Protect and Monitor

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 714341

    Comments posted to this topic are about the item Protect and Monitor

  • James Stover

    Hall of Fame

    Points: 3343

    Hmmm, I'm thinking more Service Broker. Or maybe even a streaming database like Streambase. But I suppose you could get SSIS to do it. Maybe an SSIS package called via service broker. Any thoughts there?

    You can store all events for later analysis but for a real-time application you want solid rules-based alerting. "Let me know when something isn't right. Otherwise, don't bother me."

    Technicalities aside, the age-old question comes up: Who audits the auditor? At some point you just have to trust that your DBA isn't out to screw you over.


    James Stover, McDBA

  • SuperDBA-207096

    SSCrazy Eights

    Points: 8176

    interesting article.

    I worked on a banking app (25-30 concurrent users) that audited all application accesses via application code. they needed an audit trail but in the 5 years I worked w/ the app, they never looked at the audit data.

    As far as DBA access goes, none of that was audited.

    Many financial and pharma apps have similar requirements - need to be able to prove who saw what if anyone ever asks.

  • bob.willsie

    Right there with Babe

    Points: 791

    I think there has to be some consideration of the value of what is being audited. For instance, they have set our ERP system up to log audit data for all columns in our po-lines table whenever any column is changed.

    That means 87 audit records anytime any column relating to a purchase order line is changed. In reality, we only need to audit about 8-12 of the columns.

    So, about 90% of our audit data on these transactions is non-value logging.

    I have also seen requests for extraneous logging on data that was pretty much self logging. For instance, one manager wanted an audit log entry that indicated what user created a record, and the date and time the record was created, even though that data was stored in columns in the original data records.

  • dma-669038

    SSCrazy

    Points: 2713

    Where I work we use Guardiam on SOX audited applications. It does a pretty neat job although it is an expensive tool. I wonder how many people realized the value of the default trace on SQL 2005 and the report that shows recent DDL changes? As a DBA that is so easy and invaluable to do a random audit. We audit logins otherwise and have a pretty tight process for getting access the database server.

  • jay-h

    SSCoach

    Points: 18801

    monitor access in real time? A DBA cannot be expected to be the corporate traffic cop.

    In a large organization you can have hundreds or more legitimate users at any moment, most of whose names you don't know. Since their access is controlled by AD grouping, which in turn is controlled by their managers and HR, I have no idea what a DBA is supposed to be doing in 'real time' here.

    ...

    -- FORTRAN manual for Xerox Computers --

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 714341

    Honestly, I don't think this is a DBA's job. I was curious if anyone would bring it up, but there should be someone doing compliance, that looks over the DBA.

    That being said, the DBA needs to be able to set this up. Service Broker is a good idea. Pipe events to it, write them off somewhere.

  • Matt Miller (4)

    SSC Guru

    Points: 124160

    Actually - this sounds suspiciously like some of the stuff the new DMW could do. (where DMW = 2008's version of SqlH2).

    Granted - both versions the Data Management warehouse are there to track performance, but they can hook onto a series of events and then respond in some way.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • ta.bu.shi.da.yu

    Hall of Fame

    Points: 3875

    Steve, I looked at her qualifications and they seem to be: marketing, managing at various IT companies, and an MBA. This would explain the extremely generic and wish-washy advise provided.

    Random Technical Stuff[/url]

  • Ron McCullough

    SSC Guru

    Points: 63877

    Steve a rather timely editorial ... listening to CNN broadcast this morning. Salient points --

    1. FAA (Federal Airtraffic Authority) had someone hack into one of their networks and compromised over 18,000 passwords and login names...

    2. State of Virginia reported that the database that tracks the usage of restricted drugs had been hijacked .. copied by a hacker... the state so far has refused to divulge what data (name, address, doctor's name for example) is contained in the database.. This highjacker offered to return the copy of the db for a ransom over 1,000,000 USD.

    Reference http://hamptonroads.com/pilotonline/

    So security is a REAL and EVERY DAY problem and the quicker it is recognized by DBA's and management the better off we all will be.

    If everything seems to be going well, you have obviously overlooked something.

    Ron

    Please help us, help you -before posting a question please read[/url]
    Before posting a performance problem please read[/url]

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply