Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1432 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Export list of data control event from database

AzwanArif

Hi All,

Currently we have a request to export out event list for particular user/computer which able to generate by event viewer before computer deleted from SEC.

Appreciate if anyone can guide or provide sql command/script to export out the data control event base on specific user/machine. Thanks

User Deployment:

SEC and Database server is located on different virtual server.



This thread was automatically locked due to age.
Parents
  • 0

    Hello AzwanArif,

    do I understand correctly that the computer has been deleted from SEC and therefore you don't see related Data Control events in the viewer?

    Christian

  • 0 in reply to QC

    Hi Christian,

    Yes correct. If possible  I'm plan to extract the data from SQL since the report history still available . Thanks

  • 0 in reply to AzwanArif

    Hello AzwanArif,

    if the computer is still in the database as deleted then it is probably easier to undelete it and then use the Event Viewer.

    First try to find it by its name in the database (assuming instance is SOPHOS and SEC 5.5.1). Execute the command in a cmd window on the database server or use server\instance:
    sqlcmd -E -S .\SOPHOS -d SOPHOS551 -Q "SELECT Id, Name FROM ComputersAndDeletedComputers WHERE Name='computer'"
    If this returns more than one line the computer you are looking for is probably the one with the highest Id.
    sqlcmd -E -S .\SOPHOS -d SOPHOS551 -Q "UPDATE Computersanddeletedcomputers SET Deleted=0 WHERE Id=IdFromAbove"

    Christian

Reply
  • 0 in reply to AzwanArif

    Hello AzwanArif,

    if the computer is still in the database as deleted then it is probably easier to undelete it and then use the Event Viewer.

    First try to find it by its name in the database (assuming instance is SOPHOS and SEC 5.5.1). Execute the command in a cmd window on the database server or use server\instance:
    sqlcmd -E -S .\SOPHOS -d SOPHOS551 -Q "SELECT Id, Name FROM ComputersAndDeletedComputers WHERE Name='computer'"
    If this returns more than one line the computer you are looking for is probably the one with the highest Id.
    sqlcmd -E -S .\SOPHOS -d SOPHOS551 -Q "UPDATE Computersanddeletedcomputers SET Deleted=0 WHERE Id=IdFromAbove"

    Christian

Children
No Data
Unfiltered HTML