Home
  •  

AK586605

Alert_AK586605 (Rule)

SQL Server has detected direct system catalog update: Msg 17659

Knowledge Base article:

External

http://go.microsoft.com/fwlink/?LinkId=246810

Element properties:

TargetMicrosoft.KnowledgeServices.SQLServer.DBEngine
CategoryAlert
EnabledTrue
Event_ID17659
Event Source$Target/Property[Type="MicrosoftSQLServerLibrary!Microsoft.SQLServer.DBEngine"]/ServiceName$
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
SQL Server has detected direct system catalog update: Msg 17659
<Details>
<Content>System tables are the underlying tables that actually store the metadata for a specific database. The system tables are used only within the SQL Server Database Engine and are not for general customer use. Access to system base tables by using Dedicated Admin Connection is designed only for Microsoft personnel, and it is not a supported customer scenario. If the system tables are updated, Event ID 17659 is logged in the Application Event log. The database header records this event and generates a warning every time the database starts up and also when DBCC CHECKDB is executed. To be in a supported state, you should consider transferring the contents of this database into a new database.</Content>
<CollectedInformation>
<Info>
<Name>Database ID reporting direct system table update</Name>
<Value>{0}</Value>
</Info>
</CollectedInformation>
</Details>
Event LogApplication

Member Modules:

ID Module Type TypeId RunAs 
event DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Alert_AK586605" Enabled="true" Target="KnowledgeServicesSQLServerLibrary!Microsoft.KnowledgeServices.SQLServer.DBEngine" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="event" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">17659</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">$Target/Property[Type="MicrosoftSQLServerLibrary!Microsoft.SQLServer.DBEngine"]/ServiceName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="AlertMessage85f91371e4d0455ba920ac0e5e9b0309"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventData/DataItem/*[local-name()='EventData']/*[local-name()='Data'][2]$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

      <Custom1>SupportTopic=TBD</Custom1>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10>1.0.0.0</Custom10>

    </WriteAction>

  </WriteActions>

</Rule>