====== LDC Audit Flags — Quick Start ======

Short admin guide for turning on SQL / activity logging to the Windows Event Log on a Lime Server. 

===== Where the settings live =====

<code>
HKLM\SOFTWARE\Lundalogik\Lundalogik Data Components\Databases\<DB>\Auditing
</code>

On 64-bit Windows the mirrored path is:

<code>
HKLM\SOFTWARE\Wow6432Node\Lundalogik\Lundalogik Data Components\Databases\<DB>\Auditing
</code>

Replace ''<DB>'' with the database name (e.g. ''CRM''). Create the ''Auditing'' subkey if it does not exist. Changes take effect immediately — no service restart needed.

All values are ''DWORD''.

===== Value meanings =====

^ Value ^ Meaning ^
| ''0''  | Off (same as deleting the value) |
| ''1''  | Log only successful calls |
| ''2''  | Log only failed calls — **recommended default** |
| ''3''  | Log both success and failure |

<WRAP tip>
Leaving everything at ''2'' is safe for production. Setting ''3'' on busy categories (especially ''SQLExecution'') can fill the Event Log in minutes — only use it for short, targeted investigations.
</WRAP>

===== The settings =====

^ Setting ^ Logs ^
| ''Login''                        | User logins |
| ''Logout''                       | User logouts |
| ''Authentication''               | Authentication attempts |
| ''SQLExecution''                 | **Every SQL statement** sent to the database |
| ''ProcedureExecution''           | Stored procedure calls |
| ''ParameterAction''              | Procedure parameter actions |
| ''DataRetrieval''                | Record reads |
| ''DataNew''                      | New record creation |
| ''DataUpdate''                   | Record updates |
| ''DataRemoval''                  | Record deletes |
| ''DataBatchUpdate''              | Batch updates |
| ''DataXMLRetrieval''             | XML record-set reads |
| ''DataXMLRetrievalCompressed''   | Compressed XML record-set reads |
| ''DataStructureXmlReterival''    | Data-structure XML reads //(name misspelled — must match exactly)// |
| ''TableXMLRetrieval''            | Table XML reads |
| ''FileAdd''                      | File additions |
| ''FileGet''                      | File retrievals |
| ''FileUpdate''                   | File updates |
| ''FileXML''                      | File XML operations |

Events appear in Event Viewer under //Applications and Services Logs → Lundalogik → Lundalogik Data Components//, source **''Lundalogik Data Components''**.

===== Examples =====

==== Example 1 — Log every SQL statement on the CRM database ====

<code reg>
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Lundalogik\Lundalogik Data Components\Databases\CRM\Auditing]
"SQLExecution"=dword:00000003
</code>

==== Example 2 — Security audit (logins + authentications) on CRM ====

<code reg>
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Lundalogik\Lundalogik Data Components\Databases\CRM\Auditing]
"Login"=dword:00000003
"Logout"=dword:00000003
"Authentication"=dword:00000003
</code>

==== Example 3 — Track all data changes on CRM ====

<code reg>
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Lundalogik\Lundalogik Data Components\Databases\CRM\Auditing]
"DataNew"=dword:00000003
"DataUpdate"=dword:00000003
"DataRemoval"=dword:00000003
"DataBatchUpdate"=dword:00000003
"ProcedureExecution"=dword:00000003
</code>

==== Example 4 — Reset everything to the safe default ====

<code reg>
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Lundalogik\Lundalogik Data Components\Databases\CRM\Auditing]
"Login"=dword:00000002
"Logout"=dword:00000002
"Authentication"=dword:00000002
"SQLExecution"=dword:00000002
"ProcedureExecution"=dword:00000002
"DataRetrieval"=dword:00000002
"DataNew"=dword:00000002
"DataUpdate"=dword:00000002
"DataRemoval"=dword:00000002
"DataBatchUpdate"=dword:00000002
</code>

==== Example 5 — Same thing from PowerShell ====

<code powershell>
$db   = "CRM"
$path = "HKLM:\SOFTWARE\Lundalogik\Lundalogik Data Components\Databases\$db\Auditing"
New-Item -Path $path -Force | Out-Null

Set-ItemProperty -Path $path -Name "SQLExecution" -Value 3 -Type DWord
Set-ItemProperty -Path $path -Name "Login"        -Value 3 -Type DWord
</code>

==== Example 6 — Only log slow SQL (> ~1 second) ====

''SQLExecution'' also supports a millisecond threshold in the upper bits (16 ms granularity). A value of ''0x000003E2'' means "log failures + any statement slower than ~992 ms":

<code reg>
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Lundalogik\Lundalogik Data Components\Databases\CRM\Auditing]
"SQLExecution"=dword:000003E2
</code>

For 5 seconds: ''0x00001392''. For 10 seconds: ''0x00002722''. (The low nibble ''2'' = "also log failures"; clear it to ''0'' if you //only// want the slow-query events.)

===== Turning it off =====

Either delete the values, or set them back to ''2''. The Event Log immediately stops receiving new audit entries.