a walk around the sql server 2012 audit feature
play

A Walk Around the SQL Server 2012 Audit Feature Timothy P. McAliley - PowerPoint PPT Presentation

Feb 10, 2024 •378 likes •937 views

A Walk Around the SQL Server 2012 Audit Feature Timothy P. McAliley Microsoft Premier Field Engineer | SQL Server www.NetComLearning.com Speaker Introduction: Timothy P. McAliley 14+ years in IT Currently work for Microsoft Premier

  1. A Walk Around the SQL Server 2012 Audit Feature Timothy P. McAliley Microsoft Premier Field Engineer | SQL Server www.NetComLearning.com

  2. Speaker Introduction: Timothy P. McAliley 14+ years in IT Currently work for Microsoft • Premier Field Engineer – SQL Server, Washington, DC. Previously Worked for: • Symantec • Football Fanatics (Jacksonville, FL) (High Volume e-Commerce) • ASM Research, Inc. (Fairfax, VA) (Defense Contractor) • MCSA: SQL Server 2012, Windows Server 2012 • MCSE: Data Platform, Server Infrastructure

  3. Objective and Scope of this Presentation • Overview of SQL Server 2012 Server and Database Auditing • Demonstration of SQL Server Audit Configuration

  4. Whom Would Hopefully Find This Most Useful • Working in a an environment where auditing is a requirement • Researching options for audit solutions • Looking a for an overview to help get you started on trying the SQL Server Audit feature

  5. Agenda • Introduction to SQL Server Audit • Configuring SQL Server Audit • Audit Actions and Action Groups • Defining Audit Targets • Creating Audits • Creating Server Audit Specifications • Creating Database Audit Specifications • Audit-related DMVs and System Views • Demonstration Using SQL Server Audit • Other Issues and Considerations • Resources for More Information

  6. Introduction to SQL Server Audit

  7. Introduction to SQL Server Audit • SQL Server Audit compared/in relation to – • Change Data Capture • DML/DDL Audit Triggers • C2 Auditing • SQL Trace

  8. Introduction to SQL Server Audit • SQL Server Audit - A note on Performance Impact • % increase in memory utilization • % increase disk i/o • % increase in cpu • What is the Impact of Auditing? • “It Depends” • Synchronous /Asynchronous • Scope of Audit Specifications • Best Practice • Test in Non-Production Environment • Initiate/Sample with a Narrow Scope

  9. Introduction to SQL Server Audit • SQL Server Audit • First introduced in SQL Server 2008 • Event tracking and logging system based on Extended Events • Full operation in Enterprise edition of SQL Server 2014 • Fine-grained auditing (Database level) • Basic auditing in other editions of SQL Server 2014 (Server level) • Comprised of: • Audits • Server and Database Audit Specifications • Actions and Action Groups • Targets

  10. Introduction to SQL Server Audit • Improved Resilience • On Audit Shut Down Server • On Audit Log Failure: Continue • On Audit Log Failure: Fail Operation • Custom User Events • sp_audit_write • Ability to Determine T-SQL Method Used

  11. Introduction to SQL Server Audit • Leveraged by Extended Events - Is a lightweight operating system level eventing engine for servers outside of the SQL Engine • Is designed to be able to process any type of event (auditable events) • Can be integrated with Event Tracing for Windows (ETW) Extended SQL Engine Event Engine

  12. Configuring SQL Server Audit

  13. Configuring SQL Server Audit • Configuring SQL Server Audit is a process: • Create an audit and define the target • Create an audit specification (server or database) • Enable the audit and the audit specification • Read the output events

  14. Configuring SQL Server Audit Configure Server Create Server Enable Audit Monitor and or Database Audit Specification Audit Review Specification

  15. Audit Actions and Action Groups

  16. Audit Actions and Action Groups • Audit actions are additional tasks that can be performed when events occur. Action groups are predefined sets of events that can be used instead of defining individual events. • Categories of actions • Server • Database • Audit • Server audit state changes are always audited • Action Groups • Large number of predefined action groups for each audit category are provided • Simplify setup and management of audits

  17. Defining Audit Targets

  18. Defining Audit Targets • Results of an audit are sent to a target • File • 1 MB Minimum • 2,147,483,647 TB Max Size or Disk Capacity if Unlimited is Configured • Windows Application Event Log • Windows Security Event Log • Results must be reviewed and archived periodically • Security of audit targets • Be cautious with application log as any authenticated user can read it • Writing to security event log requires the SQL Server service account to be added to "Generate Security Audits" policy

  19. Creating Audits

  20. Creating Audits Configure Server Create Server Enable Audit Monitor and or Database Audit Specification Audit Review Specification

  21. Creating Audits Configuration Comment Audit name Name for the audit Queue delay (in milliseconds) Amount in time before audit actions 0 = Synchronous must be processed On Audit Log Failure Continue Shut Down Server Fail Operation Audit destination Audit Target; File or Event Log Maximum rollover files Maximum number of files to retain (only for files) Maximum file size (MB/GB/TB) Maximum size of each audit file Reserve disk space Indicates whether disk space for the audit files should be reserved in advance Maximum files Caps the number of audit files

  22. Creating Audits • Queue Delay - A bit more on configurations specifics: • Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. • A value of 0 indicates synchronous delivery. • The default minimum value is 1000 (1 second). • The maximum is 2,147,483,647 (2,147,483.647 seconds or 24 days, 20 hours, 31 minutes, 23.647 seconds).

  23. Creating Audits • On Audit Log Failure - Continue - A bit more on configurations specifics: • SQL Server operations continue. Audit records are not retained. The audit continues to attempt to log events and will resume if the failure condition is resolved. Selecting the Continue option can allow unaudited activity which could violate your security policies. Select this option when continuing operation of the Database Engine is more important than maintaining a complete audit. This is the default selection.

  24. Creating Audits • On Audit Log Failure – Shut Down Server - A bit more on configurations specifics: • Forces a server shut down when the server instance writing to the target cannot write data to the audit target. The login issuing this must have the SHUTDOWN permission. If the logon does not have this permission, this function will fail and an error message will be raised. No audited events occur. Select this option when an audit failure could compromise the security or integrity of the system

  25. Creating Audits • On Audit Log Failure – Fail Operation- A bit more on configurations specifics: • In cases where the SQL Server Audit cannot write to the audit log this option causes database actions to fail if they would otherwise cause audited events. No audited events occur. Actions which do not cause audited events can continue. The audit continues to attempt to log events and will resume if the failure condition is resolved. Select this option when maintaining a complete audit is more important than full access to the Database Engine.

  26. Creating Audits • Audit File Maximum Limit -A bit more on configurations specifics: • Maximum rollover files • Specifies that, when the maximum number of audit files is reached, the oldest audit files are overwritten by new file content. • Maximum files • Specifies that, when the maximum number of audit files is reached, any action that causes additional audit events to be generated will fail with an error. • Unlimited check box • When the Unlimited check box under Maximum rollover files is selected, there is no limit imposed on the number of audit files that will be created. The Unlimited check box is selected by default and applies to both the Maximum rollover files and Maximum files selections. • Number of files box • Specifies the number of audit files to be created, up to 2,147,483,647. This option is only available if Unlimited is unchecked.

  27. Creating Audits • Maximum File Size -A bit more on configurations specifics: • Specifies the maximum size for an audit file in either megabytes (MB), gigabytes (GB), or terabytes (TB). • You can specify between 1024 MB and 2,147,483,647 TB. • Selecting the Unlimited check box does not place a limit on the size of the file. • Specifying a value lower than 1024 MB will fail, returning an error. • The Unlimited check box is selected by default.

  28. Creating Audits • Reserve Disk Space - A bit more on configurations specifics: • Specifies that space is pre-allocated on the disk equal to the specified maximum file size. • This setting can only be used if the Unlimited check box under Maximum file size is not selected. • This check box is not selected by default.

  29. Creating Server Audit Specifications

  30. Creating Server Audit Specifications Configure Create Server Enable Audit Monitor and Server Audit Specification Audit Review Specification

  31. Creating Server Audit Specifications • Define the actions that should be audited and the Audit that the results should be sent to • Can be configured in GUI or T-SQL CREATE SERVER AUDIT SPECIFICATION FailedLoginSpec FOR SERVER AUDIT Audit-20121222-171544 ADD (FAILED_LOGIN_GROUP);

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WALK THROUGH GST AUDIT Organised by - WIRC of ICAI 4th May 2019 - CA Pranav Kapadia 1

WALK THROUGH GST AUDIT Organised by - WIRC of ICAI 4th May 2019 - CA Pranav Kapadia 1

WALK THROUGH GST AUDIT Organised by - WIRC of ICAI 4th May 2019 - CA Pranav Kapadia 1 Original GST Compliance Landscape GSTR 1 GSTR 2A GSTR 2 GSTR 3 GSTR 1A Audit Report GSTR 9 Form GSTR 9C Books of Account 2 Current GST

859 views • 62 slides
LEASE EXTENSIONS PRESENTATION TO OWNERS OF MARINERS WALK MARINERS WALK AGM 30 th JULY 2012

LEASE EXTENSIONS PRESENTATION TO OWNERS OF MARINERS WALK MARINERS WALK AGM 30 th JULY 2012

LEASE EXTENSIONS PRESENTATION TO OWNERS OF MARINERS WALK MARINERS WALK AGM 30 th JULY 2012 David Robson MA(Oxon) MSc MRICS Tom Merralls (LLB) Solicitor Why should I extend my lease? Valuation and legal services How do we progress

622 views • 23 slides
CS 6453: Parameter Server Soumya Basu March 7, 2017 What is a Parameter Server? Server for

CS 6453: Parameter Server Soumya Basu March 7, 2017 What is a Parameter Server? Server for

CS 6453: Parameter Server Soumya Basu March 7, 2017 What is a Parameter Server? Server for large scale machine learning problems Machine learning tasks in a nutshell: Feature (1, 1, 1) Training Extraction (2, -1, 3) (5, 6, 7)

520 views • 21 slides
Ti e E ffi cient Server Audit Problem, Deduplicated Re-execution, and the Web Cheng Tan, Lingfan

Ti e E ffi cient Server Audit Problem, Deduplicated Re-execution, and the Web Cheng Tan, Lingfan

Ti e E ffi cient Server Audit Problem, Deduplicated Re-execution, and the Web Cheng Tan, Lingfan Yu, Joshua B. Leners*, and Michael Wal fj sh NYU Department of Computer Science, Courant Institute *Two Sigma Investments company Amazon Web

805 views • 65 slides
1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of

1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of

1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of the Application that runs on the server. It is a Microsoft application that is designed to enable people to Collaborate on documents. 3 One feature

434 views • 18 slides
The Winter Walk at Wisley The Winter Walk at Wisley The Winter Walk at Wisley The Winter Walk at

The Winter Walk at Wisley The Winter Walk at Wisley The Winter Walk at Wisley The Winter Walk at

The Winter Walk at Wisley The Winter Walk at Wisley The Winter Walk at Wisley The Winter Walk at Wisley The Winter Walk at Wisley The Winter Walk at Wisley Daphne bholua Chimonanthus praecox Luteus Edgeworthia chrysantha grandiflora

487 views • 27 slides
Briefing on 2012 Operations Audit Nancy Traweek Director, System Operations Board of Governors

Briefing on 2012 Operations Audit Nancy Traweek Director, System Operations Board of Governors

Briefing on 2012 Operations Audit Nancy Traweek Director, System Operations Board of Governors Meeting General Session May 16-17, 2012 Operation Audit Background Independent audit review required by tariff Compliance with operations

85 views • 4 slides
Recent Developments in the PulseAudio World Arun Raghavan Collabora Feature-rich audio server

