Page History

The Privileged User Auditing tab of the Registered SQL Server Properties window allows you to change the audit settings currently applied to privileged users on this SQL Server instance. You can choose to audit event categories and user-defined events. An event category includes related SQL Server events that occur at the server level. A user-defined event is a custom event you create and track using the the sp_trace_generateevent stored procedure.

...

When you update audit settings to audit privileged user activities, these changes are not applied until the SQL trace is refreshed. The SQL trace is refreshed when the SQL Compliance Manager Agent sends the trace files to the Collection Server. To ensure an immediate application of your new audit settings, click Update Audit Settings Now on the Agent menu.

Image RemovedImage Added

Available actions

...

Allows you to select one or more privileged users to audit. You can select privileged users by login name or by the membership to a fixed server role.

...

Allows you to remove the selected SQL Server login or fixed server role from the list of audited privileged users. When you remove the login or role, the SQL Compliance Manager Agent no longer collects events recorded for that login or the role members.

Available fields

Privileged users and roles to be audited

...

• • • Logins
    • Logouts
    • Failed logins
    • Security changes
    • Administrative actions
    • Database definition (DDL)
    • Database modification (DML)
    • Database SELECT operations
    • User-defined events
    • Filter events based on access check.

Capture SQL statements for DML and SELECT activities

...

Ensure the Collection Server and the target SQL Server computers have ample resources to handle the additional data collection, storage, and processing. Because this setting can significantly increase resource requirements and negatively impact performance, choose this setting only when your compliance policies require you to audit SQL statements.

...