Nadrek (12/5/2013)
patrickmcginnis59 10839 (12/5/2013)
"... Ideally, the audit information should be sent to a location that cannot be modified or tampered with, even by a sysadmin."http://technet.microsoft.com/en-us/library/dd392015(v=sql.100).aspx
Windows in general, and SQL Server in specific, are spectacularly unsuitable for any kind of permanent, tamper-resistant logging. Tamper-resistant audit trails can include a lot of protections, but the #1 protection must be that once written, the original audit data can be recovered despite anything that happens at a logical level.
So now I'm wondering which attributes of Microsoft software make it spactacularily unsuitable for this? Its not like I've never put a greenbar printer on a Windows server 🙂