Recent Developments in the PulseAudio World Arun Raghavan Collabora Feature-rich audio server

Recent Developments in the PulseAudio World Arun Raghavan Collabora Feature-rich audio server Convenient client API Some rough bumps early on Lots of FUD afterwards More and more people love us Okay, fine More and more people don't hate us

699 views • 37 slides
Briefing on Scop e of 20 12 Fina ncia l Aud it Audit Committee of the ISO Board of Governors

Briefing on Scop e of 20 12 Fina ncia l Aud it Audit Committee of the ISO Board of Governors

www.pwc.com Briefing on Scop e of 20 12 Fina ncia l Aud it Audit Committee of the ISO Board of Governors General Session December 13-14, 2012 Agend a Our Audit Objectives Overall Audit Strategy Key Audit Areas Perspectives on Fraud Risk

295 views • 13 slides
Going Concern Audit Opinions in the Age of Covid-19 Some Thoughts Marshall A. Geiger Going

Going Concern Audit Opinions in the Age of Covid-19 Some Thoughts Marshall A. Geiger Going

Going Concern Audit Opinions in the Age of Covid-19 Some Thoughts Marshall A. Geiger Going Concern Audit Opinions in an Age of Covid-19 First, lets take a quick walk down memory lane Going Concern Audit Opinions in an Age of

552 views • 37 slides
ACADEMIC STAFF MQA Self-Accreditation Audit Recommendation 21 9-12 July 2012 Review criteria

ACADEMIC STAFF MQA Self-Accreditation Audit Recommendation 21 9-12 July 2012 Review criteria

MQA Self-Accreditation Audit 9-12 July 2012 AREA 5 ACADEMIC STAFF MQA Self-Accreditation Audit Recommendation 21 9-12 July 2012 Review criteria for Disseminate selection of to faculties Professors The panel recommends that the current

387 views • 17 slides
AUDIT ISSUES 2012-2013 School Year TRANSPORTATION AUDIT RESULTS CAUSE OF ERRORS 154

AUDIT ISSUES 2012-2013 School Year TRANSPORTATION AUDIT RESULTS CAUSE OF ERRORS 154

AUDIT ISSUES 2012-2013 School Year TRANSPORTATION AUDIT RESULTS CAUSE OF ERRORS 154 transportation audits scheduled Auditing 2012-2013 school year As of June 13 th we had results of 139 GOOD NEWS Transition Year With 65

569 views • 14 slides
Be Inspired. Get Connected. Walk MS. Be Inspired. Get Connected. Walk MS. OBJECTIVES

Be Inspired. Get Connected. Walk MS. Be Inspired. Get Connected. Walk MS. OBJECTIVES

Be Inspired. Get Connected. Walk MS. Be Inspired. Get Connected. Walk MS. OBJECTIVES Identify ways to make an impact through Walk MS. Be equipped to demonstrate boldness and enthusiasm when asking friends and family to join you in

407 views • 29 slides
Adaptive Mobile Web Design with a server side flavour James Rosewell & Thomas Holmes 1st

Adaptive Mobile Web Design with a server side flavour James Rosewell & Thomas Holmes 1st

Adaptive Mobile Web Design with a server side flavour James Rosewell & Thomas Holmes 1st June 2012 Explain Server Side options Objective = Efficient use of 1. your time 2. resources (server, client and data network) 1st June 2012 Agenda

626 views • 51 slides
Windows Server 2003 Windows Server 2008 Windows Server 2012 Hardwar are Innovat ation ion

Windows Server 2003 Windows Server 2008 Windows Server 2012 Hardwar are Innovat ation ion

Windows Server 2003 Windows Server 2008 Windows Server 2012 Hardwar are Innovat ation ion Hardwar are Innovat ation ion X86 Symmetric X64 Servers Multi-Processor Multi-Core Servers (2- (SMP) Servers 4 cores per socket)

504 views • 34 slides
Net-FM 4.0 SQL Server and beyond Slide 1 MS SQL Server and Oracle Support ICC 2016 ICC 2016

Net-FM 4.0 SQL Server and beyond Slide 1 MS SQL Server and Oracle Support ICC 2016 ICC 2016

ICC 2016 ICC 2016 Net-FM 4.0 SQL Server and beyond Slide 1 MS SQL Server and Oracle Support ICC 2016 ICC 2016 Supported databases: Oracle 11g and above (all Net-FM modules) MS SQL Server 2012 and above (Space Management and

270 views • 9 slides
Ohio Auditor of State Update No ve mb e r 6, 2019 Auditor of State Update Pro c ure me nt

Ohio Auditor of State Update No ve mb e r 6, 2019 Auditor of State Update Pro c ure me nt

11/12/2019 Ohio Auditor of State Update No ve mb e r 6, 2019 Auditor of State Update Pro c ure me nt Unifo rm Guida nc e pro c ure me nt upda te s we re disc usse d in prio r ye a r AOS upda te , re c a p a nd disc uss furthe r c ha

347 views • 9 slides
Audit Reports Guide Table of Contents Audit Reports Available Reports Accessing

Audit Reports Guide Table of Contents Audit Reports Available Reports Accessing

Audit Reports Guide Table of Contents Audit Reports Available Reports Accessing Reports Viewing Reports Audit Attestation What to Review How to Attest Technical Information 2 Audit Reports As

564 views • 17 slides
Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial

Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial

Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: Vitaly Shmatikov, Univ Texas at Austin Query Audit Problem Maintaining privacy of data Auditor Q 1 Q 2 Q n Database

305 views • 27 slides
U.S. Department of Housing and Urban Development Office of Housing Counseling Facilitated by

U.S. Department of Housing and Urban Development Office of Housing Counseling Facilitated by

U.S. Department of Housing and Urban Development Office of Housing Counseling Facilitated by Booth Management Consulting 7230 Lee Deforest Drive, Suite 202 Columbia, MD 21046 Understanding Internal Controls March 26, 2019 at 2 PM EST 1

336 views • 30 slides
Audits of NFA Letters OAC 3745 300 14 Certified Professional 8 Hour Training Audits of

Audits of NFA Letters OAC 3745 300 14 Certified Professional 8 Hour Training Audits of

Audits of NFA Letters OAC 3745 300 14 Certified Professional 8 Hour Training Audits of NFAs Performed annually on NFA letters submitted during the prior calendar year in request of a CNS Performed by the Ohio EPA Required by

589 views • 17 slides
Inspections Dealing with Difficult Situations Medmarc Insurance Webinar June, 2017 Steven

Inspections Dealing with Difficult Situations Medmarc Insurance Webinar June, 2017 Steven

Inspections Dealing with Difficult Situations Medmarc Insurance Webinar June, 2017 Steven Niedelman Lead Quality System & Compliance Consultant King & Spalding LLP 1700 Pennsylvania Ave., NW Washington, DC 20006 202-626-2942

566 views • 29 slides
Preparing for a Brave New World: The Centralized Partnership Audit Regime William A. Schmalzl

Preparing for a Brave New World: The Centralized Partnership Audit Regime William A. Schmalzl

Preparing for a Brave New World: The Centralized Partnership Audit Regime William A. Schmalzl Kristin M. Mikolaitis Partner, Chicago Partner, New York 312-701-7225 212-506-2265 wschmalzl@mayerbrown.com kmikolaitis@mayerbrown.com May Y.

586 views • 35 slides
Committee Meeting Opening 2 Board Bylaws: Committees 3 Board Bylaws: Committees Board may

Committee Meeting Opening 2 Board Bylaws: Committees 3 Board Bylaws: Committees Board may

Board Finance & Audit July 16, 2020 Committee Meeting Opening 2 Board Bylaws: Committees 3 Board Bylaws: Committees Board may create committees May appoint one or more individuals (board members and non-members) 4 Board Bylaws:

410 views • 17 slides

More recommend