🏹 SQL Audit – See Through Walls

Posted on by Hiram

It’s #TSQLTuesday and I received a question that occurs any day of the week. I hadn’t posted anything in a few days, so I thought I’d share this one. Hope it helps.

A Friend Asked

  1. Does the native audit feature has any GUI where we can see the reports ( example:- List of the users whose access level has changed in last 3 months)
  2. Does the native audit tool has feature to audit the users based on the condition from where they are logging in and what they are doing  ( example:- User A connect through SSMS and using query windows to update a table should be audited but if he/she connects with SSMS and use SQL server agent to run update it should not be monitored )
  3. What is the best practices for selective/customized auditing if we want to audit for DML,DDL ,access ,configuration?

Reply

  1. Yes
  2. Yes and you can also build a Power BI or SSRS report on top of the audit data with click-through or drill-down filtering.
  3. There’s no recommended best practice per say, you audit what you’re interested in. This is completely up-to you.  You can see samples here: https://github.com/hfleitas/TrinityGhoul

wish-ender

Sincerely,
Hiram

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.