I'm facing a situation today where it would be very beneficial to me and my company if we knew who had logged into SQL and performed some deletions.
We have a situation where at least 2 (sometimes 3) people login to SQL using SQL Server Management Studio, and perform various functions.
What we need is an audit trail. If someone deletes records (mistakenly or otherwise), I'd like to know what was done.
Is there any way to make this happen?
Best Answer
There's a few difference tools you can use. If you have SQL Server 2008 or higher, there is built in auditing which can capture this information.
Failing that you can capture the information using either SQL Profiler, or a server side trace.
If your database is in full recovery you can dig through the transaction log using Log Explorer, or LiteSpeed for SQL Server. There are some undocumented commands which can be used if you want to write your own stuff.