How to secure SQL Server audit log

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » Administering » How to secure SQL Server audit log

How to secure SQL Server audit log

Rate Topic

Display Mode

Topic Options

Author

Message

Richard Sisk

Posted Friday, August 21, 2009 4:23 PM

SSCommitted

Group: General Forum Members
Last Login: Friday, June 07, 2013 11:04 PM
Points: 1,894, Visits: 206

Working on instructions for securing a SQL 2005/2008 server for credit card PCI compliance. Below are the specific requirements from the PCI spec that I am using SQL Server auditing to cover.

The specific items; 10.2.3 and 10.2.6 are the requirements I am solving for. Can I audit these actions?

10.2.2 All actions taken by any individual with root or administrative privileges
10.2.3 Access to all audit trails
10.2.4 Invalid logical access attempts
10.2 5 Use of identification and authentication mechanisms
10.2.6 Initialization of the audit logs

Thanks

Post #775474

S. Kusen

Posted Sunday, August 23, 2009 12:13 AM

SSC Eights!

Group: General Forum Members
Last Login: Today @ 2:47 PM
Points: 956, Visits: 882

Can you elaborate on the audit logs you are referring to?

Post #775629

Richard Sisk

Posted Sunday, August 23, 2009 7:25 AM

SSCommitted

Group: General Forum Members
Last Login: Friday, June 07, 2013 11:04 PM
Points: 1,894, Visits: 206

Sure, its the log that gets the entries when someone does a login or logout of SQL Server. You can then view the logs in SQL Server Management Studio by clicking on Management/SQL Server Logs.

Post #775668

ALZDBA

Posted Sunday, August 23, 2009 8:21 AM

SSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 2:13 PM
Points: 6,866, Visits: 8,071

- You can indeed switch your sqlserver instance to "audit login all", that will insert a row for every logon attempt in the sqlserver instance Errorlog file.
Off course you'll have to secure that file at os level and take copies at frequent inverval,...

- to trace what's going on you could use my little article "
SQL Server and SOX" to get started.
http://www.sqlservercentral.com/articles/Security/3203/

- Keep in mind at windows level you can also audit the (windows) logons at os-level.

- you can also capture sqlserver login events yourself ( see "Scope: The drastic caveat with Logon Triggers." !
at http://www.sqlservercentral.com/articles/Administration/64974/ )

Johan

     Jul 13

Don't drive faster than your guardian angel can fly ...
but keeping both feet on the ground won't get you anywhere w00t

- How to post Performance Problems
- How to post data/code to get the best help

- How to prevent a sore throat after hours of presenting ppt ?

"press F1 for solution", "press shift+F1 for urgent solution" BigGrin

Need a bit of Powershell? How about this

Who am I ? Sometimes this is me but most of the time this is me Hehe

Post #775672

Sarab_SQLGeek

Posted Sunday, August 23, 2009 8:36 AM

Old Hand

Group: General Forum Members
Last Login: Thursday, June 13, 2013 11:10 AM
Points: 368, Visits: 524

All you need is C2 Administrator’s and User’s Security Guide Revision 1.1
you can donwload this guide from :
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=71C146F3-9907-40CD-BABF-3506ECD33254

Regards,
Sarabpreet Singh Cool