Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

A Sneak Peek at Entegra

By Brian Knight,

 

Recently, the SQLServerCentral.com labs had the chance to get a sneak peak at Lumigent’s latest creation, Entegra, which is scheduled to ship in the second week in December. Entegra monitors database activity and provides a complete record of access to the data and changes to database structure and permissions. In short, it allows a company to perform advanced auditing of their databases without the use of triggers. This product is built from the ground up as an enterprise product, with Oracle slated for 2003 and other DBMSs behind that.

 

Unlike Lumigent’s previous product, Log Explorer, Entegra can consolidate all the servers’ audits into a single point of record repository. “Entegra builds upon Log Explorer’s award winning technology to provide enterprise-class data access accountability. Log Explorer provides interactive, on-demand database transaction analysis and selective, on-line data recovery. Designed to always be running, Entegra provides full-time alerting on critical database access, and recording of audit data into a structured repository for analysis, reporting, and regulatory or policy compliance,” stated Michael Grabscheid, Vice President for Marketing at Lumigent.

 

Entegra in a Nutshell

In a nutshell, Lumigent installs a small extended stored procedure on each of the servers that you’d like to audit. There is also a Collection Agent (deployed as a Windows service) that combs your transaction logs periodically looking for certain events that the administrator defines. When an event is found, it is passed to the Repository Agent (also a Windows service) and it is then inserted into a common repository. The auditor can then look into the repository using a custom report or the out of the box solution that Lumigent provides.

 

This solution is geared at companies that have to comply with strict regulations, whether governmental, internal or from a customer. It provides a single area to look at the history of the data and who has modified it during the life of a record. It does not use triggers to perform this so impact on your server is minimal.

Hands-on With Entegra

The installation of Entegra went for me without a hitch despite its lengthy list of prerequisites. First you must install the Java 2 SDK, followed by the Jakarta Tomcat web server software, then finally the Microsoft JDBC Driver. That’s before you even install Entegra. These prerequisites power the reporting engine that I’ll discuss later. Being a Microsoft purest, I was disappointed that Entegra couldn’t use IIS, which is already installed on most administrator’s PCs. The Jakarta footprint is very light though and didn’t use more than a few megabytes of RAM even when I was requesting large reports. Much of the choice to use Jakarta I’m sure is to keep Entegra an open-ended solution that not only appeals to Microsoft enthusiasts but also Unix ones as well.

 

Once the product is installed, you can launch the Entegra Management Console (shown below with the server names blurred), which utilizes the common Microsoft Management Console (MMC). I like this integration quite a bit as you can snap-in the Lumigent components into your SQL Server Enterprise Manager and unify the two tools.

 

 

If you didn’t know better, you would think you were in Enterprise Manager. The entire installation process for adding new audited servers, Collection Agents, and Repository servers is driven through very simple wizards.

 

After you walk through a simple wizard, Entegra will install a service on the Collection Server, which reads the log files and passes the data to the Repository. On a very active OLTP system, it is recommended that your Collection Agent be on a separate server from the audited system. Most DBAs however will find the minimal impact of the Collection Agent fine for living on the same system as their audited database.

 

At a server-level, you can set the Collection Agent to alert you on given events through e-mail (shown below). You can configure Entegra to e-mail you on events such as database restores occurring or someone failing to login. This alone is a pretty powerful option that takes out tons of configuring SQL Server operators. The email is configured under the Notification tab. I would recommend that you send the e-mail to a distribution list rather than one person so it can be rectified by the first available person.

 

 

If a user were to create a table inside your audited Northwind database and alerts were turned on, you’d receive the following message in e-mail:

 

The user DEVSQL created a new table named "TestTable" in the "Northwind" database

on FSNDBAZ.  The user was logged in via an application that identified

itself as "SQL Query Analyzer" from the computer BKNIGHT.

 

If a user were to mistype the sa password and this event was being monitored, you would receive the following message:

 

The user sa attempted to log in to DEVSQL from the computer BKNIGHT, using an application that identified itself as "SQL Query Analyzer".  The login attempt failed.

 

As mentioned earlier, as data is collected, it’s passed to a central repository. This is what makes the solution an enterprise solution. You can have 100 servers all reporting to a consolidated system. The repository can then be seen through a previously mentioned web server. By selecting the Entegra Browser in your Entegra program group, a login page will appear asking you for a SQL Server login to sign into the Repository.

 

Once you’re signed in, you can drill into the data. The below screenshot shows you a condensed view of the reporting engine. You can click on an individual tab to sort or filter out given data. You can filter out given tables, types of transactions, users or dates to help you track down the data you’re looking for.

 

 

You can also double-click on a row to see the details on the transaction as shown below:

 

 

When performing detective work, you can single-click on a row, you will see the key in bottom of the browser. If you select that key, you will then see the history of that row from the initial insert all the way to the last update. This is a fantastic way to track down criminal behavior and to see who made a malicious change to your data. Tracking down the culprit is of course dependent on him signing in with his own login name.

