| Author |
Audit log that SA cannot modify
|
|
| jasonshohet@gmail.com 2006-02-15, 7:23 am |
| Anyone familiar with ways (SQL Server 2000, or 2005) to have an audit
log of who does what in the database (outside of a Great Plains front
end passing over requests) - that the SA cannot modify? If the SA - or
anyone - can modify the log - its no good from an audit perspective.
It has to be read-only. Any software packages out there that also do
this and present the log in a form thats easy to query / review?
Thanks!
Jason Shohet
| |
| Uri Dimant 2006-02-15, 7:23 am |
| Hi
In SQL Server 2005 you will be able to define a trigger on database level to
capture events.
<jasonshohet@gmail.com> wrote in message
news:1139999866.893906.89260@z14g2000cwz.googlegroups.com...
> Anyone familiar with ways (SQL Server 2000, or 2005) to have an audit
> log of who does what in the database (outside of a Great Plains front
> end passing over requests) - that the SA cannot modify? If the SA - or
> anyone - can modify the log - its no good from an audit perspective.
> It has to be read-only. Any software packages out there that also do
> this and present the log in a form thats easy to query / review?
>
> Thanks!
> Jason Shohet
>
| |
| jasonshohet@gmail.com 2006-02-15, 9:23 am |
| But the SA can disable the trigger, thats not enough.
I want something that can audit the SA himself - and anyone else. It
should report on all schema changes and all transactions made to the db
- by anyone - and nobody should be able to modify it (including the SA)
except truncate the log by date range at the end of the audit period.
| |
| Uri Dimant 2006-02-15, 9:23 am |
| Hi
Don't you trust in SA? :-))))))
Remove people that you don't want from sysadmin server role and then you
audit them by using triggers
<jasonshohet@gmail.com> wrote in message
news:1140012486.489277.187450@g14g2000cwa.googlegroups.com...
> But the SA can disable the trigger, thats not enough.
> I want something that can audit the SA himself - and anyone else. It
> should report on all schema changes and all transactions made to the db
> - by anyone - and nobody should be able to modify it (including the SA)
> except truncate the log by date range at the end of the audit period.
>
| |
| jasonshohet@gmail.com 2006-02-15, 8:23 pm |
| Ha, the issue is that the SA needs to be able to do this himself :)
but the SA role is necessary to perform maintenance on the SQL Server I
assume. Isn't there something that a QA person can install with the SA
watching perhaps - eg. a 3rd party logger, that can audit all
activities, that the SA cannot interfere with once installed. Pie in
the sky?
| |
| Sue Hoegemeier 2006-02-15, 8:23 pm |
| Not pie in the sky. You can look at options with SQL Server
such as server side traces, maybe c2 auditing. Lots of third
party products that monitor activity - more products now
with SOX requirements. A couple of many would be AuditDB
from Lumigent: http://www.lumigent.com/products/auditdb.html
and Compliance Manager from Idera:
http://www.idera.com/Products/SQLcm/
-Sue
On 15 Feb 2006 14:15:29 -0800, jasonshohet@gmail.com wrote:
>Ha, the issue is that the SA needs to be able to do this himself :)
>but the SA role is necessary to perform maintenance on the SQL Server I
>assume. Isn't there something that a QA person can install with the SA
>watching perhaps - eg. a 3rd party logger, that can audit all
>activities, that the SA cannot interfere with once installed. Pie in
>the sky?
|
|
|
|