One day while checking things for clients, I happened across a fun little error message – “SQL Server Audit failed to create the audit file”. It just so happens that the audit had been working and then suddenly stopped and started flooding the error logs with this message.
Why would it suddenly stop working? Well, it says in the error that the disk might be full or that there may be a permissions issue. So, at least there are some possibilities provided by the message. Granted – neither of these options is very settling for a DBA.
No matter how simple the task or how versed we are with doing a security audit, it seems like we can always stand to learn just a little bit more. No matter how many times we hand an audit report over to the auditor, there is always “just one” more report we have to provide.
Legislation and regulation sometimes dictates that certain activities must be tracked within a database. On occasion, it will be required that queries be audited and tracked to reach compliance with the legislation or regulation. To achieve this compliance, this article will demonstrate how to use Extended Events to audit statements being executed within the database.
No matter the mechanism used to capture the data to fulfill the “investigation” phase of the audit, if the data is not analyzed and reports generated, then the audit did not happen. With that in mind, I settled on a quick intro in how to get the audit data in order to generate reports.
In the first article on this topic (which can be read here), I discussed the problem of having a database get dropped and the need to find out who dropped the database and when they […]
In a recent article on SSG, I discussed how to use Extended Events to function in a Profiler like fashion. You can read about that here. I recommend reading that article first because it helps […]
If you just so happen to be running on SQL Server 2012 or later, you will need to change your event sessions that were tracking file changes. It is a bit of an exercise to make the change and can be frustrating, but it is well worth it. The improved data that can be captured is going to help better control and oversee the environment.
A recent discussion got me to thinking about Auditing. To be honest, it got started with a complaint about some documentation that seemed overly light about the various fields related to auditing as it stands […]
Do you know the last time a Server Property was changed on your instances of SQL Server? Are you wondering when the setting for max degree of parallelism was changed? Do you know who changed […]
This article demonstrates a script that will generate a nice html report of your database security suitable for the auditors.