Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL Audit Help - Does SQL Audit Really Store Audit Info ON The Windows Logs Expand / Collapse
Author
Message
Posted Monday, May 6, 2013 2:00 PM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, December 4, 2014 10:11 AM
Points: 892, Visits: 1,560
First off I admit I am no SQL Audit guru but from what I have read so far it sounds to me like as if the SQL Audit feature in SQL 2008 R2 is more for traditional programmers then DB admins.

If I read this info on SQL Audit correctly the info captured by SQL Audit is stored ONLY in Windows Event Logs. Can anyone familiar with SQL Audit confirm this or correct the statement if its incorrect? I can’t believe that the only option for storage of audit info would be the windows log. Maybe it’s just me but this seems like a decision few if any DB Admins would make. It does however sound like something traditional programmers would lovely embrace because it lets them avoid working with SQL language and Relational DB’s.

What I’ve always done (for the handful of tables we need to audit) is to create duplicate of the table and populate it with data whenever a DML change occurs via the use of triggers. I know that CDC would be great for doing this but it leaves out the WHO and so while you know what happened with your data when using CDC you have no idea who made the change and that’s the other critical piece to auditing for us.


Does SQL Audit allow only for storing in the Windows Event Log?


Kindest Regards,

Just say No to Facebook!
Post #1449868
Posted Tuesday, May 7, 2013 2:27 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Yesterday @ 10:40 AM
Points: 2,480, Visits: 3,023
If you create a new AUDIT from SSMS the first window gives you the option to select the destination. The available options are "File", "Security Log" or "Application Log". When you have "File" selected, you can specify a destination on the available disk(s).

The AUDIT files can be imported to a (secure and restricted) central server to keep track of all recorded actions.


** Don't mistake the ‘stupidity of the crowd’ for the ‘wisdom of the group’! **
Post #1450025
Posted Tuesday, May 7, 2013 11:12 AM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, December 4, 2014 10:11 AM
Points: 892, Visits: 1,560
HanShi (5/7/2013)
If you create a new AUDIT from SSMS the first window gives you the option to select the destination. The available options are "File", "Security Log" or "Application Log". When you have "File" selected, you can specify a destination on the available disk(s).

The AUDIT files can be imported to a (secure and restricted) central server to keep track of all recorded actions.



Thanks for the info.



Kindest Regards,

Just say No to Facebook!
Post #1450260
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse