Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


The Need for Auditing


The Need for Auditing

Author
Message
Steve Jones
Steve Jones
SSC-Dedicated
SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)

Group: Administrators
Points: 36062 Visits: 18736
Comments posted to this topic are about the item The Need for Auditing

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
GSquared
GSquared
SSChampion
SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)

Group: General Forum Members
Points: 14375 Visits: 9729
I use trace logs and trigger-based auditing. (I even wrote articles about it for this site last summer.) I've found those to be quite adequate to my needs.

I have a proc that takes a database and table name, a "main search field" (usually the PK) and a couple of other input parameters, and it does all the work for me of creating a a log table (in my DBALog database) for the database, creating the logging trigger (based on a sparse XML structure that only stores columns that have changed), and creating search and undo procs for any logged transaction, customized to the columns in the table being logged. Takes about 2 seconds to add logging to any table and is pretty much fire-and-forget. Of course, sometimes I'll modify the trigger so that it deviates from the default, but that's uncommon.

I also have the default trace running, and two custom traces running on the databases that need it the most. All are set to restart if the SQL Service restarts (from a reboot or whatever). It generally works out to keeping about 3-4 days of data.

And I have a DDL trigger in every production database and in "model" that logs schema/code changes, including who made the change, when, and the script used. I've had to make a few filters for this, because maintenance plan index rebuilds otherwise end up junking up the log, but beyond that it's been quite handy.

Those are what I use for auditing. Some of it may be overkill, but performance hasn't been hurt to an extent that any user can tell the difference, and it has come in quite handy quite a few times.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
SuperDBA-207096
SuperDBA-207096
UDP Broadcaster
UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)

Group: General Forum Members
Points: 1475 Visits: 711
Ahhh auditing...

I've used mostly trigger based auditing through the years on stuff I've designed, although a few clients did do auditing in the data layer, which worked really well for them.

Based on the application architecture and auditing requriements it was a good approach for them.

DDL triggers are great for capturing DDL changes. I've used them in environment where security has been less than optimal due to company policies, but thats another discussion.
Steve Jones
Steve Jones
SSC-Dedicated
SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)

Group: Administrators
Points: 36062 Visits: 18736
Not many people auditing, or maybe caring, ...


or maybe awake Hehe

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Ian Massi
Ian Massi
SSCrazy
SSCrazy (2.1K reputation)SSCrazy (2.1K reputation)SSCrazy (2.1K reputation)SSCrazy (2.1K reputation)SSCrazy (2.1K reputation)SSCrazy (2.1K reputation)SSCrazy (2.1K reputation)SSCrazy (2.1K reputation)

Group: General Forum Members
Points: 2066 Visits: 2173
^^ I don't know about everyone else, but I never got the newsletter this morning. Had to go to the site to get my fix. As for auditing, where I am we use trigger based auditing. Nothing too important being looked for, but if someone changes something, knowing the who, what, and when will lead them to the why.
Steve Jones
Steve Jones
SSC-Dedicated
SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)

Group: Administrators
Points: 36062 Visits: 18736
Yep, lack of replies was my fault. No newsletter. Sad

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
nick.spain 56599
nick.spain 56599
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 76
I recently found, via Google searches, and implemented successfully, a trigger based solution called AutoAudit (http://autoaudit.codeplex.com/). This is an open source project, which auto generates triggers on your base tables. On DML operations the triggers fire and populate a few consolidated tables that store the old and new records and details of the change. Being open source it was free, and it has been really good in so much as we've never had a problem with it and it passed all our tests. Because it was open source we tested it exhaustively prior to implementation.

The DB where we've installed has low data volumes, and pretty low growth. Our DBA did say that if we had high data growth, due to the consolidated tables, he perhaps wouldn't have allowed it.

I recommend you give it a look.
Gary Varga
Gary Varga
SSCrazy Eights
SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)

Group: General Forum Members
Points: 8286 Visits: 6133
Whenever I have come across the need for auditing then the preference by the business was against a home spun solution and for the deployment of a third party system as it was deemed easier to justify its selection on the basis that it was less open to subversion (original meaning, not the source control product). This could be argued either way and, I believe, totally dependent upon the auditing product selected.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Chord77
Chord77
SSC Rookie
SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)

Group: General Forum Members
Points: 45 Visits: 356
I am currently using ApexSQL Audit for DML changes on sensitive databases. It's trigger based, but the part I really like is the Audit Viewer tool they make, you can give that tool to security users who need to view the audit logs, and its easy to use interface makes them happy.
Kick6Tiger
Kick6Tiger
SSChasing Mays
SSChasing Mays (641 reputation)SSChasing Mays (641 reputation)SSChasing Mays (641 reputation)SSChasing Mays (641 reputation)SSChasing Mays (641 reputation)SSChasing Mays (641 reputation)SSChasing Mays (641 reputation)SSChasing Mays (641 reputation)

Group: General Forum Members
Points: 641 Visits: 761
I mostly use Redgate and home grown solutions for DDL audits. Fortunately, I work mostly with OLAP databases and DML is not as big an issue. That auditing is handled in ETL processes.

Aigle de Guerre!
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search