SQL Audit
With this optional plugin, you can acquire logs produced by MS SQL Server instances. For other databases, you will need to use Syslog.
To activate the plugin (once the relevant license has been enabled), go to Configuration > PlugIn.
Next, you will need to configure SQL Server using SQL Server Management Studio.
Once connected (as an SQL administrator), expand the tree on the left and select:
Security > Audits
Right-click Audit and select New Audit:
If necessary, assign a different title to the control (audit) and select Application Log as the audit destination.
Click OK and close the window.
At this point, you can schedule events at either the server level or the database level.
SERVER LEVEL
Scroll down to Server Audit Specifications, right-click, and select New Server Audit Specification.
Select the audit you just created as the control (it should appear in the drop-down menu).
Enlarge the window and work in the central grid:
For example:
Consult your SQL Server expert to determine which audits are required at the server level.
SERVER LEVEL
Expand the database you want to check and select Security > Database Audit Specifications
Similar to server audits, create a new audit and associate it with the selected audit:
Expand the window and work in the central grid:
Here you can add controls at the global (database) level or for a specific table, for example:
This control will insert a log entry every time a user (with the dbo schema) performs an INSERT operation
in a specific table (e.g., Employees) of the current database.
​
The Object Class determines the type of control (global, schema, or table).
The Object Name represents the database, schema, or table to be specified.
​
There are several possible control modes.
Always consult your SQL Server expert to determine which controls are required for your security.
​
Note: Don’t forget to activate the audit (it is disabled by default). Any changes to the audit must be made
with the controls disabled.
​
​
​
Once these controls are activated, the logs will be written to the appropriate (separate) table, available
under Main Menu > SQL Audit Logs.
