Support
 
Support Get Quote
 
 
 
 
Database platforms

Understanding SQL Server Audit better

Read more
 
Previous article
Next article
Network devices

Critical Windows events: Event ID 6008 - Unexpected system shutdown

Read more
 
Microsoft SQL

Auditing using DB audit specification and server audit specification

Feb 10, 2022 5 min read
 
  • Microsoft SQL

Audit specifications can have three categories of actions:

  • Server level actions
  • Database level actions or
  • Audit level actions

This article discusses how server level actions and database level actions are enabled for auditing on an SQL server using audit specification.

Enabling server audit specification

These are the audit specifications for actions carried out at the server level. It is available in all the editions of SQL server. There can be only one server audit specification per audit.

To create server audit specification, the user needs :

  • Permission to connect to the database.
  • ALTER ANY SERVER AUDIT permission to edit.
  • CONTROL SERVER permission to allow the audit to be viewed by the user.

Steps to create Server Audit Specification:

  • Create a server audit
    • Navigate to Security folder, in Object Explorer.
    • Right-click the Audits folder and select New Audit.
    • When you finish selecting options, select OK.
  • Navigate to Security folder >> Server Audit Specifications.
  • Right-click Server Audit specifications and select New Server Audit Specification.
  • Specify the following:
    • Name field with name. If left empty, a default name is assigned.
    • Server Audit field with the target machine to which these events should be logged.
  • From the Audit list, select the audit object created in step 1.
  • In the Actions pane, add actions and objects to the server audit.
  • Right-click your server audit specification and select Enable Server Audit Specification.

Database audit specification

These are the audit specifications for actions carried out at the database level. Database audit specification is available only in the Enterprise edition of SQL server and can be carried out at the object or user level.

To create server audit specification, you need the below permissions:

  • Permission to connect to the database
  • ALTER ANY DATABASE AUDIT SPECIFICATION or ALTER
  • CONTROL permission for the database to which they would like to add the audit.

Steps to create database audit specification:

The following needs to be configured to create a Database Audit Specification:

  • Navigate to Security node >> Database Audit specifications.
  • Right-click Database Audit Specifications and select New Database Audit Specification.
  • Specify the following fields
    • Name field with name. If left empty, a name is assigned by default.
    • Audit field with the name of the existing Server Audit object.
    • Audit Action Type field, which can be selected from both Audit Actions and Audit Action Groups.
    • Object Name of the object to be audited when an Audit Action has been selected.
    • Schema of the selected object.
    • Principal Name. To audit all users, use the keyword public in this field.
  • Click OK.
  • Right-click your database audit specification and select Enable Database Audit specification.

Creating a database audit specification using Transact SQL

Here's a scenario in which we want to audit the changes made to an employee pay history table. Assume that the employee details are stored in HumanResource.EmployeePayHistory table. First, we define a server audit called Payrole_Security_Auditc and enable it. We then proceed to create a database audit specification called Audit_Pay_Tables. This specification audits SELECT and INSERT statements by the dbo user for the table, as required.

Steps to enable auditing for the above scenario

  • Connect to an instance of Database Engine, in the Object Explorer.
  • Select New Query on the standard bar.
  • Paste the following example code into the query window and select Execute.
  • USE master ;
    GO
    -- Create the server audit.
    CREATE SERVER AUDIT Payrole_Security_Audit
    TO FILE ( FILEPATH =
    'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA' ) ;
    GO
    -- Enable the server audit.
    ALTER SERVER AUDIT Payrole_Security_Audit
    WITH (STATE = ON) ;
  • Repeat the first three steps for the example code below.
  • USE AdventureWorks2012 ;
    GO
    -- Create the database audit specification.
    CREATE DATABASE AUDIT SPECIFICATION Audit_Pay_Tables
    FOR SERVER AUDIT Payrole_Security_Audit
    ADD (SELECT , INSERT
    ON HumanResources.EmployeePayHistory BY dbo )
    WITH (STATE = ON) ;
    GO

Auditing procedures such as these involve a lot of time and human effort. This is as far as the auditing goes—you still don't get a holistic picture on the security of your SQL database.

ManageEngine's EventLog Analyzer, a comprehensive log management tool, audits both SQL server and SQL database. It provides out-of-box reports, real-time alerts and even an intuitive dashboard You can drill down to the logs, filter reports, customize alerts, perform log searches, and archive logs for powerful and effective management of SQL Servers. Click here to know to more

You may also like

 

Interested in a
log management
solution?

Try EventLog Analyzer

 

 

Manage logs, comply with IT regulations, and mitigate security threats.

Seamlessly collect, monitor, and analyze
logs with EventLog Analyzer

Your request for a demo has been submitted successfully

Our support technicians will get back to you at the earliest.

  •  
  •  
By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.

  Zoho Corporation Pvt. Ltd. All rights reserved.

Link copied, now you can start sharing
Copy