Enabling Audit for SQL Server 2005 / PCI Compliance

  • Hello there,

    We've got to enable auditing for critical DB servers which stores Card holder data. I've read Brian Kelley's article "SQL Server Auditing - Part 1" and "

    Auditing with SQL Profiler". What I don't understand is how to use the profiler to enable auditing for a particular table/column which houses the card holder data. Also, the end goal is to move these logs to a centralized log management server (RSA enVision). Can we export the profiler logs to enVision?

    If someone performs a select/alter/drop query on this table we wish to log the event for analysis. In addition, we wish to log account management events. Any help is greatly be appreciated.

    Thank you,


  • I would say the profiler method could certainly do all that. You could also look at DDL triggers to capture the object changes and logon triggers to capture logins..


  • If you only want to audit access to 1 table you could apply filters on DatabaseId and ObjectId.

    I don't know anything about RSA EnVision, but I would assume you could load the trace files into it even if you have to do something custom.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply