Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

The Need for Auditing Expand / Collapse
Author
Message
Posted Thursday, December 4, 2008 8:02 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 10:22 AM
Points: 31,214, Visits: 15,658
Comments posted to this topic are about the item The Need for Auditing






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #614233
Posted Friday, December 5, 2008 7:31 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: 2 days ago @ 1:09 PM
Points: 13,872, Visits: 9,597
I use trace logs and trigger-based auditing. (I even wrote articles about it for this site last summer.) I've found those to be quite adequate to my needs.

I have a proc that takes a database and table name, a "main search field" (usually the PK) and a couple of other input parameters, and it does all the work for me of creating a a log table (in my DBALog database) for the database, creating the logging trigger (based on a sparse XML structure that only stores columns that have changed), and creating search and undo procs for any logged transaction, customized to the columns in the table being logged. Takes about 2 seconds to add logging to any table and is pretty much fire-and-forget. Of course, sometimes I'll modify the trigger so that it deviates from the default, but that's uncommon.

I also have the default trace running, and two custom traces running on the databases that need it the most. All are set to restart if the SQL Service restarts (from a reboot or whatever). It generally works out to keeping about 3-4 days of data.

And I have a DDL trigger in every production database and in "model" that logs schema/code changes, including who made the change, when, and the script used. I've had to make a few filters for this, because maintenance plan index rebuilds otherwise end up junking up the log, but beyond that it's been quite handy.

Those are what I use for auditing. Some of it may be overkill, but performance hasn't been hurt to an extent that any user can tell the difference, and it has come in quite handy quite a few times.


- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #614529
Posted Monday, December 8, 2008 4:44 AM


UDP Broadcaster

UDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP Broadcaster

Group: General Forum Members
Last Login: Wednesday, January 2, 2013 12:15 PM
Points: 1,443, Visits: 711
Ahhh auditing...

I've used mostly trigger based auditing through the years on stuff I've designed, although a few clients did do auditing in the data layer, which worked really well for them.

Based on the application architecture and auditing requriements it was a good approach for them.

DDL triggers are great for capturing DDL changes. I've used them in environment where security has been less than optimal due to company policies, but thats another discussion.
Post #615454
Posted Monday, December 8, 2008 9:09 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 10:22 AM
Points: 31,214, Visits: 15,658
Not many people auditing, or maybe caring, ...


or maybe awake







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #615605
Posted Monday, December 8, 2008 11:46 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Today @ 6:13 AM
Points: 1,623, Visits: 1,967
^^ I don't know about everyone else, but I never got the newsletter this morning. Had to go to the site to get my fix. As for auditing, where I am we use trigger based auditing. Nothing too important being looked for, but if someone changes something, knowing the who, what, and when will lead them to the why.
Post #615706
Posted Monday, December 8, 2008 9:34 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 10:22 AM
Points: 31,214, Visits: 15,658
Yep, lack of replies was my fault. No newsletter.






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #615914
Posted Tuesday, September 16, 2014 1:47 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, October 22, 2014 1:32 AM
Points: 1, Visits: 45
I recently found, via Google searches, and implemented successfully, a trigger based solution called AutoAudit (http://autoaudit.codeplex.com/). This is an open source project, which auto generates triggers on your base tables. On DML operations the triggers fire and populate a few consolidated tables that store the old and new records and details of the change. Being open source it was free, and it has been really good in so much as we've never had a problem with it and it passed all our tests. Because it was open source we tested it exhaustively prior to implementation.

The DB where we've installed has low data volumes, and pretty low growth. Our DBA did say that if we had high data growth, due to the consolidated tables, he perhaps wouldn't have allowed it.

I recommend you give it a look.
Post #1613977
Posted Tuesday, September 16, 2014 3:00 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 9:59 AM
Points: 5,643, Visits: 3,524
Whenever I have come across the need for auditing then the preference by the business was against a home spun solution and for the deployment of a third party system as it was deemed easier to justify its selection on the basis that it was less open to subversion (original meaning, not the source control product). This could be argued either way and, I believe, totally dependent upon the auditing product selected.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1613994
Posted Tuesday, September 16, 2014 7:38 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Tuesday, October 28, 2014 6:34 AM
Points: 36, Visits: 168
I am currently using ApexSQL Audit for DML changes on sensitive databases. It's trigger based, but the part I really like is the Audit Viewer tool they make, you can give that tool to security users who need to view the audit logs, and its easy to use interface makes them happy.

Post #1614076
Posted Tuesday, September 16, 2014 7:52 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Today @ 9:55 AM
Points: 594, Visits: 660
I mostly use Redgate and home grown solutions for DDL audits. Fortunately, I work mostly with OLAP databases and DML is not as big an issue. That auditing is handled in ETL processes.

Aigle de Guerre!
Post #1614085
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse