One of my customers recently wanted to rename each of the SQL audit files will the datetime stamp of when it was created. I explained to them the filename already contains a datetime stamp. While it does not look like a typical timestamp, it is based on the Windows Filetime data structure that is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC). Nonetheless, they still wanted a traditional datetime stamp in the file name. According to the documentation, the audit file naming convention is this: and if we use this file as an example:...
Continue reading...Patrick Keisler
Convert SQL Audit Files to a CSV Using Read-SqlXEvent
SQL Server Audit is an efficient way to track and log events that occur within the database engine. For on-premises or IaaS environments, those audits can only be stored in a binary file, the Windows Application log, or the Windows Security log. Most customers I have worked with over the years store the audits in a binary file because of the limitations of the Windows Event logs. Reading the contents of an audit event file can be accomplished using either Management Studio or the T-SQL function, sys.fn_get_audit_file. However, sometimes a customer may want to use a third-party tool to read...
Continue reading...How to Test Trace Flag 3625
UPDATED Jan 4, 2024 – Several people had mentioned they could not get the example code to work. This was because I chose to overflow a text column which only outputs the detailed error messages for SQL Server 2017 and above. I have since updated the code to use a numeric value which has been verified to work on SQL Server 2012 through 2022. Recently, one of my customers considered enabling Trace Flag 3625 on one of their SQL Servers, but they wanted a way to quickly test its functionality beforehand. For those of you that are unfamiliar with that...
Continue reading...Get Certificate Details for SQL Encryption In-Transit Using PowerShell – UPDATED
In a previous blog post, I showed you how to use PowerShell to retrieve the details of the certificate being used for encryption-in-transit, aka TLS encryption. I have received a lot of feedback about that script and one of the most common requests was how to run it remotely. I have finally modified the script to do just that. The previous version required you to run it locally on a server. It would return the certificate information for each SQL instance that it detected. The new version can be run remotely, but it will expect you to pass in a...
Continue reading...Create Service Principal Names Along with a Managed Service Account
In a few previous articles, I have talked a lot about Managed Service Accounts (MSA) and Service Principal Names (SPN) and given examples of managing the separately. As a DBA prepping for a new SQL Server installation, you most likely already know the MSA account name(s) and what is needed to create the associated SPN, so why not create them at the same time? This example uses the PowerShell cmdlet New-ADServiceAccount to create both in the same command. The ServicePrincipalNames parameter can accept an array of strings, so just specify each SPN separated by a comma. We can even run...
Continue reading...