Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

What, when and who? Auditing 101 - Part 3 Expand / Collapse
Author
Message
Posted Thursday, May 31, 2012 1:51 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, September 25, 2014 4:29 AM
Points: 119, Visits: 451
Hi,

Very nice article.

So am i right in saying this form of auditing only answers the "when" and not the "who", I saw session Id but unless your constantly recording whose using the session Id that doesn't tell you anything?

Post #1309333
Posted Thursday, May 31, 2012 2:57 PM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 11:04 AM
Points: 2,372, Visits: 6,767
Who is also shown. If you look at the first http://www.sqlservercentral.com/Images/14239.jpg
you will session_server_principal_name which will show the user name


-Roy
Post #1309369
Posted Today @ 7:17 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 11:14 AM
Points: 3,115, Visits: 3,236
This doesn't work for Standard edition of SQL Server.



Igor Micev,
SQL Server developer at Seavus
www.seavus.com
Post #1645373
Posted Today @ 7:26 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 11:04 AM
Points: 2,372, Visits: 6,767
That is true.. In SQL Server 2008 only EE and Datacenter supported this feature.
But in SQL 2012 Server level auditing is available in all editions. Only Database level auditing is limited to Enterprise, Developer, and Evaluation editions.


-Roy
Post #1645375
Posted Today @ 10:59 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Today @ 1:03 PM
Points: 57, Visits: 447
Also, who audits the auditor? My company requires an audit tool that can't be altered by the sysadmin. So it's Guardium for now.
Post #1645443
Posted Today @ 11:08 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 11:04 AM
Points: 2,372, Visits: 6,767
Thats a tough question... Who audits the auditor. I have never worked with Guardium yet. There is no way anyone can manipulate the data when using Guardium?

-Roy
Post #1645447
Posted Today @ 1:06 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Today @ 1:03 PM
Points: 57, Visits: 447
The Guardium agent is embedded in the SQL Server process space. The actual administration and data collection occurs on a remote server, functionally separate from SQL. So there's no chance that anyone with admin-level access to the SQL Server can circumvent or tamper with the auditing function.

So every week I get a nice Guardium-generated report from the Security gurus, asking me to explain my activities in the SQL Server.
Post #1645476
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse