create a server audit and database audit specification

Upload: daking

Post on 14-Apr-2018

215 views

Category:

Documents


0 download

TRANSCRIPT

  • 7/30/2019 Create a Server Audit and Database Audit Specification

    1/5

    Create a Server Auditand Database AuditSpecification

    This topic describes how to create a server audit and database audit

    specification in SQL Server 2012 by using SQL Server Management

    Studio or Transact-SQL.

    Auditing an instance of SQL Server or a SQL Server database

    involves tracking and logging events that occur on the system. The

    SQL Server Auditobject collects a single instance of server- or

    database-level actions and groups of actions to monitor. The audit

    is at the SQL Server instance level. You can have multiple audits per

    SQL Server instance. The Database-Level Audit Specification object

    belongs to an audit. You can create one database audit specification

    per SQL Server database per audit. For more information, see SQL

    Server Audit (Database Engine).

    In This Topic

    Before you begin:

    Limitations and Restrictions

    Security

    To create a server audit and database audit

    specification, using:

    SQL Server Management Studio

    Transact-SQL

    Before You Begin

    Limitations and Restrictions

    Database audit specifications are non-securable objects that

    reside in a given database. When a database audit specification is

    created, it is in a disabled state.

    When you are creating or modifying a database audit

    specification in a user database, do not include audit actions on

    SQL Server 2012 2 out of 5 rated this helpful

    e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280

    5 14-Apr-2013

  • 7/30/2019 Create a Server Audit and Database Audit Specification

    2/5

    server-scope objects, such as the system views. If server-scoped

    objects are included, the audit will be created. However, the

    server-scoped objects will not be included, and no error will be

    returned. To audit server-scope objects, use a database audit

    specification in the master database.

    Database audit specifications reside in the database where they

    are created, with the exception of the tempdb system database.

    Security

    Permissions

    Users with the ALTER ANY DATABASE AUDIT permission

    can create database audit specifications and bind them to

    any audit.

    After a database audit specification is created, it can be

    viewed by principals with the CONTROL SERVER, ALTER

    ANY DATABASE AUDIT permissions, or the sysadmin

    account.

    [Top]

    Using SQL Server Management

    Studio

    To create a server audit

    In Object Explorer, expand the Security folder.1.

    Right-click the Audits folder and select New Audit. For

    more information, see Create a Server Audit and Server

    Audit Specification.

    2.

    When you are finished selecting options, click OK.3.

    To create a database-level audit specification

    In Object Explorer, expand the database where you want

    to create an audit specification.

    1.

    Expand the Security folder.2.

    Right-click the Database Audit Specifications folder and

    select New Database Audit Specification.

    The following options are available on the Create

    3.

    e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280

    5 14-Apr-2013

  • 7/30/2019 Create a Server Audit and Database Audit Specification

    3/5

    Database Audit Specification dialog box.

    Name

    The name of the database audit specification. This is

    generated automatically when you create a new

    server audit specification but is editable.

    Audit

    The name of an existing database audit. Either type

    in the name of the audit or select it from the list.

    Audit Action Type

    Specifies the database-level audit action groups

    and audit actions to capture. For the list of

    database-level audit action groups and audit

    actions and a description of the events they

    contain, see SQL Server Audit Action Groups and

    Actions.

    Object Schema

    Displays the schema for the specified ObjectName.

    Object Name

    The name of the object to audit. This is only

    available for audit actions; it does not apply to

    audit groups.

    Ellipsis ()

    Opens the Select Objects dialog to browse for and

    select an available object, based on the specified

    Audit Action Type.

    Principal Name

    The account to filter the audit by for the object

    being audited.

    Ellipsis ()

    Opens the Select Objects dialog to browse for and

    select an available object, based on the specified

    Object Name.

    When you are finished selecting option, click OK.4.

    [Top]

    Using Transact-SQL

    To create a server audit

    In Object Explorer, connect to an instance of Database1.

    e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280

    5 14-Apr-2013

  • 7/30/2019 Create a Server Audit and Database Audit Specification

    4/5

    Engine.

    On the Standard bar, click New Query.2.

    Copy and paste the following example into the query

    window and click Execute.

    3.

    To create a database-level audit specification

    In Object Explorer, connect to an instance of Database

    Engine.

    1.

    On the Standard bar, click New Query.2.

    Copy and paste the following example into the query

    window and click Execute. The example creates a database

    audit specification called Audit_Pay_Tables that audits

    SELECT and INSERT statements by the dbo user, for the

    HumanResources.EmployeePayHistory table based on

    the server audit defined above.

    3.

    For more information, see CREATE SERVER AUDIT (Transact-SQL)

    and CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL).

    [Top]

    USE master ;

    GO

    -- Create the server audit.

    CREATE SERVER AUDIT Payrole_Security_Aud

    TO FILE ( FILEPATH =

    'C:\Program Files\Microsoft SQL Server\M

    GO

    -- Enable the server audit.

    ALTER SERVER AUDIT Payrole_Security_Audi

    WITH (STATE = ON) ;

    USE AdventureWorks2012 ;

    GO

    -- Create the database audit specificati

    CREATE DATABASE AUDIT SPECIFICATION Audi

    FOR SERVER AUDIT Payrole_Security_Audit

    ADD (SELECT , INSERT

    ON HumanResources.EmployeePayHistorWITH (STATE = ON) ;

    GO

    e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280

    5 14-Apr-2013

  • 7/30/2019 Create a Server Audit and Database Audit Specification

    5/5

    Community Additions

    2013 Microsoft. All rights reserved.

    e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280