我的ERP系统有一个半成品删除追踪系统,它将以下信息插入名为M2MDeleteLog的表中。为了简单起见,我省去了不必要的列,如RecordId。尝试审核半出炉系统的删除
LogDate Workstation LogInfo
1/7/2010 11:01:51 TECH-M2MTEST Deleting 1 Rows From SOMast
1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOMAST from form frmSo Parameters: NONE
1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE
1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE
1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE
1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE
1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE
1/7/2010 11:01:51 TECH-M2MTEST Deleting 1 Rows From SOItem
1/7/2010 11:01:51 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE
1/7/2010 11:01:51 TECH-M2MTEST Deleting 1 Rows From SOItem
1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOMAST from form frmSo Parameters: NONE
1/7/2010 11:01:00 TECH-M2MTEST Deleting 1 Rows From SOMast
1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE
1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE
1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE
1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE
1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE
1/7/2010 11:01:00 TECH-M2MTEST Deleting 1 Rows From SOItem
1/7/2010 11:01:00 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE
1/7/2010 11:01:00 TECH-M2MTEST Deleting 1 Rows From SOItem
1/7/2010 11:00:29 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOMAST from form frmSo Parameters: NONE
1/7/2010 11:00:29 TECH-M2MTEST Deleting 1 Rows From SOMast
1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE
1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SODBOM from form frmSo Parameters: NONE
1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE
1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SORELS from form frmSo Parameters: NONE
1/7/2010 11:00:28 TECH-M2MTEST Deleting 1 Rows From SOItem
1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE
1/7/2010 11:00:28 TECH-M2MTEST Unqualified M2MDELETE by D.STEIN in SOITEM from form frmSo Parameters: NONE
1/7/2010 11:00:28 TECH-M2MTEST Deleting 1 Rows From SOItem
不幸的是,大多数相关信息都在1个文本字段中。第一步是从LogInfo字段中提取用户(D.STEIN),屏幕(SOMAST)和屏幕(frmso)。这部分相对容易。
我想要做的是创建一个计划作业,运行,每15分钟左右的时间,寻找可疑活动。我将可疑活动定义为每个用户在15分钟内删除3次。
但是等等!还有更多!
在我所提供的数据,仅存在3个缺失事件,每个间隔开的比一分钟以下。我会定义一个新的删除事件,至少在最后一个20秒后。
我如何评价LOGDATE,要追溯到15分钟后,每个用户计算删除的事件,所以我可以通知管理员当超过3记录某个用户?