Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Tips Database Forum Rss Feed

» Database Journal Home
» Database Articles
» Database Tutorials
MS Access
SQL Scripts & Samples
» Database Forum
» Slideshows
Free Newsletters:

News Via RSS Feed

Rss Feed

Database Journal |DBA Support |SQLCourse |SQLCourse2

Featured Database Articles

White Papers

Posted Jan 7, 2010

Better Auditing Capabilities with SQL Server 2008

By DatabaseJournal.com Staff

The key to auditing your data is having the knowledge of who is accessing your data, or who is trying to break-in and steal your data.    Break-ins or attempted break-ins are not the only thing you need to worry about tracking.  You also need to monitor inappropriate use by those individuals that do have legitimate access to your data.  Another area to be concerned about is to make sure your administration staff are not making inappropriate configuration changes. 


SQL Server 2008 Enterprise addition now includes a robust audit mechanism built into the database engine.  The new SQL Server Audit capabilities provide more flexibility and granularity to what you can audit.  SQL Server Audit was design with the following things in mind:


·         Audit feature, and its objects, must be truly secure

·         Performance impact must be minimized

·         Audit feature must be easy to manage

·         Audit-centric questions must be easy to answer


The audit functions within SQL Server 2008 are fully manageable from within SQL Server Management Studio, through SQL Management Objects (SMO) and/or Transact-SQL DDL.  This allows you the capability to programmatically manage the auditing functionality using Transact-SQL scripts or using SMO.   


Auditing of SQL Server is made up of three main audit objects.  There is the “Server Audit” object, which defines the target of the audit, which can be a file, the Window Application or Security Log.  The “Server Audit Specification” object describes what needs to be audited at the server level.  The “Database Audit Specification” object identifies what needs to be audited at the database level.   You use all of these to provide your set of audit specifications.   This white paper dives in and describes in detail all of these different objects.  Along with this, there is a technical architecture discussion on auditing, that touches on permissions and the performance consideration of using the new auditing aspect of SQL Server 2008. 


The new auditing feature of SQL Server 2008 provides robust and comprehensive auditing capabilities for an enterprise.  These new audit features perform much better than the older SQL Trace method.  If you have not been doing auditing or have been using the audit features of older versions you owe it to yourself to read this white paper to better understand how SQL Server 2008 can meet your audit requirements.   


View Article

White Papers Archives