I have created SQL Server Database Audit specification as below, audit is working perfectly fine but INSERT, UPDATE, DELETE operations in the database when we pass variables in the
where clause, audit logs variable as is instead of value.
CREATE
DATABASE
AUDITSPECIFICATION [DatabaseAuditSpecification]
FOR
SERVER
AUDIT[Audit_001]
ADD (SELECT
ON
DATABASE::[XXX] BY [dbo]),
ADD (INSERT
ON
DATABASE::[XXX] BY [dbo]),
ADD (UPDATE
ON
DATABASE::[XXX] BY [dbo]),
ADD (EXECUTE
ON
DATABASE::[XXX] BY [dbo]),
ADD (DELETE
ON
DATABASE::[XXX] BY [dbo])
WITH (STATE
ON)
When I run the following T-SQL code in SQL Server, the audit file shows variables @Id , @Val that I declared in the code , instead of the values assigned in the code.
BEGIN
DECLARE @Id INT = 6;
DECLARE @Val Varchar(10) ='UPDATE NOW';
DELETE testTable WHERE col1 = @Id;
set @ID = 5;
UPDATE testTable set col2 =@Val WHERE col1 = @Id;
END
I used fn_get_audit_file to see the audit log, the below is the output of audit logs with variables instead of values passed in the code.
SELECT aud.action_id, aud.object_name AS [Object], aud.statement
FROM fn_get_audit_file('C:\Audit_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0000.sqlaudit',DEFAULT, DEFAULT) aud
where aud.action_id in ('UP','DL','IN') order by event_time desc
action_id Object
statement
DL testTable
DELETE testTable WHERE col1 = @Id
UP testTable
UPDATE testTable set col2 =@Val WHERE
col1 = @Id
IN testTable
INSERT INTO testTable VALUES('Insert Test2')
DL testTable
DELETE testTable WHERE col1 = @Id
Please kindly help if you had came across this issue and fixed it.
Thanks,
Siva
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
