从 SQL 代理作业中运行的 SSIS 包访问 Windows 事件日志

发布于 2024-10-28 19:19:20 字数 670 浏览 5 评论 0原文

我创建了一个 SSIS 包,将部署到客户端 SQL 安装(2005、2008 或 2008 R2)以执行数据提取,从而为我们的产品提供支持工具。部署过程要求创建一个 Windows AD 帐户(普通用户,无提升的权限),因为它用作服务帐户,通过凭据和代理帐户在 SQL 代理作业中执行 SSIS 包。这一切都很完美,意味着我可以限制执行这项工作所需的权限。

但是,我想将 SSIS 包中的错误日志记录到 Windows 事件日志中。当我在 BIDS 中运行该包(当然使用我自己的凭据)并强制该包失败时,它记录得很好。当我在 SQL 代理作业运行时强制包失败(通过将 duff 连接字符串放入配置文件中)时,不会记录任何内容。该服务帐户正在使用,并且它是我的 SQL Server 主机上经过身份验证的用户,但它不会写入事件日志。如果我将服务帐户添加到本地管理员组,它会很好地写入日志,但我认为 Windows 事件日志的想法是您不需要提升权限即可写入它?

我们的支持团队热衷于使用 Windows 事件日志,但如果不向服务帐户授予高权限,我看不出有什么办法可以做到这一点,而我宁愿不这样做。我错过了什么吗? SSIS 作业步骤页面中的“日志记录”选项卡似乎没有做很多事情,但这也许就是我所缺少的?

如果这更适合 ServerFault,我深表歉意,但我无法完全确定这属于哪一边,因为这是开发过程中遇到的问题。如果是的话我就搬家了

非常感谢

史蒂夫

I have created an SSIS package that will be deployed to client SQL installations (2005, 2008 or 2008 R2) to perform data extracts which provide a support tool for our product. The deployment process requires that a Windows AD account (normal user, no elevated privileges) is created as this is used as a service account to execute the SSIS package in a SQL Agent job by way of a credential and a proxy account. This all works perfectly and means I can restrict the privileges required to perform this job.

However, I wanted to include error logging in the SSIS package to the Windows Event Log. When I run the package in BIDS (which of course uses my own credentials) and force the failure of the package, it logs just fine. When I force the package to fail (by putting a duff connection string into the config file) whilst being run by the SQL Agent job, nothing is logged. The service account is being used and it is an authenticated user on my SQL Server host machine but it will not write to the event log. If I add the service account to the local administrators group, it writes to the log just fine, but I thought the idea of the Windows event log was that you did not need elevated privileges to write to it?

Our support teams are keen to use the Windows Event Log but I can see no way of doing so without granting high privileges to a service account which I would rather not do. Am I missing something? The Logging tab in the SSIS job step page doesn't seem to do a lot but perhaps that's what I'm missing?

Apologies if this is more suited to ServerFault, but I couldn't quite decide which side of the line this fell as it is a problem encountered during development. If it is then I'll relocate it.

Many thanks

Steve

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

笑忘罢 2024-11-04 19:19:20

如果操作系统是 2003,请检查 SDDL 语法以了解谁有权写入日志:http:// support.microsoft.com/kb/323076

如果是 2008 年,您可以使用 wevtutil 而不是手动输入 SDDL:
http://support.microsoft.com/kb/2028427

可以向服务帐户授予权限使用以上内容。

If OS is 2003, check the SDDL syntax on who has access to write to the log with this: http://support.microsoft.com/kb/323076

If 2008, you can use wevtutil instead of manually typing in SDDL:
http://support.microsoft.com/kb/2028427

The service account can be given the permissions using the above.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文