-
Notifications
You must be signed in to change notification settings - Fork 225
/
New-SqlDscAudit.ps1
319 lines (255 loc) · 11.8 KB
/
New-SqlDscAudit.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
<#
.SYNOPSIS
Creates a server audit.
.DESCRIPTION
This command creates a server audit on a SQL Server Database Engine instance.
.PARAMETER ServerObject
Specifies current server connection object.
.PARAMETER Name
Specifies the name of the server audit to be added.
.PARAMETER AuditFilter
Specifies the filter that should be used on the audit. See [predicate expression](https://docs.microsoft.com/en-us/sql/t-sql/statements/create-server-audit-transact-sql)
how to write the syntax for the filter.
.PARAMETER OnFailure
Specifies what should happen when writing events to the store fails.
This can be 'Continue', 'FailOperation', or 'Shutdown'.
.PARAMETER QueueDelay
Specifies the maximum delay before a event is written to the store.
When set to low this could impact server performance.
When set to high events could be missing when a server crashes.
.PARAMETER AuditGuid
Specifies the GUID found in the mirrored database. To support scenarios such
as database mirroring an audit needs a specific GUID.
.PARAMETER Force
Specifies that the audit should be created with out any confirmation.
.PARAMETER Refresh
Specifies that the **ServerObject**'s audits should be refreshed before
creating the audit object. This is helpful when audits could have been
modified outside of the **ServerObject**, for example through T-SQL. But
on instances with a large amount of audits it might be better to make
sure the ServerObject is recent enough.
.PARAMETER LogType
Specifies the log location where the audit should write to.
This can be SecurityLog or ApplicationLog.
.PARAMETER Path
Specifies the location where te log files wil be placed.
.PARAMETER ReserveDiskSpace
Specifies if the needed file space should be reserved. To use this parameter
the parameter **MaximumFiles** must also be used.
.PARAMETER MaximumFiles
Specifies the number of files on disk.
.PARAMETER MaximumFileSize
Specifies the maximum file size in units by parameter MaximumFileSizeUnit.
.PARAMETER MaximumFileSizeUnit
Specifies the unit that is used for the file size. This can be set to `Megabyte`,
`Gigabyte`, or `Terabyte`.
.PARAMETER MaximumRolloverFiles
Specifies the amount of files on disk before SQL Server starts reusing
the files. If not specified then it is set to unlimited.
.PARAMETER PassThru
If specified the created audit object will be returned.
.OUTPUTS
`[Microsoft.SqlServer.Management.Smo.Audit]` is passing parameter **PassThru**,
otherwise none.
.EXAMPLE
$serverObject = Connect-SqlDscDatabaseEngine -InstanceName 'MyInstance'
$sqlServerObject | New-SqlDscAudit -Name 'MyFileAudit' -Path 'E:\auditFolder'
Create a new file audit named **MyFileAudit**.
.EXAMPLE
$serverObject = Connect-SqlDscDatabaseEngine -InstanceName 'MyInstance'
$sqlServerObject | New-SqlDscAudit -Name 'MyAppLogAudit' -LogType 'ApplicationLog'
Create a new application log audit named **MyAppLogAudit**.
.EXAMPLE
$serverObject = Connect-SqlDscDatabaseEngine -InstanceName 'MyInstance'
$sqlServerObject | New-SqlDscAudit -Name 'MyFileAudit' -Path 'E:\auditFolder' -PassThru
Create a new file audit named **MyFileAudit** and returns the Audit object.
.NOTES
This command has the confirm impact level set to medium since an audit is
created but by default is is not enabled.
See the SQL Server documentation for more information for the possible
parameter values to pass to this command: https://docs.microsoft.com/en-us/sql/t-sql/statements/create-server-audit-transact-sql
#>
function New-SqlDscAudit
{
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('UseSyntacticallyCorrectExamples', '', Justification = 'Because the rule does not yet support parsing the code when a parameter type is not available. The ScriptAnalyzer rule UseSyntacticallyCorrectExamples will always error in the editor due to https://github.com/indented-automation/Indented.ScriptAnalyzerRules/issues/8.')]
[OutputType([Microsoft.SqlServer.Management.Smo.Audit])]
[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
param
(
[Parameter(ParameterSetName = 'Log', Mandatory = $true, ValueFromPipeline = $true)]
[Parameter(ParameterSetName = 'File', Mandatory = $true, ValueFromPipeline = $true)]
[Parameter(ParameterSetName = 'FileWithSize', Mandatory = $true, ValueFromPipeline = $true)]
[Parameter(ParameterSetName = 'FileWithMaxFiles', Mandatory = $true, ValueFromPipeline = $true)]
[Parameter(ParameterSetName = 'FileWithMaxRolloverFiles', Mandatory = $true, ValueFromPipeline = $true)]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxFiles', Mandatory = $true, ValueFromPipeline = $true)]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxRolloverFiles', Mandatory = $true, ValueFromPipeline = $true)]
[Microsoft.SqlServer.Management.Smo.Server]
$ServerObject,
[Parameter(Mandatory = $true)]
[System.String]
$Name,
[Parameter()]
[System.String]
$AuditFilter,
[Parameter()]
[ValidateSet('Continue', 'FailOperation', 'Shutdown')]
[System.String]
$OnFailure,
[Parameter()]
[ValidateRange(1000, 2147483647)]
[System.UInt32]
$QueueDelay,
[Parameter()]
[ValidatePattern('^[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$')]
[System.String]
$AuditGuid,
[Parameter()]
[System.Management.Automation.SwitchParameter]
$Force,
[Parameter()]
[System.Management.Automation.SwitchParameter]
$Refresh,
[Parameter()]
[System.Management.Automation.SwitchParameter]
$PassThru,
[Parameter(ParameterSetName = 'Log', Mandatory = $true)]
[ValidateSet('SecurityLog', 'ApplicationLog')]
[System.String]
$LogType,
[Parameter(ParameterSetName = 'File', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithSize', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithMaxFiles', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithMaxRolloverFiles', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxFiles', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxRolloverFiles', Mandatory = $true)]
[ValidateScript({
if (-not (Test-Path -Path $_))
{
throw ($script:localizedData.Audit_PathParameterValueInvalid -f $_)
}
return $true
})]
[System.String]
$Path,
[Parameter(ParameterSetName = 'FileWithSize', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxFiles', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxRolloverFiles', Mandatory = $true)]
[ValidateRange(2, 2147483647)]
[System.UInt32]
$MaximumFileSize,
[Parameter(ParameterSetName = 'FileWithSize', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxFiles', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxRolloverFiles', Mandatory = $true)]
[ValidateSet('Megabyte', 'Gigabyte', 'Terabyte')]
[System.String]
$MaximumFileSizeUnit,
[Parameter(ParameterSetName = 'FileWithSizeAndMaxFiles', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithMaxFiles', Mandatory = $true)]
[System.UInt32]
$MaximumFiles,
[Parameter(ParameterSetName = 'FileWithMaxFiles')]
[Parameter(ParameterSetName = 'FileWithSizeAndMaxFiles')]
[System.Management.Automation.SwitchParameter]
$ReserveDiskSpace,
[Parameter(ParameterSetName = 'FileWithSizeAndMaxRolloverFiles', Mandatory = $true)]
[Parameter(ParameterSetName = 'FileWithMaxRolloverFiles', Mandatory = $true)]
[ValidateRange(0, 2147483647)]
[System.UInt32]
$MaximumRolloverFiles
)
process
{
if ($Force.IsPresent)
{
$ConfirmPreference = 'None'
}
$getSqlDscAuditParameters = @{
ServerObject = $ServerObject
Name = $Name
Refresh = $Refresh
ErrorAction = 'SilentlyContinue'
}
$auditObject = Get-SqlDscAudit @getSqlDscAuditParameters |
Select-Object -First 1
if ($auditObject)
{
$auditAlreadyPresentMessage = $script:localizedData.Audit_AlreadyPresent -f $Name
$PSCmdlet.ThrowTerminatingError(
[System.Management.Automation.ErrorRecord]::new(
$auditAlreadyPresentMessage,
'NSDA0001', # cspell: disable-line
[System.Management.Automation.ErrorCategory]::InvalidOperation,
$DatabaseName
)
)
}
$auditObject = New-Object -TypeName 'Microsoft.SqlServer.Management.Smo.Audit' -ArgumentList @($ServerObject, $Name)
$queryType = switch ($PSCmdlet.ParameterSetName)
{
'Log'
{
$LogType
}
default
{
'File'
}
}
$auditObject.DestinationType = $queryType
if ($PSCmdlet.ParameterSetName -match 'File')
{
$auditObject.FilePath = $Path
if ($PSCmdlet.ParameterSetName -match 'FileWithSize')
{
$convertedMaximumFileSizeUnit = (
@{
Megabyte = 'MB'
Gigabyte = 'GB'
Terabyte = 'TB'
}
).$MaximumFileSizeUnit
$auditObject.MaximumFileSize = $MaximumFileSize
$auditObject.MaximumFileSizeUnit = $convertedMaximumFileSizeUnit
}
if ($PSCmdlet.ParameterSetName -in @('FileWithMaxFiles', 'FileWithSizeAndMaxFiles'))
{
$auditObject.MaximumFiles = $MaximumFiles
if ($PSBoundParameters.ContainsKey('ReserveDiskSpace'))
{
$auditObject.ReserveDiskSpace = $ReserveDiskSpace.IsPresent
}
}
if ($PSCmdlet.ParameterSetName -in @('FileWithMaxRolloverFiles', 'FileWithSizeAndMaxRolloverFiles'))
{
$auditObject.MaximumRolloverFiles = $MaximumRolloverFiles
}
}
if ($PSBoundParameters.ContainsKey('OnFailure'))
{
$auditObject.OnFailure = $OnFailure
}
if ($PSBoundParameters.ContainsKey('QueueDelay'))
{
$auditObject.QueueDelay = $QueueDelay
}
if ($PSBoundParameters.ContainsKey('AuditGuid'))
{
$auditObject.Guid = $AuditGuid
}
if ($PSBoundParameters.ContainsKey('AuditFilter'))
{
$auditObject.Filter = $AuditFilter
}
$verboseDescriptionMessage = $script:localizedData.Audit_Add_ShouldProcessVerboseDescription -f $Name, $ServerObject.InstanceName
$verboseWarningMessage = $script:localizedData.Audit_Add_ShouldProcessVerboseWarning -f $Name
$captionMessage = $script:localizedData.Audit_Add_ShouldProcessCaption
if ($PSCmdlet.ShouldProcess($verboseDescriptionMessage, $verboseWarningMessage, $captionMessage))
{
$auditObject.Create()
if ($PassThru.IsPresent)
{
return $auditObject
}
}
}
}