Database Administration

CSCS- 324

By:
Shahid Mahmood
Warning!
Lecture slides are high-level
description of lectures

Relying only upon the slides do not

guarantee good grades in exams

For achieving good grades in exams

always attend lectures, Study books,
explore web and other resources, and
be efficient in submitting your
allocated tasks.
Auditing SQL Server
Agenda
Overview of Auditing

Configuring Server Audits

Auditing instance and database actions

Policy-based Management
Auditing SQL Server
Auditing logs user actions at the instance and/or
at database level

Auditing provides the ability to trace out who is

doing what on SQL Server and what they are
doing at, what they did? Etc.,

For example: Connection attempt to SQL Server,

What objects are being accessed (especially
sensitive objects like: Social Security info, credit card
info, Medical info, Pay roll info, attorney info)

Database Audit is available with the “Enterprise ed.”

Implementing auditing
For implementing auditing we create logs to
files, Security, or application event.

Logs are created to monitor: Elevated

privileges, Connection attempts, and Sensitive
objects

At first we set up server audit (a configuration point to

log it to file, security, or application event) then the server

audit specification and database audit
specification are set up and tied up with the
server audit
How to Audit
Generating Security Event Log
(Hint)
In the “Create Audit” window at the “Audit Destination”
drop-down list we get 3 options: File, Security Audit,
and Application Audit

From amongst the above three, before generating the

Security Audit we need to set up security options for
the user or group as given below:

Start Administrative Tools Local Security Policy

Security Settings Local Policies User Rights
Assignments Generate Security Audit Double click
and in the window add user or group you want. Then
at Security Settings Audit Policy Audit Object Access
turn Success and Failure ON. Then Turn your Audit ON
Auto generated Script for Security
audit
Log to Security Event Log. With option “Shutting down
instance if log fails”
Auditing through Policy-based
Management
Policy-based Management allows us to enforce
configuration standards. It involves following
things:

Facets: These are configurable properties of an

object

Conditions: These are values and criteria for

facet properties e.g., Auto shrink = ON

(Facet) (Condition)

Policy: Are conditions to impose

Auditing through Policy-based
Management (Screen Shot)
Questions?