 

 

At any time you can take a snapshot of your report in printable form by clicking on the Print Report button. This will output the report to Adobe Reader format.

 

Lumigent has built the Repository to be an open-ended database that you can run Crystal Reports against or any custom reporting solution. During the pre-review interview Michael Grabsheid stated, “We don’t want to be in the report writing business”. This approach is apparent in the out-of-the-box reporting engine. Lumigent spent their research money in a killer collection agent but the reports in this reviewer’s eyes seemed clunky and lacking. I found the reporting system very slow when paging through records, requiring up to 10 seconds when moving to a new page. The reporting features themselves were fantastic, but the speed was a problem.

 

There was also no built-in selective purge process. There is an overall purge process built into the console but it purges all your data. It would be nice to see a method to purge from a begin date to end date. Additionally, purge processes would be nice to remove certain “noise data” after a certain date and leave the rest for research or prosecution purposes. Lumigent has stated though that they will provide customers a query to purge their repository.

 

These two gripes can be worked through when you have a product that does what no other product does in the industry. Trying to come up with a similar solution would result in a company spending thousands of hours to develop their own solution. Lumigent is currently working on adding the ability to audit every SELECT event as well.

 

Conclusion

Simply put, there is no stronger data monitoring system on the market. Entegra provides an invaluable non-invasive enterprise solution for finding who did what when. DBAs, security analysts, and auditors will find this to be an essential tool in the toolkit for day-to-day work. After they own Entegra for a few weeks, they won’t know how they did their job before without it before.

 

Entegra is priced as an enterprise solution. The initial investment if you want to monitor data modifications starts at $5,000 (includes the core engine and data modification agent). For more information, see the pricing section below. This price tag may give sticker-shock to many smaller companies.

 

Rating

Return on Investment

 

 

 

 

 

 

 

 

 

 

 

 

5.0 - A steal when you compare the price of developing an alternative solution.

Ease-of-Use

 

 

 

 

 

 

 

 

 

 

 

 

4.5 – Love the integration with MMC. Report engine needs some minor work.

Features

 

 

 

 

 

 

 

 

 

 

 

 

5.0 - They’re the only tool on the market that can view this type of data at a granular-level.

Learning Curve

 

 

 

 

 

 

 

 

 

 

 

 

4.5 – Wizards made it easy to configure your system in 5 minutes. A tutorial would be helpful.

Documentation/Tutorial

 

 

 

 

 

 

 

 

 

 

 

 

2.5 – Needs more documentation and tutorial for new users.

Time savings

 

 

 

 

 

 

 

 

 

 

 

 

5.0 - Saves tons of time in auditing your mission-critical data.

Lack of Bugs

 

 

 

 

 

 

 

 

 

 

 

 

5.0 - None found during this review. Are you sure this is a 1.0 release?

Support

 

 

 

 

 

 

 

 

 

 

 

 

5.0 - Support provided phone number to call back in less than 10 mins when anonymously e-mailed

Overall

 

 

 

 

 

 

 

 

 

 

 

 

5.0 – There’s nothing like this on the market! Lumigent has done it again!

Specifics

Vendor Information

Lumigent
Phone:
(866) LUMIGENT
Address: 289 Great Road Acton, MA 01720 USA
E-mail : info@lumigent.com 
Website : http://www.lumigent.com

Pricing

Entegra Core Engine
Price : $3,000
Includes: 5 Alert Agents, multiple management consoles, 1 data repository, 1 report server (supports unlimited browser clients)

Data Modification Agent
Price : $2,000 per server
Purpose: Collects and creates an audit trail for data modification

Alert Agent
Price : $300 per server
Purpose:

Data Repository (optional)
Price : $1,500 per additional repository
Purpose: Receives and stores information collected from data modification and alert agents. One is included in the core engine. Add additional repositories for large systems or to segment collected data.

Note: By purchasing the core engine (required), you will receive a lot of what you need to get started. If you want to monitor data modification versus just DDL changes, you would have a $5,000 investment (Core Engine plus the Data Modification Agent).

 30 day full demos are available of all Lumigent Products

 

Total article views: 3297 | Views in the last 30 days: 0
 
Related Articles
ARTICLE

Review of Lumigent Entegra

We've been trying to catch up on reviews lately, Hai was kind enough to give Entegra a try and repor...

ARTICLE

Lumigent Technologies Introduces Data Auditing Solution for Oracle

Entegra for SQL Server has been available for some time, but Lumigent has recently announced support...

FORUM

Experience with Database auditing tools

Idera, Lumigent, Quest

FORUM

Review of Lumigent Entegra

Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/column...

FORUM

Custom Dll Report Server

Report Server

Tags
product reviews    
reviews    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones