create a server audit and database audit specification
TRANSCRIPT
-
7/30/2019 Create a Server Audit and Database Audit Specification
1/5
Create a Server Auditand Database AuditSpecification
This topic describes how to create a server audit and database audit
specification in SQL Server 2012 by using SQL Server Management
Studio or Transact-SQL.
Auditing an instance of SQL Server or a SQL Server database
involves tracking and logging events that occur on the system. The
SQL Server Auditobject collects a single instance of server- or
database-level actions and groups of actions to monitor. The audit
is at the SQL Server instance level. You can have multiple audits per
SQL Server instance. The Database-Level Audit Specification object
belongs to an audit. You can create one database audit specification
per SQL Server database per audit. For more information, see SQL
Server Audit (Database Engine).
In This Topic
Before you begin:
Limitations and Restrictions
Security
To create a server audit and database audit
specification, using:
SQL Server Management Studio
Transact-SQL
Before You Begin
Limitations and Restrictions
Database audit specifications are non-securable objects that
reside in a given database. When a database audit specification is
created, it is in a disabled state.
When you are creating or modifying a database audit
specification in a user database, do not include audit actions on
SQL Server 2012 2 out of 5 rated this helpful
e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280
5 14-Apr-2013
-
7/30/2019 Create a Server Audit and Database Audit Specification
2/5
server-scope objects, such as the system views. If server-scoped
objects are included, the audit will be created. However, the
server-scoped objects will not be included, and no error will be
returned. To audit server-scope objects, use a database audit
specification in the master database.
Database audit specifications reside in the database where they
are created, with the exception of the tempdb system database.
Security
Permissions
Users with the ALTER ANY DATABASE AUDIT permission
can create database audit specifications and bind them to
any audit.
After a database audit specification is created, it can be
viewed by principals with the CONTROL SERVER, ALTER
ANY DATABASE AUDIT permissions, or the sysadmin
account.
[Top]
Using SQL Server Management
Studio
To create a server audit
In Object Explorer, expand the Security folder.1.
Right-click the Audits folder and select New Audit. For
more information, see Create a Server Audit and Server
Audit Specification.
2.
When you are finished selecting options, click OK.3.
To create a database-level audit specification
In Object Explorer, expand the database where you want
to create an audit specification.
1.
Expand the Security folder.2.
Right-click the Database Audit Specifications folder and
select New Database Audit Specification.
The following options are available on the Create
3.
e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280
5 14-Apr-2013
-
7/30/2019 Create a Server Audit and Database Audit Specification
3/5
Database Audit Specification dialog box.
Name
The name of the database audit specification. This is
generated automatically when you create a new
server audit specification but is editable.
Audit
The name of an existing database audit. Either type
in the name of the audit or select it from the list.
Audit Action Type
Specifies the database-level audit action groups
and audit actions to capture. For the list of
database-level audit action groups and audit
actions and a description of the events they
contain, see SQL Server Audit Action Groups and
Actions.
Object Schema
Displays the schema for the specified ObjectName.
Object Name
The name of the object to audit. This is only
available for audit actions; it does not apply to
audit groups.
Ellipsis ()
Opens the Select Objects dialog to browse for and
select an available object, based on the specified
Audit Action Type.
Principal Name
The account to filter the audit by for the object
being audited.
Ellipsis ()
Opens the Select Objects dialog to browse for and
select an available object, based on the specified
Object Name.
When you are finished selecting option, click OK.4.
[Top]
Using Transact-SQL
To create a server audit
In Object Explorer, connect to an instance of Database1.
e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280
5 14-Apr-2013
-
7/30/2019 Create a Server Audit and Database Audit Specification
4/5
Engine.
On the Standard bar, click New Query.2.
Copy and paste the following example into the query
window and click Execute.
3.
To create a database-level audit specification
In Object Explorer, connect to an instance of Database
Engine.
1.
On the Standard bar, click New Query.2.
Copy and paste the following example into the query
window and click Execute. The example creates a database
audit specification called Audit_Pay_Tables that audits
SELECT and INSERT statements by the dbo user, for the
HumanResources.EmployeePayHistory table based on
the server audit defined above.
3.
For more information, see CREATE SERVER AUDIT (Transact-SQL)
and CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL).
[Top]
USE master ;
GO
-- Create the server audit.
CREATE SERVER AUDIT Payrole_Security_Aud
TO FILE ( FILEPATH =
'C:\Program Files\Microsoft SQL Server\M
GO
-- Enable the server audit.
ALTER SERVER AUDIT Payrole_Security_Audi
WITH (STATE = ON) ;
USE AdventureWorks2012 ;
GO
-- Create the database audit specificati
CREATE DATABASE AUDIT SPECIFICATION Audi
FOR SERVER AUDIT Payrole_Security_Audit
ADD (SELECT , INSERT
ON HumanResources.EmployeePayHistorWITH (STATE = ON) ;
GO
e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280
5 14-Apr-2013
-
7/30/2019 Create a Server Audit and Database Audit Specification
5/5
Community Additions
2013 Microsoft. All rights reserved.
e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280