管理 Sql Server 2005 上的跟踪文件

Question

我需要管理 Sql Server 2005 Express Edition 上数据库的跟踪文件。数据库的 C2 审核日志记录已打开，它创建的文件正在占用大量空间。

这可以从 Sql Server 内部完成吗？或者我是否需要编写一个服务来监视这些文件并采取适当的操作？

我找到了带有跟踪文件属性的 [master].[sys].[trace] 表。有谁知道这个表中字段的含义吗？

Answer 1

这是我想出的在控制台应用程序中运行得很好的方法：

    static void Main(string[] args)
    {
        try
        {
            Console.WriteLine("CcmLogManager v1.0");
            Console.WriteLine();

            // How long should we keep the files around (in months) 12 is the PCI requirement?
            var months = Convert.ToInt32(ConfigurationManager.AppSettings.Get("RemoveMonths") ?? "12");

            var currentFilePath = GetCurrentAuditFilePath();

            Console.WriteLine("Path: {0}", new FileInfo(currentFilePath).DirectoryName);
            Console.WriteLine();

            Console.WriteLine("------- Removing Files --------------------");

            var fileInfo = new FileInfo(currentFilePath);
            if (fileInfo.DirectoryName != null)
            {
                var purgeBefore = DateTime.Now.AddMonths(-months);
                var files = Directory.GetFiles(fileInfo.DirectoryName, "audittrace*.trc.zip");

                foreach (var file in files)
                {
                    try
                    {
                        var fi = new FileInfo(file);

                        if (PurgeLogFile(fi, purgeBefore))
                        {
                            Console.WriteLine("Deleting: {0}", fi.Name);

                            try
                            {
                                fi.Delete();
                            }
                            catch (Exception ex)
                            {
                                Console.WriteLine(ex);
                            }
                        }
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine(ex);
                    }
                }
            }

            Console.WriteLine("------- Files Removed ---------------------");
            Console.WriteLine();


            Console.WriteLine("------- Compressing Files -----------------");

            if (fileInfo.DirectoryName != null)
            {
                var files = Directory.GetFiles(fileInfo.DirectoryName, "audittrace*.trc");

                foreach (var file in files)
                {
                    // Don't attempt to compress the current log file.
                    if (file.ToLower() == fileInfo.FullName.ToLower())
                        continue;

                    var zipFileName = file + ".zip";

                    var fi = new FileInfo(file);
                    var zipEntryName = fi.Name;

                    Console.WriteLine("Zipping: \"{0}\"", fi.Name);

                    try
                    {
                        using (var fileStream = File.Create(zipFileName))
                        {
                            var zipFile = new ZipOutputStream(fileStream);
                            zipFile.SetLevel(9);

                            var zipEntry = new ZipEntry(zipEntryName);
                            zipFile.PutNextEntry(zipEntry);

                            using (var ostream = File.OpenRead(file))
                            {
                                int bytesRead;
                                var obuffer = new byte[2048];
                                while ((bytesRead = ostream.Read(obuffer, 0, 2048)) > 0)
                                    zipFile.Write(obuffer, 0, bytesRead);
                            }

                            zipFile.Finish();
                            zipFile.Close();
                        }

                        fi.Delete();
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine(ex);
                    }
                }
            }

            Console.WriteLine("------- Files Compressed ------------------");
            Console.WriteLine();
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex);
        }

        Console.WriteLine("Press any key...");
        Console.ReadKey();
    }

    public static bool PurgeLogFile(FileInfo fi, DateTime purgeBefore)
    {
        try
        {
            var filename = fi.Name;
            if (filename.StartsWith("audittrace"))
            {
                filename = filename.Substring(10, 8);

                var year = Convert.ToInt32(filename.Substring(0, 4));
                var month = Convert.ToInt32(filename.Substring(4, 2));
                var day = Convert.ToInt32(filename.Substring(6, 2));

                var logDate = new DateTime(year, month, day);

                return logDate.Date <= purgeBefore.Date;
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex);
        }

        return false;
    }

    public static string GetCurrentAuditFilePath()
    {
        const string connStr = "Data Source=.\\SERVER;Persist Security Info=True;User ID=;Password=";

        var dt = new DataTable();

        var adapter =
            new SqlDataAdapter(
                "SELECT path FROM [master].[sys].[traces] WHERE path like '%audittrace%'", connStr);
        try
        {
            adapter.Fill(dt);

            if (dt.Rows.Count >= 1)
            {
                if (dt.Rows.Count > 1)
                    Console.WriteLine("More than one audit trace file defined!  Count: {0}", dt.Rows.Count);

                var path = dt.Rows[0]["path"].ToString();
                return path.StartsWith("\\\\?\\") ? path.Substring(4) : path;
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex);
        }

        throw new Exception("No Audit Trace File in sys.traces!");
    }

Answer 2

您还可以设置 SQL 跟踪以记录到 SQL 表。然后，您可以设置 SQL 代理任务来自动截断记录。

Answer 3

sys.traces 记录了服务器上启动的每个跟踪。由于 SQL Express 没有代理并且无法设置作业，因此您需要外部进程或服务来监视这些作业。您必须自行实施所有内容（监控、归档、跟踪保留策略等）。如果您实施了 C2 审计，我假设您已制定政策来确定必须保留审计的持续时间。