUTE event still be logged & displayed on View Audit Log menu
regards,
Urbel
Answer accepted by question author
So while you could filter the server audit by the actions, that seems heavy-handed. Why not set up the database audit specification to only capture the operations you want:
CREATE DATABASE AUDIT SPECIFICATION AuditSpec FOR SERVER AUDIT YourServerAudit
ADD (INSERT, UPDATE, DELETE ON dbo.Orders BY public)
WITH (STATE = ON)
Answer accepted by question author
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 63%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Did you try this?
-- after generating a SELECT and an EXECUTE event, find their integers:
SELECT DISTINCT action_id, CAST(action_id AS INT) AS action_id_int FROM sys.fn_get_audit_file('C:\YourAuditPath\*.sqlaudit', NULL, NULL) WHERE action_id IN ('SL ', 'EX ');
-- then:
ALTER SERVER AUDIT [YourServerAuditName] WITH (STATE = OFF);
ALTER SERVER AUDIT [YourServerAuditName] WHERE (action_id <> <SELECT_int> AND action_id <> <EXECUTE_int>);
ALTER SERVER AUDIT [YourServerAuditName] WITH (STATE = ON);
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 35%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELN%3C/text%3E%3C/svg%3E)
Hi @Urbel ,
Following up to confirm if the earlier responses addressed your query. If not, please share your questions and we'll assist further
Thanks,
Lakshmi
Answer accepted by question author
AI answer
In SQL Server Audit, the action_id column in the audit log is a varchar(4), not an int. To filter out specific actions such as SELECT, EXECUTE, and VIEW in a database audit specification, use the audit action names and their corresponding action_id values from sys.dm_audit_actions, and filter on the character action_id (not by converting it to int).
General approach:
action_id values for the actions to exclude:
SELECT action_id, name
FROM sys.dm_audit_actions
WHERE name IN ('SELECT', 'EXECUTE', 'VIEW DEFINITION');
action_id values in the audit predicate or in queries against the audit log, for example:
SELECT *
FROM sys.fn_get_audit_file('your_audit_path', NULL, NULL)
WHERE action_id NOT IN ('SLCT', 'EX', 'VWDF'); -- sample IDs; use actual values from step 1
Key points:
action_id in the audit log and in sys.dm_audit_actions is varchar(4) and should be compared as text.sys.dm_audit_actions to map between the human-readable action name (SELECT, EXECUTE, VIEW DEFINITION, etc.) and the action_id used in audit records.action_id to int for filtering; that breaks the match and causes the filter to fail.References: