Assume one fine day an admin comes to the office like he always does to do his admin tasks on Sql Server Databases and to his surprise finds a database missing. He has no clue of who dropped it or was it from an external batch or SQL injection etc ... where do one start an investigation and what are the important parameters/ findings that should happen to find the root cause of the Drop DB. Like what logs shud be checked and what information shud be investigated ?
+2
A:
There is a defaul trace managed by SQL Server in a log file under c:\Program Files... You can view this file by SQL command. For example to see the file log_19.trc you can fire command like
SELECT *
FROM fn_trace_gettable
('C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_19.trc', default)
This will probably show when and who dropped the database. More information can be found Here...
Anil
2010-09-08 09:39:11