SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Auditing


Auditing

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)

Group: Administrators
Points: 224100 Visits: 19634
Comments posted to this topic are about the item Auditing

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Richard Gardner-291039
Richard Gardner-291039
Ten Centuries
Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)

Group: General Forum Members
Points: 1293 Visits: 421
Our auditing tends to be in two spheres -

1) Where there is interaction with the customer, so sales orders and product specifications are audited.

2) The finance system, we have very fine grained history of all our transactions.

This just takes the form of history tables plus user names & dates.

Of course it is external interactions which dictate what goes on internally, so I guess that is what is being audited, if something goes wrong internally (we make the wrong product or buy the wrong supplies) then we can find out what the catalyst was for that. I guess there's no point auditing internal procedures which are carried out as a result of making an invalid transaction with the outside world.

In terms of SQL, then, nothing, it's all application based, but then that's why we only allow indirect access to the DB. I could imagine in a larger site with lots of people with direct DB access you'd have to go to a whole different level, but I don't see a justification for it here.
mcerkez88
mcerkez88
Forum Newbie
Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)

Group: General Forum Members
Points: 9 Visits: 50
In our system we audit everything by storing a new state of table row into audit log as xml record along with the info who and when made the change. this way by using views on audit log table we can write query and reconstruct each row to any desired point in time if it is necessary to do so.

At application level we log parameters for every query on database to monitor who and when acceded some data.
bwillsie-842793
bwillsie-842793
Mr or Mrs. 500
Mr or Mrs. 500 (507 reputation)Mr or Mrs. 500 (507 reputation)Mr or Mrs. 500 (507 reputation)Mr or Mrs. 500 (507 reputation)Mr or Mrs. 500 (507 reputation)Mr or Mrs. 500 (507 reputation)Mr or Mrs. 500 (507 reputation)Mr or Mrs. 500 (507 reputation)

Group: General Forum Members
Points: 507 Visits: 290
Unfortunately we don't audit as much as I'ld like due to how auditing is implemented in our ERP system.

We audit a few basic fields on certain transactions, but don't audit BOM changes or most other master record changes.

Consequently we rather have to guess who might have made the change based on the date and username of whoever touched the record last.

Does SQL Server have an integrated audit function built in? Something that would let you audit changes to particular fields in tables and grab date, time, userid, and before/after field content?

If not, would it be worth while to anyone other than me to have one?
Jack Corbett
  Jack Corbett
SSC Guru
SSC Guru (70K reputation)SSC Guru (70K reputation)SSC Guru (70K reputation)SSC Guru (70K reputation)SSC Guru (70K reputation)SSC Guru (70K reputation)SSC Guru (70K reputation)SSC Guru (70K reputation)

Group: General Forum Members
Points: 70890 Visits: 14949
The whole topic of auditing can be very complex and honestly, I don't understand or know all the options I even have available to me. Fortunately, I am not currently in an industry that is highly regulated, so I don't have a ton of auditing requirements. In my opinion, this is one of the areas where PASS should be providing best practices and recommendations.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming
At best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at work

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
-=JLK=-
-=JLK=-
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1863 Visits: 303
We audit select "tables". I have a generic trigger I apply to all tables of interest which simply makes a copy of an existing row before it is changed/deleted and places it in an "audit" copy of the same table. All audit tables have triggers which prevent deletions execpt by a specific user account which was created for that purpose only.

There is nothing particularly fancy about this method, it is mostly brute force but it works and with some creative SQL we can reconstruct most activity on our sensitive data as well as recovering accidentally changed data. Once in place it takes care of itself (I don't have to be concerned with the application side of the house) but I do have to be mindfull of table design changes since they need to be applied to the audit copy of the table also.

I would be interested in seeing how mcerkez88 implemented/maintains their xml audit logs.

James.
-=JLK=-
-=JLK=-
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1863 Visits: 303
mcerkez88 (7/30/2010)
In our system we audit everything by storing a new state of table row into audit log as xml record along with the info who and when made the change. this way by using views on audit log table we can write query and reconstruct each row to any desired point in time if it is necessary to do so.

At application level we log parameters for every query on database to monitor who and when acceded some data.



Would you be willing to post an example of how you implmented your auditing? Curious how you insure all changes are written to the audit log in an appropriate format. Are you just capturing the changes or the entire record that is being changed? If done via trigger or stored procedure I'd appreciate seeing a copy. I understand if you consider it a trade secret or sensitive and don't want to publish it publicly.

Thanks,

James.
Katherine Fraser
Katherine Fraser
SSC Rookie
SSC Rookie (30 reputation)SSC Rookie (30 reputation)SSC Rookie (30 reputation)SSC Rookie (30 reputation)SSC Rookie (30 reputation)SSC Rookie (30 reputation)SSC Rookie (30 reputation)SSC Rookie (30 reputation)

Group: General Forum Members
Points: 30 Visits: 144
I work at a company whose clients include pharmacies so several of our applications store PHI (protected health information) and must be "treated with special care" according to HIPAA.

I am currently working on an application to audit any PHI access. That is, any time a stored procedure returns PHI to the application, I'll have to enter a log record showing what data was seen, by whom and when.

I'll be using Service Broker to log the accesses, sending encrypted messages, and storing it in a database encrypted with TDE. I'm not sure what the volume will be yet but it seems like a good idea to send the SSB messages as binary to reduce the size.

------------------------------------------------------

Katherine
Nadrek
Nadrek
SSCertifiable
SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)SSCertifiable (7.1K reputation)

Group: General Forum Members
Points: 7142 Visits: 2741
Katherine Fraser (7/30/2010)
I work at a company whose clients include pharmacies so several of our applications store PHI (protected health information) and must be "treated with special care" according to HIPAA.

I am currently working on an application to audit any PHI access. That is, any time a stored procedure returns PHI to the application, I'll have to enter a log record showing what data was seen, by whom and when.

I'll be using Service Broker to log the accesses, sending encrypted messages, and storing it in a database encrypted with TDE. I'm not sure what the volume will be yet but it seems like a good idea to send the SSB messages as binary to reduce the size.

------------------------------------------------------

Katherine


How is that going to work when a DBA or developer or process is doing bulk historical reporting, or investigating/troubleshooting to find patterns (selecting millions of rows to let a human spot patterns)?
Steve Jones
Steve Jones
SSC Guru
SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)SSC Guru (224K reputation)

Group: Administrators
Points: 224100 Visits: 19634
bwillsie-842793 (7/30/2010)

Does SQL Server have an integrated audit function built in? Something that would let you audit changes to particular fields in tables and grab date, time, userid, and before/after field content?

If not, would it be worth while to anyone other than me to have one?



SQL Server 2008 has a built in Auditing feature that is very nice.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search