Hi Friends,
We have option called C2 Audit in side SQL Server but do we know what actually got recorded using this. So breaking the mystry walls here are those things:
The following auditable events are provided for C2 certification of SQL Server:
Auditing registers shutdown operations if performed from within SQL Server. However, if the server is
shutdown from the operating system or manually, the auditing event will not be traced except as a
request from the operating system.
The Windows NT 4.0 Service Control Manager does not notify SQL Server who started a service— just that the service is being started. Consequently, you must audit service control actions in Windows
NT 4.0 to get a complete audit trail of SQL Server activity.
Please follow below link and download a good informational document file : SQL 2000 C2 Admin and user guide.http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=71C146F3-9907-40CD-BABF-3506ECD33254
Regards
GURSETHI
We have option called C2 Audit in side SQL Server but do we know what actually got recorded using this. So breaking the mystry walls here are those things:
The following auditable events are provided for C2 certification of SQL Server:
- End User Activity (for example, all SQL commands, logins, and logouts)
- DBA Activity (Data Definition Language statements other than Grant/Revoke/Deny and security events, Configuration [Database or Server])
- Security Events (Grant/Revoke/Deny, login/user/role add/remove/configure)
- Utility Events (Backup/Restore/ Bulk Insert/BCP/DBCC commands)
- Server Events (Shutdown, Pause, Start)
Auditing registers shutdown operations if performed from within SQL Server. However, if the server is
shutdown from the operating system or manually, the auditing event will not be traced except as a
request from the operating system.
The Windows NT 4.0 Service Control Manager does not notify SQL Server who started a service— just that the service is being started. Consequently, you must audit service control actions in Windows
NT 4.0 to get a complete audit trail of SQL Server activity.
- Audit Events (Start Audit, Stop Audit)
Each audit event record contains (at a minimum):
Date and time of each event (start time of the event).For more information on these events, see "Security Audit Event Category." For information on how to enable auditing, see the "Setting the Audit Trace Option," which follows, and "Auditing SQL Server Activity"in SQL Server Books Online.
Windows NT 4.0 Domain name of the user who caused the event to occur.
Windows NT 4.0 UserName of the user who caused the event to occur.
The Windows NT 4.0 Security ID (SID) of the user who caused the event to occur.
Type of event (Event Class and Subclass).
Success or failure of the event.
Server name of the SQL Server.
Origin of the request (Windows NT 4.0 client computer name).
Name of the application the user is running.
Server process id (SPID) of the user's SQL Server connection.
Please follow below link and download a good informational document file : SQL 2000 C2 Admin and user guide.http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=71C146F3-9907-40CD-BABF-3506ECD33254
Regards
GURSETHI
1 comment:
Thanks ..... clear explanation
Post a Comment