I want to create a SQL query to retrieve detailed action history for a given computer name.
The reason I want to do this is to be compliant with our retention policy (we need to be able to provide action history for all time for all servers). I don’t want to keep endless action history in the console view, or DB, for performance reasons. I’m thinking my best solution will be to take a full DB backup, then do cleanup (delete old actions and run audit trail cleaner). I would query the db backup if I ever need to provide action history for an audit.
I was able to create a query (below), however this doesn’t seem to give all the action history. This is DB2 format, remove the dbo. in front of the table names and this should work for MS SQL as well.
select A.name as "Action Name", A.ID, U.USERNAME, A.CreationTime, C.VALUE as "Computer Name", R.COMPUTERID, STATE, STARTTIME, ENDTIME, TRYCOUNT, RETRYCOUNT, LINENUMBER
from dbo.ACTION_DEFS A, dbo.ACTION_FLAGS F, dbo.ACTIONRESULTS R, dbo.BES_COLUMN_HEADINGS C, dbo.USERINFO U
where (A.ID = R.ACTIONID and A.ID = F.ACTIONID AND C.NAME = 'Computer Name' and C.VALUE LIKE 'ENTER_PCNAME_HERE%' and c.COMPUTERID = R.COMPUTERID and U.MASTHEADUSERNAME = A.USERNAME)
The problem is that not all actions in the ACTION_DEFS table have a value for USERNAME, even though the user shows up in the console.
Does any one else do this? If so I would like to see your queries.