Scribd
Upload
142 views

Audit DB Using A New SQL Server Audit Object

To create a SQL Server audit object, expand Security in SQL Server Management Studio (SSMS) and select New Audit. Choose an audit destination such as an event log or file and provide a name. By default, audits are disabled and must be enabled by right-clicking the audit object. Database audit specifications are created by expanding a database, selecting Security > New Database Audit Specification, associating it with an audit, and specifying audit actions and objects. The fn_get_audit_file function can be used to view audit logs.

Uploaded by

Nathnael Mesfin
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
142 views

Audit DB Using A New SQL Server Audit Object

To create a SQL Server audit object, expand Security in SQL Server Management Studio (SSMS) and select New Audit. Choose an audit destination such as an event log or file and provide a name. By default, audits are disabled and must be enabled by right-clicking the audit object. Database audit specifications are created by expanding a database, selecting Security > New Database Audit Specification, associating it with an audit, and specifying audit actions and objects. The fn_get_audit_file function can be used to view audit logs.

Uploaded by

Nathnael Mesfin
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

To create a new SQL Server Audit object:(MSSMS)

1. Expand Security and right-click Audits


2. Select New Audit

3. Write name of the Audit to identify,


select Audit destination (whether to store the audit data in an application security event
log, event log or a file.) indicate a location for the audit fileClick OK (audit object
will be created and appear in the Audits node of the Object Explorer)

1
4. By default, the newly created audit object is disabled. The disabled status is indicated by
a red x. to enable the Audit

Right-click on the Audit object  select Enable Audit

5. To apply the audit activity on an entire SQL Server instance

Expand Security and right-click Server Audit Specification

2
To apply the audit activity to a specific database

expand the node of the database to audit Security, right-click Database Audit
Specifications select New Database Audit Specification

6. In the Create Database Audit Specification dialog, indicate the specification name,
associate the specification with the audit object created in the previous step,
7. Specify the activity to audit in the Audit Action Type(all actions that can be audited using
SQL Server Auditing are listed) indicate the database, object, or schema as an Object
Class, the name of the audited object, and principal Name

3
8. Database audit specifications are disabled, by default. To enable them, select this option
in the context menu

9. When the time comes to see the audit log

Expand Security Expand Audits Right Click the Audit log …View Audit Logs

4
Using T-SQL
To create an Audit Object
CREATE SERVER AUDIT Sample_Audit
TO FILE ( FILEPATH ='E:\Audittest\' );
To Enable Audit
ALTER SERVER AUDIT Sample_Audit
WITH (STATE = ON);
GO
To Create Audit Specification
USE STUDENTGRADE
CREATE DATABASE AUDIT SPECIFICATION [ Sample
DatabaseAuditSpecification]
FOR SERVER AUDIT [Sample_Audit]
ADD (DATABASE_OBJECT_ACCESS_GROUP),
ADD (DATABASE_OBJECT_CHANGE_GROUP),
ADD (DELETE ON DATABASE::[STUDENTGRADE] BY [dbo]),
ADD (INSERT ON DATABASE::[STUDENTGRADE] BY [dbo]),
ADD (SELECT ON DATABASE::[STUDENTGRADE] BY [dbo]),
ADD (UPDATE ON DATABASE::[STUDENTGRADE] BY [dbo])
WITH (STATE = OFF)
GO
To enable Audit specification
USE STUDENTGRADE
ALTER DATABASE AUDIT SPECIFICATION SampleDatabaseAuditSpecification
FOR SERVER AUDIT [Sample_Audit]
WITH (STATE = ON);
GO

5
Use fn_get_audit_file to view the audit log

SELECT event_time,action_id, statement, database_name, server_principal_name


FROM fn_get_audit_file( 'E:\Audittest\Sample_Audit.sqlaudit' , DEFAULT , DEFAULT);

Note

 The audit report for example for data deletion event include user who made the deletion,
and when the deletion was made are but not the actual deleted data which is a
disadvantage for users who need more comprehensive audit data.
 It is difficult to manage multiple instances and consolidate the audit data and there is a lot
of work involved in managing, analyzing and archiving audit data, whether in a file or
log, and necessitates manual effort for importing, archiving and reporting.

You might also like