Making the SharePoint Aud... |
Venue Announced for Secur... »
Understanding Audit Logging in SQL Server 2008 - 2/18/10 12PM US Eastern Time
Tue, 12 Jan 2010 12:08:11 GMT
With 2008, SQL Server finally has a real audit log capability. It’s flexible, high performance and can report its events directly to the Windows Security Event Log which means you can leverage the security and integrity of the security log AND take advantage of whatever log management solution you currently use to collect, monitor and report server logs.
Now you can audit changes to SQL server configuration and objects as well as commands executed against tables such as Select, Update, Delete and Insert. SQL Server 2008 auditing produces an audit log not a transaction log. That means you can audit any command and or other action in SQL Server but the audit log does not record before and after images of the actual data table rows. Again, it’s an audit log – not a transaction log.
Similar to Windows auditing, SQL Server 2008 auditing allows you to define which SQL server objects and actions you which to audit and you can limit audited activity to specific users or roles. When you enable auditing you can choose to send audit events to either binary SQL audit log files in a specified folder or to the Application or Security event logs. For obvious security and log management reasons I recommend the security log. I wish Microsoft had used different event IDs for each audit event but all SQL Server audit events show up as event ID 33205 so that means you have to look in the event details for any and all particulars about the event.
The new SQL commands for auditing include:
· CREATE SERVER AUDIT
· CREATE SERVER AUDIT SPECIFICATION
· CREATE DATABASE AUDIT SPECIFICATION
In this real training webinar I will explain those commands and show you how to setup SQL Server auditing to report events to the Security log. Then I will demonstrate a number of audit scenarios for tracking things like:
· Permission changes
· Login and role changes
· Login failures
· Commands against specific tables like SELECT and UPDATE
This real training webinar is not free. For specialized topics where finding a sponsor is not practical I’m trying out a new paid model. The fee is low and there is no sponsor presentation; your information will not be shared with anyone. It’s all deep, technical training. To register please click here.
Understanding the Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log
Virtualization Security: What Are the Real World Risks?
The Art of Detecting Malicious Activity with Logs
powered by Bloget™