Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

auditing sa_role

2 posts in ,  Administration Windows NT Last posting was on 2000-01-17 07:22:15.0Z
David Mullen Posted on 2000-01-13 21:10:04.0Z
From: dave.mullen@emjay.com (David Mullen)
Subject: auditing sa_role
Date: Thu, 13 Jan 2000 21:10:04 GMT
Organization: Emjay Corporation
Message-ID: <387f3e69.18402791@forums.sybase.com>
X-Newsreader: Forte Agent 1.5/32.451
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Newsgroups: sybase.public.sqlserver.nt,sybase.public.sqlserver.administration
Lines: 56
NNTP-Posting-Host: kubindi-2-98.mdm.mkt.execpc.com 169.207.117.164
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.sqlserver.nt:2681 sybase.public.sqlserver.administration:3429
Article PK: 1065589

I have been running auditing on our production server for about a
year, mostly so we could use CMDTEXT for troubleshooting. I am running
ASE 11.5.1 (SWR 8308) on NT 4.0 SP5. I have two audit tables, and a
threshold procedure which switches between them.

"trunc log on chkpt" is turned off for sybsecurity. I have a last
chance threshold procedure to dump syslogs. It is the same procedure
used in every other database. The procedure was created under my
login, which has sa_role, sso_role, and oper_role. It has worked fine
for a year.

Recently I tried to audit sa_role, sso_role, and oper_role:
exec sp_audit "all", "sa_role", "all", "on"
exec sp_audit "all", "sso_role", "all", "on"
exec sp_audit "all", "oper_role", "all", "on"

This caused my last chance threshold procedure to begin failing with
error 10334 (see log snippet below). Why would auditing sa_role (or
one of the other roles) cause my syslogs threshold procedure to fail?

01:00000:00659:1999/12/29 13:48:40.34 server background task message:
LOG DUMP: database 'sybsecurity', threshold '1536'
01:00000:00659:1999/12/29 13:48:40.34 server ***** WARNING: AN AUDIT
HAS BEEN MISSED: suid = 0, login name = dave_sa, event code = 37,
extrainfo = 10334.18.161 *****
01:00000:00659:1999/12/29 13:48:40.40 server Error: 10334, Severity:
18, State: 161
01:00000:00659:1999/12/29 13:48:40.45 server Permission related
internal error was encountered. Unable to continue execution.
01:00000:00659:1999/12/29 13:48:40.46 server background task message:
LOG DUMP ERROR: 10334
01:00000:00659:1999/12/29 13:48:40.56 server Threshold procedure
'sp_thresholdaction' returned an error indication (@status=-8) when
called for database 'sybsecurity', segment 'logsegment', free_space
1536.


--------------------------------------------------------------------------
David Mullen *** Any opinions expressed are mine, and not ***
Emjay Corporation *** necessarily those of Emjay Corporation. ***
Milwaukee, WI
dave.mullen@emjay.com ==> Kyrie eleison <==

Fight spam by joining CAUCE - Coalition Against Unsolicited Commercial Email
http://www.cauce.org/


Anthony Mandic <am Posted on 2000-01-17 07:22:15.0Z
Message-ID: <3882C327.81FA1F59@_agd.nsw.gov.au>
Date: Mon, 17 Jan 2000 18:22:15 +1100
From: Anthony Mandic <am@_agd.nsw.gov.au>
Organization: Attorney General's Department of NSW
X-Mailer: Mozilla 4.06 [en] (X11; I; SunOS 5.5.1 sun4m)
MIME-Version: 1.0
Subject: Re: auditing sa_role
References: <387f3e69.18402791@forums.sybase.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Newsgroups: sybase.public.sqlserver.nt,sybase.public.sqlserver.administration
Lines: 38
NNTP-Posting-Host: pix208a.magna.com.au 203.111.111.208
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.sqlserver.nt:2677 sybase.public.sqlserver.administration:3428
Article PK: 1065590


David Mullen wrote:

> "trunc log on chkpt" is turned off for sybsecurity. I have a last
> chance threshold procedure to dump syslogs. It is the same procedure
> used in every other database. The procedure was created under my
> login, which has sa_role, sso_role, and oper_role. It has worked fine
> for a year.

I usually have "trunc log" turned on for sybsecurity. I can't
see much use in saving it.

> Recently I tried to audit sa_role, sso_role, and oper_role:
> exec sp_audit "all", "sa_role", "all", "on"
> exec sp_audit "all", "sso_role", "all", "on"
> exec sp_audit "all", "oper_role", "all", "on"
>
> This caused my last chance threshold procedure to begin failing with
> error 10334 (see log snippet below). Why would auditing sa_role (or
> one of the other roles) cause my syslogs threshold procedure to fail?

Hard to say. It could be because the dumps work as sa so
some sort of loop may develop. But don't take my work on this.

> 01:00000:00659:1999/12/29 13:48:40.45 server Permission related
> internal error was encountered. Unable to continue execution.
...
> 01:00000:00659:1999/12/29 13:48:40.56 server Threshold procedure
> 'sp_thresholdaction' returned an error indication (@status=-8)

Here are the interesting bits. A negative return status from
an sproc is generated internally by the server. -8 means
"Non-fatal internal problem". You can find it documented under
"create procedure" in the Commands Reference Manual.

-am