Home
Databases
Basics of SQL Server Auditing

Basics of SQL Server Auditing

In this page

A brief history of server auditing
Auditing components

Are you using SQL databases to store your critical data? How are you auditing? Do you think auditing database activities is not essential? Take a look at the following scenarios:

- A hospital that is liable to comply with HIPAA mandate holds patient health information in SQL server. On a fine day, they discover that their PHI (Protected Health Information) is compromised. How can they ascertain who leaked the information?

- A government agency that stores variety of PII (Personally Identifiable Information) in a SQL server is liable to comply with GDPR. If an insider leaks out sensitive information, there will be serious consequences. How can the security of the data be ensured?

-A user logs in to the network at an unusual time. Though this might look like a normal activity, it is important to know what the user was up to. How can this be done?

How can you analyze these incidents without enabling auditing for your SQL server. This article discusses different ways of auditing SQL servers and databases.

A brief history of server auditing

Prior to the development of SQL 2008, the following features were combined to facilitate auditing.

Login auditing and C2 auditing
Triggers and event notifications
SQL Tracking used in conjunction with SQL Profiling

However, utilizing the above mentioned features for auditing purposes became quite difficult as it involved a significant amount of setup. The data collected by this method were logged and stored in different formats and different locations respectively. This made it difficult to comprehend information from the logs.

After 2008, though these features are still being used, SQL Server auditing, a new feature that utilizes extended events to audit everything that happens in your server was developed. This enables you to track every single event from server setting changes to who modified a setting in the database. This information is then written in the Windows security log, Windows application log or a flat file.

Though auditing was an enterprise only feature in SQL Server 2008, in SQL Server 2012, it has been made available in all the editions. However, database auditing is still available only in enterprise edition.

Auditing components

The SQL Server auditing feature encompasses three main components:

EventLog Analyzer Trusted By

Customer Speaks

Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.

Benjamin Shumaker

Vice President of IT / ISO

Credit Union of Denver
The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.

Joseph Graziano, MCSE CCA VCP

Senior Network Engineer

Citadel
EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.

Joseph E. Veretto

Operations Review Specialist
Office of Information System

Florida Department of Transportation
Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.

Jim Lloyd

Information Systems Manager

First Mountain Bank

Testimonials Case Studies