I re-cycle my SQL Server log every night using sp_cycle_errorlog. However, before I do, I would like to capture all of the failed logins recorded. I have auditing turned on for failed logins, but I want to make sure that I capture those events into a table so I can report on. How can I do this?  Read more...

Continuing with his series on using auditing information to roll transactions forward or back, David McKinney shows us how to generate audit triggers using XML.  Read more...

This is spurred on by a comment a pen tester made. He was referring to a particular technology and said something to the effect of, "What do you expect? It's 30 year-old technology." I was stunned when the comment was relayed to me. My response...  Read more...

In SQL Server 2008, Microsoft introduced SQL Server Audit. This is much better than anything we had before, and is likely to meet the needs of all but the largest, or most highly-regulated industries. SQL Server 2008 Enterprise Edition includes all of the features, whereas SQL Server 2008 Standard Edition only provides a subset. What is most attractive about it, is that it is easy to administer, as Thomas LaRock explains.  Read more...

Using an audit table to rollback changes to data might be a nice addition to many applications. David McKinney's new series looks at how you can use this data for RollBack or RollForward.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

An auditor has taken a look at our SQL Servers and has told us that we need to audit login failures to the SQL Servers themselves. How do we do this?  Read more...

This paper provides a comprehensive description of the new feature along with usage guidance and then provides some practical examples.  Read more...

This article introduces Profiler presenting what it is, how to use it, and why you might want to use it.  Read more...

This article shows the steps to analyze SQL Server logins and permissions to ensure that there are no logins and users that exist who are have unnecessary access  Read more...

MVP Andy Warren continues his series of videos on auditing with a look at removing old data. In this video, learn how to develop an easy system to keep a rolling history, removing anything older than a set number of days.  Read more...

Learn the basics of how to audit changes on your SQL Server with MVP Andy Warren.  Read more...

Filtering DML statements by loginname , host name or application name   Read more...

Brian Kelley looks at auditing in this article about SQL Server 2008 and the enhancements made in this version. The new Audit Object allows you to more easily determine what is happening on your SQL Server instance.  Read more...

In this article, Johan Bijnens shows how logon triggers can bite you in the back.  Read more...

This Article shows a method to audit ETL-Processes to be able to retrace processes and affected data.  Read more...

Is C2 auditing widely used? Should it be more widely used? Steve Jones talks about the subject of auditing in today's editorial.  Read more...