thierry/sql-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
859a324c7efd14a0ffc6b4e51369343d9f42b3a5
sql-scripts/TPDT-268 - ACP in task sequence/dba_storedProcedures/sp_audit_login_control.sql
Thierry Schork 859a324c7e sync
2024-03-07 16:52:14 +01:00

372 lines
14 KiB
Transact-SQL
Raw Blame History

USE [HCITools]
GO
IF EXISTS (SELECT * FROM sys.objects o JOIN sys.schemas s ON o.schema_id = s.schema_id WHERE o.name = 'sp_audit_login_control' AND OBJECTPROPERTY(object_id,N'IsProcedure') = 1 AND s.name = 'dba')
DROP PROCEDURE [dba].[sp_audit_login_control]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [dba].[sp_audit_login_control]
AS
/*=============================================================================
Explication du traitement realise par la SP
-------------------------------------------
Cette SP est exécutée toute les 5 minutes et check l'état de l'audit des connexions utilisateurs.
Selon le type de problème et le nombre, un mail est envoyé. Si cela est un cas urgent, une alerte SMS est envoyée.
1 : COUNT TOTAL ALERTS LAST 5 / 60 MIN
2 : RETRIEVE FORMAT AND OU CODE
3 : SEND MAIL & SMS ALERTS
Parametres
----------
Creation : 27.02.2019 / SPE
Modifications :
03.02.2020 / LPE : modify sqlMonDBACalendar password
27.10.2020 / RTC : Migrate DBACC to HCIMON
09.02.2021 / SPE : #TFS62610# - Update all mail configurations to avoid SPAM
16.08.2021 / SPE : Replace hardcoded password in sp and scripts
17.03.2022 / FLA : Change DBA mail
17.08.2023 / SPE : OCTPDBA-726: Replace mail profile name APSSQL_MAIL_PROFILE into AzureManagedInstance_dbmail_profile to be SQL managed instances compatible
=============================================================================*/
SET NOCOUNT ON;
/*------------------- Declaration des variables --------------------*/
DECLARE @errno int,
@cvCurrentOrganizationalUnit int,
@subsidiary_id int,
@totalCount int,
@totalCountPiket int,
@total int,
@querywidth int,
@html nvarchar(max),
@queryDetails nvarchar(max),
@errmsg varchar(255),
@category varchar(255),
@event varchar(255),
@email varchar(255),
@piket varchar(255),
@attachFileName varchar(255),
@subject varchar(255),
@Audit_login_ID varchar(60),
@out_default_value varchar(60),
@format varchar(60),
@mailImportance varchar(6),
@ou varchar(3),
@queryseparator varchar(3),
@attachFile bit,
@queryheader bit,
@querynopadding bit
/*------------ Affectation des parametres aux variables ------------*/
SET @cvCurrentOrganizationalUnit = null
SET @subsidiary_id = null
SET @attachFileName = null
SET @queryheader = 1
SET @querywidth = 600
SET @queryseparator = ','
SET @querynopadding = 1
SET @attachFile = 1
SET @mailImportance = 'Normal'
SET @html = ''
SET @ou = ''
SET @Audit_login_ID = '[sep=,' + CHAR(13) + CHAR(10) + 'ID]'
SET @queryDetails = 'SET NOCOUNT ON; SELECT Audit_login_ID AS '+@Audit_login_ID+', AL_application_name as [Application], AL_client_process_id as [Client PID], AL_host_name as [Hostname], AL_login_name as [SQL login], AL_NT_domain_name as [NT Domain], AL_NT_user_name as [NT Login], AL_session_login_name as [Session Login], AL_spid as [SPID], AL_event_time as [Event time], AL_text_data as [Message], ALT_text as [Category], ALT_level as [Critical]
FROM hcitools.dba.Audit_login AL
JOIN hcitools.dba.Audit_login_text ALT ON ALT.Audit_login_text_ID = AL.AL_audit_login_text_id
WHERE AL.AL_event_time > dateadd(minute, -5, GetDate())'
/*-------------------------- Traitement ---------------------------*/
BEGIN TRY
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 1 : COUNT TOTAL ALERTS LAST 5 / 10 MIN //////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* COUNT TOTAL ERRORS < 5 MIN */
SELECT @totalCount = count(*)
FROM hcitools.dba.audit_login AL
JOIN hcitools.dba.audit_login_text ALT ON ALT.audit_login_text_ID = AL.AL_audit_login_text_id
WHERE AL.AL_event_time > dateadd(minute, -5, GetDate())
/* COUNT TOTAL ERRORS < 60 MIN ONLY CRITICAL ONE */
SELECT @totalCountPiket = count(*)
FROM hcitools.dba.audit_login AL
JOIN hcitools.dba.audit_login_text ALT ON ALT.audit_login_text_ID = AL.AL_audit_login_text_id
WHERE AL.AL_event_time > dateadd(hour, -1, GetDate()) AND ALT.ALT_level = 1
/* More than 5 in normal mode or 30 for piket alert */
IF ((@totalCount >= 5) or (@totalCountPiket >= 30))
BEGIN
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 2 : RETRIEVE FORMAT AND OU CODE /////////////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */
IF EXISTS(SELECT 1 FROM [master].[cfg].[InstanceContext] WHERE Business = 'TPPHAR')
BEGIN
/* Get the cvCurrentOrganizationalUnit */
EXEC arizona.dbo.sp_bmc_Bmc_Applic_Default
@in_job_type = 3,
@in_param_int_1 = null,
@in_param_int_2 = null,
@in_param_varchar_1 = 'cvCurrentOrganizationalUnit',
@out_default_value = @out_default_value OUTPUT,
@out_param_int_1 = null;
SELECT @cvCurrentOrganizationalUnit = convert(int,@out_default_value);
/* Check if we have a value, if not leave this SP */
IF @cvCurrentOrganizationalUnit is null
BEGIN
SELECT @errno = 70001,
@errmsg = '(APS) Error cvCurrentOrganizationalUnit does not exist!';
goto error_99;
END
/* Get the subsidiary id and OU code */
SELECT @subsidiary_id = ou.OU_subsidiary, @ou = ou.OU_Code
FROM arizona.dbo.Organizational_unit ou with (nolock)
WHERE ou.Organizational_unit_ID = @cvCurrentOrganizationalUnit;
/* Check if we have a value, if not leave this SP */
IF @subsidiary_id is null
BEGIN
SELECT @errno = 70001,
@errmsg = '(APS) Error subsidiary_id does not exist!';
goto error_99;
END
/* Get the current format */
SELECT @format = sub.SUB_code
FROM arizona.dbo.Subsidiary sub with (nolock)
WHERE sub.Subsidiary_ID = @subsidiary_id;
/* Check if we have a value, if not leave this SP */
IF @format is null
BEGIN
SELECT @errno = 70001,
@errmsg = '(APS) Error format does not exist!';
goto error_99;
END
/* Change the value into a compatible format */
IF @format = 'COOP'
BEGIN
SET @format = 'CVI'
END
IF @format = 'CENT'
BEGIN
SET @format = 'SUN'
END
IF @format = '000'
BEGIN
SET @format = 'AAI'
END
END
ELSE
BEGIN
SELECT @format = DnsAlias FROM [master].[cfg].[Identity]
END
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 3 : SEND MAIL & SMS ALERTS //////////////////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* Get default mailbox profile name */
DECLARE @defaultprofilname varchar(100)
SELECT DISTINCT @defaultprofilname = p.name FROM msdb.dbo.sysmail_profile p JOIN msdb.dbo.sysmail_principalprofile pp ON pp.profile_id = p.profile_id AND pp.is_default = 1
/* SET Mail & Picket list */
SELECT @email = DML_Recipients
FROM HCITools.dbo.DBA_Mailing_list
WHERE DML_Code = 'DBA_operator'
IF @totalCount >= 5
BEGIN
/* Set export file name */
SET @attachFileName = @format+@ou+'_AuditLogin.csv'
SET @html = '<body>Pharmacy: '+@format+@ou+'<br />List of all login events for the last 5 minutes: '+convert(varchar,@totalCount)+'<br /><br /><table>'
DECLARE c_events CURSOR LOCAL FORWARD_ONLY STATIC FOR
SELECT count(*) as 'Total', ALT.ALT_text as 'Event type'
FROM hcitools.dba.audit_login AL
JOIN hcitools.dba.audit_login_text ALT ON ALT.audit_login_text_ID = AL.AL_audit_login_text_id
WHERE AL.AL_event_time > dateadd(minute, -5, GetDate())
GROUP BY ALT.ALT_text
ORDER BY count(*) DESC
;
OPEN c_events
;
FETCH NEXT FROM c_events
INTO @total,@event
;
WHILE @@fetch_status = 0
