May 6, 2013 at 2:00 pm
First off I admit I am no SQL Audit guru but from what I have read so far it sounds to me like as if the SQL Audit feature in SQL 2008 R2 is more for traditional programmers then DB admins.
If I read this info on SQL Audit correctly the info captured by SQL Audit is stored ONLY in Windows Event Logs. Can anyone familiar with SQL Audit confirm this or correct the statement if its incorrect? I can’t believe that the only option for storage of audit info would be the windows log. Maybe it’s just me but this seems like a decision few if any DB Admins would make. It does however sound like something traditional programmers would lovely embrace because it lets them avoid working with SQL language and Relational DB’s.
What I’ve always done (for the handful of tables we need to audit) is to create duplicate of the table and populate it with data whenever a DML change occurs via the use of triggers. I know that CDC would be great for doing this but it leaves out the WHO and so while you know what happened with your data when using CDC you have no idea who made the change and that’s the other critical piece to auditing for us.
Does SQL Audit allow only for storing in the Windows Event Log?
Kindest Regards,
Just say No to Facebook!May 7, 2013 at 2:27 am
If you create a new AUDIT from SSMS the first window gives you the option to select the destination. The available options are "File", "Security Log" or "Application Log". When you have "File" selected, you can specify a destination on the available disk(s).
The AUDIT files can be imported to a (secure and restricted) central server to keep track of all recorded actions.
May 7, 2013 at 11:12 am
HanShi (5/7/2013)
If you create a new AUDIT from SSMS the first window gives you the option to select the destination. The available options are "File", "Security Log" or "Application Log". When you have "File" selected, you can specify a destination on the available disk(s).The AUDIT files can be imported to a (secure and restricted) central server to keep track of all recorded actions.
Thanks for the info.
Kindest Regards,
Just say No to Facebook!Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply