1. 首页
  2. 问答
  3. 尝试审核半出炉系统的删除

尝试审核半出炉系统的删除

2010-01-07 126 views
0

我的ERP系统有一个半成品删除追踪系统,它将以下信息插入名为M2MDeleteLog的表中。为了简单起见,我省去了不必要的列,如RecordId。尝试审核半出炉系统的删除

LogDate   Workstation  LogInfo 
    1/7/2010 11:01:51 TECH-M2MTEST Deleting 1 Rows From SOMast 
    1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOMAST from form frmSo Parameters: NONE 
    1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE 
    1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE 
    1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE 
    1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE 
    1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE 
    1/7/2010 11:01:51 TECH-M2MTEST Deleting 1 Rows From SOItem 
    1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE 
    1/7/2010 11:01:51 TECH-M2MTEST Deleting 1 Rows From SOItem 
    1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOMAST from form frmSo Parameters: NONE 
    1/7/2010 11:01:00 TECH-M2MTEST Deleting 1 Rows From SOMast 
    1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE 
    1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE 
    1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE 
    1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE 
    1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE 
    1/7/2010 11:01:00 TECH-M2MTEST Deleting 1 Rows From SOItem 
    1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE 
    1/7/2010 11:01:00 TECH-M2MTEST Deleting 1 Rows From SOItem 
    1/7/2010 11:00:29 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOMAST from form frmSo Parameters: NONE 
    1/7/2010 11:00:29 TECH-M2MTEST Deleting 1 Rows From SOMast 
    1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE 
    1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE 
    1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE 
    1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE 
    1/7/2010 11:00:28 TECH-M2MTEST Deleting 1 Rows From SOItem 
    1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE 
    1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE 
    1/7/2010 11:00:28 TECH-M2MTEST Deleting 1 Rows From SOItem

不幸的是,大多数相关信息都在1个文本字段中。第一步是从LogInfo字段中提取用户(D.STEIN),屏幕(SOMAST)和屏幕(frmso)。这部分相对容易。

我想要做的是创建一个计划作业,运行,每15分钟左右的时间,寻找可疑活动。我将可疑活动定义为每个用户在15分钟内删除3次。

但是等等!还有更多!

在我所提供的数据,仅存在3个缺失事件,每个间隔开的比一分钟以下。我会定义一个新的删除事件,至少在最后一个20秒后。

我如何评价LOGDATE,要追溯到15分钟后,每个用户计算删除的事件,所以我可以通知管理员当超过3记录某个用户?

来源

2010-01-07 DavidStein

回答

1

编辑:啊,拍,我只注意到了SQL2K标签。示例1仍然可以工作,但示例2不会。嗯,我们怎么补救这个.....?

编辑:固定!

编辑:更好!

Asuming你解析文本字段,该查询会给你这是在15分钟的窗口前至少2个缺失同一用户的任何缺失:

SELECT UserName, LogDate 
FROM #parsed_data a 
WHERE EXISTS (
    SELECT * FROM #parsed_data b 
    WHERE a.UserName = b.UserName 
    AND b.LogDate < a.LogDate 
    AND DATEDIFF(MINUTE,b.LogDate,a.LogDate) <= 15 
    HAVING COUNT(*) >= 2 
)

(你应该有一个指标(UserName LogDate),顺便说一句)

只要计数删除间隔20秒或更多,这并不那么简单。也许这样的事情?

SQL2K,通过Quassnoi基于this

SELECT a.UserName, a.LogDate, b.LogDate, c.LogDate --, etc 
FROM #parsed_data a 
JOIN #parsed_data b 
    ON b.RecordId = (
    SELECT TOP 1 b0.RecordId FROM #parsed_data b0 
    WHERE b0.UserName = a.UserName AND b0.LogDate < a.LogDate1 
     AND DATEDIFF(MINUTE,b0.LogDate,a.LogDate) <= 15 
     AND DATEDIFF(SECOND,b0.LogDate,a.LogDate) >= 20 
    ORDER BY b0.LogDate DESC 
    ) 
JOIN #parsed_data c 
    ON c.RecordId = (
    SELECT TOP 1 c0.RecordId FROM #parsed_data c0 
    WHERE c0.UserName = b.UserName AND c0.LogDate < b.LogDate 
     AND DATEDIFF(MINUTE,c0.LogDate,a.LogDate) <= 15 
     AND DATEDIFF(SECOND,c0.LogDate,b.LogDate) >= 20 
    ORDER BY c0.LogDate DESC 
    )

SQL2005/2008,CROSS APPLY:

SELECT a.UserName 
, a.LogDate AS LogDate0 -- current 
, b.LogDate AS LogDate1 -- prior 
, c.LogDate as LogDate2 -- prior prior 
FROM #parsed_data a 
CROSS APPLY (
    SELECT TOP 1 b.LogDate FROM #parsed_data b 
    WHERE b.UserName = a.UserName 
    AND b.LogDate < a.LogDate 
    AND DATEDIFF(MINUTE,b.LogDate,a.LogDate) <= 15 
    AND DATEDIFF(SECOND,b.LogDate,a.LogDate) >= 20 
    ORDER BY b.LogDate DESC 
) b 
CROSS APPLY (
    SELECT TOP 1 c.LogDate FROM #parsed_data c 
    WHERE c.UserName = a.UserName 
    AND c.LogDate < b.LogDate 
    AND DATEDIFF(MINUTE,c.LogDate,a.LogDate) <= 15 
    AND DATEDIFF(SECOND,c.LogDate,b.LogDate) >= 20 
    ORDER BY c.LogDate DESC 
) c

在CROSS应用,我用TOP 1 LogDate...ORDER BY LogDate DESC而不是MAX(LogDate)这样你就可以添加其他字段到结果集,如RecordId,Workstation等。

来源

2010-01-07 22:27:28

相关问题

 相关问题