BEGIN
SET @html = @html + '
<tr><td>'+convert(varchar,@total)+' '+@event+'</td></tr>'
FETCH NEXT FROM c_events
INTO @total,@event
;
END
;
CLOSE c_events
;
DEALLOCATE c_events
SET @html = @html + '</table></body>'
SET @subject = @format+@ou+': Audit Login Alert - [' + @@SERVERNAME + ']'
/* SEND MAIL */
EXEC msdb.dbo.sp_send_dbmail
@profile_name = @defaultprofilname,
@recipients = @email,
@body = @html,
@importance = @mailImportance,
@subject = @subject,
@body_format = 'HTML',
@query = @queryDetails,
@query_attachment_filename = @attachFileName,
@attach_query_result_as_file = @attachFile,
@query_result_header = @queryheader,
@query_result_width = @querywidth,
@query_result_separator = @queryseparator,
@query_result_no_padding = @querynopadding;
END
/* More than 30 events -> Send SMS */
IF @totalCountPiket >= 30
BEGIN
/* Check if already send this alert */
IF NOT EXISTS(SELECT 1 FROM hcitools.dba.audit_login_history WHERE ALH_create_date > dateadd(hour, -1, GetDate()))
BEGIN
SET @piket = @email
SELECT @piket = @piket /* +';' +ORS.DML_Recipients
FROM OPENROWSET('SQLNCLI', 'DRIVER={SQL Server};SERVER=SWTPMON01.centralinfra.net;UID=sqlMonDBACalendar;PWD=',
'SELECT DML.DML_Recipients
FROM HCITools.[mon].[SMSCalendar] SC
INNER JOIN HCITools.[mon].[SMSCalendarDBAMailingListLink] SCDMLL
ON SC.SMSCalendarID = SCDMLL.SCDMLLCalendarID
INNER JOIN HCITools.dbo.DBA_Mailing_list DML
ON DML.DBA_Mailing_list_ID = SCDMLL.SCDMLLDBAMailingListID
WHERE GETDATE() BETWEEN SC.SCStartDate AND SC.SCEndDate') as ORS */
SET @email = @piket
SET @queryDetails = null
SET @attachFile = 0
SET @attachFileName = null
SET @queryheader = 0
SET @querywidth = null
SET @queryseparator = 0
SET @querynopadding = null
SET @mailImportance = 'High'
SET @html = '<body>Pharmacy: '+@format+@ou+' - Total events (last hour): '+convert(varchar,@totalCountPiket)+'<br /><table>'
DECLARE c_events CURSOR LOCAL FORWARD_ONLY STATIC FOR
SELECT count(*) as 'Total', ALT.ALT_short_text as 'Event type'
FROM hcitools.dba.audit_login AL
JOIN hcitools.dba.audit_login_text ALT ON ALT.audit_login_text_ID = AL.AL_audit_login_text_id
WHERE AL.AL_event_time > dateadd(minute, -60, GetDate())
GROUP BY ALT.ALT_short_text
ORDER BY count(*) DESC
;
OPEN c_events
;
FETCH NEXT FROM c_events
INTO @total,@event
;
WHILE @@fetch_status = 0
BEGIN
SET @html = @html + '
<tr><td>'+convert(varchar,@total)+' '+@event+'</td></tr>'
FETCH NEXT FROM c_events
INTO @total,@event
;
END
;
CLOSE c_events
;
DEALLOCATE c_events
SET @html = @html + '</table></body>'
SET @subject = '[' + @@SERVERNAME + '] - ' + @format+@ou+': CRITICAL Audit Login Alert'
/* SEND MAIL PIKET */
EXEC msdb.dbo.sp_send_dbmail
@profile_name = @defaultprofilname,
@recipients = @email,
@body = @html,
@importance = @mailImportance,
@subject = @subject,
@body_format = 'HTML',
@query = @queryDetails,
@query_attachment_filename = @attachFileName,
@attach_query_result_as_file = @attachFile,
@query_result_header = @queryheader,
@query_result_width = @querywidth,
@query_result_separator = @queryseparator,
@query_result_no_padding = @querynopadding;
/* INSERT History into Security_audit_history table */
INSERT INTO hcitools.dba.audit_login_history(ALH_create_date,ALH_total_count)
SELECT SYSDATETIME(),@totalCountPiket
END
END
END
END TRY
BEGIN CATCH
SELECT @errno = 70003,
@errmsg = 'error on sp_audit_login_control!'
goto error_99
END CATCH;
/*------------------ Retour au programme appelant -----------------*/
RETURN(@@error);
/*---------------------- Traitement des erreurs ----------------------*/
error_99:
RAISERROR (@errmsg, 16, 1);
RETURN(@errno);
GO
Reference in New Issue View Git Blame Copy Permalink