How ApexSQL Audit works with Merge Replication (4370042)

How ApexSQL Audit works with Merge Replication

Merge replication, like transactional replication, typically starts with a snapshot of the publication database objects and data. Subsequent data changes and schema modifications made at the Publisher and Subscribers are tracked with triggers. The Subscriber synchronizes with the Publisher when connected to the network and exchanges all rows that have changed between the Publisher and Subscriber since the last time synchronization occurred. This article contains more information about merge replication https://learn.microsoft.com/en-us/sql/relational-databases/replication/merge/merge-replication?view=sql-server-ver16

There is currently no mechanism in ApexSQL Audit that would recognize or group the SQL instances based on the fact that they have been set up for Merge Replication.
 
The recommendation is to add the Publisher and Subscriber instances as standalone servers with the same auditing configuration set.
 
When basic auditing is utilized, DML statements (in the form of SQL text data) are captured only on the server where they have been executed, while information about synchronization and other merge replication-related background operations are captured in system objects such as:
 
- dbo.sysmergesubscriptions,
- sysmergerarticles
- sysmergepartitioninfo
- sysmergepartitioninfoview
- sysmergepublications
- sysmergeschemaarticles
- sysmergeschemachange
- sysmergesubsetfilters
- MSmerger_altsyncpartners
- MSmerge_contents
- MSmerge_current_partition_mappings
- MSmerge_generation_partition_mappings
- MSmerger_genhistory
- MSmerger_history
- MSmerge_identity_range
- MSmerge_metadataction_request
- MSmerge_past_partition_mappings
- MSmerge_replinfo
- MSmerge_sessions

When Before-after auditing is utilized (with the same configuration on both the Publisher and Subscriber), ApexSQL Audit triggers are successfully installed alongside the ones for merge replication, meaning that, when a DML operation (which is set in the Before-after auditing configuration) is performed against a Merge replication table, two events will be captured - for both the Publisher and the Subscriber.
 
Again, it is best for the customer to test ApexSQL Audit by adding the Publisher and Subscriber as standalone servers and to verify if the auditing information that is being collected meets their requirements.
 
In an environment where there is a large number of background operations being performed, as is the case with Merge Replication, it is strongly recommended to exclude all the objects and logins that are not necessary for meeting compliance standards, in order to avoid the generation of a considerable amount of data.