SQL2012 安全性 审核启动失败问题咨询

Question

SQL server management studio中的资源管理器-安全性-审核-新建审核为安全日志完成后，启动该审核时，提示有一个失败，错误为：33222

详细错误提示如下：
Audit 'Audit-20200427-191406' failed to start. For more information, see the SQL Server error log. You can also query sys.dm_os_ring_buffers where ring_buffer_type = 'RING_BUFFER_XE_LOG'.

请问如何处理让安全日志审核能正常运行。

Answer 1

你好，

你可以到SQL Server Errorlog（默认在C:\Program Files\Microsoft SQL Server\MSSQL**.MSSQLSERVER\MSSQL\Log）里查看详细错误信息， 或者在SSMS运行下面的语句：

SELECT *
FROM sys.dm_os_ring_buffers
WHERE ring_buffer_type = 'RING_BUFFER_XE_LOG'

根据你的报错代码：33222,应该是权限问题，你可以尝试以下步骤：

1.记录下SQL Server configuration manager 里 SQL Server service的服务账号

2.确保你的写入审核信息的文件对该服务账号有足够的权限

希望对你有用

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

Answer 2

错误日志反馈如下：

表明是用户权限无法写入安全日志，但是我是使用最高权限的用户登录windows和SQL的，为何就没有写入权限呢？

2020-04-30 13:31:37.40 spid54      Error: 33204, Severity: 17, State: 1.
2020-04-30 13:31:37.40 spid54      SQL Server Audit could not write to the security log.
2020-04-30 13:31:37.40 spid54      Error: 33208, Severity: 17, State: 1.
2020-04-30 13:31:37.40 spid54      SQL Server Audit failed to access the security log. Make sure that the SQL service account has the required permissions to access the security log.

Answer 3

是的，虽然你用的最高权限的用户登录的SQL，不一定有权限写入文件，你要去SQL Serer Configuration Manager确认一下你的服务账号。

请问你按照我告诉你的步骤给你的服务账号赋予权限了吗？或者文件安全属性添加Everyone，

你可以查看这些帖子，都是通过添加账号权限解决了这个问题：

https://social.msdn.microsoft.com/Forums/sqlserver/en-US/303738db-adf9-497b-803f-8ad73a70d4d0/how-do-i-fix-error-33222-?forum=sqlgetstarted

https://social.msdn.microsoft.com/Forums/sqlserver/en-US/797f22d8-64e7-49eb-a53e-c0fe0bb95f4a/getting-error-33222-when-enabling-audit?forum=sqldatabaseengine

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.