Auditing Products for SQL Server


By:   |   Updated: 2006-12-06   |   Comments (2)   |   Related: More > Auditing and Compliance

Preparing Your SQL Servers for an Audit

Free MSSQLTips Webinar: Preparing Your SQL Servers for an Audit

In this webinar we will cover how an auditor typically approaches auditing a system in general and apply this to an audit of a SQL Server environment.


Problem

With the many needs (SOX, HIPAA, internal, etc.) for auditing sensitive data, what are the options available in the market place to audit SQL Server data and code changes?  Do these products automatically collect the data as well as build reports and selectively alert on critical issues?

Solution

Below outlines the SQL Server auditing products on the market with URL's to the product for more information.

ID Offering Data Changes Code Changes Auto Data Collection Reporting Real Time Alerting
1 ApexSQL Audit *   * *  
2 GridApp Clarity's Auditing and Compliance * * * * *
3 Idera Compliance Manager * * * * *
4 Imperva * * * * *
5 Lumigent Audit DB * * * * *
6 Quest Software SQL Watch   * * * *
7 SQL Server Profiler * * *    
8 SQL Server Triggers * * *    

If you know of additional SQL Server auditing products on the market, please let us know and we will update this tip.  Please email the product\technology\tool to [email protected].

Next Steps


Last Updated: 2006-12-06


get scripts

next tip button



About the author
MSSQLTips author Jeremy Kadlec Jeremy Kadlec is the Co-Founder, Editor and Author at MSSQLTips.com, CTO @ Edgewood Solutions and a six time SQL Server MVP.

View all my tips
Related Resources





Comments For This Article




Tuesday, February 11, 2020 - 10:14:17 AM - Anonn Back To Top

Another auditing tool that can be added to the list is IBM's Security Guardium application.  It is similar to trace in that it acts as a network sniffer like Wireshark to capture all SQL being sent to the database so that you can audit what the database administrators are doing or other administrators.  Sort of like policing the police.  It does other auditing functions as well.


Saturday, February 08, 2014 - 9:55:18 AM - Panayiotis Hiripis Back To Top

Hi all,

  I believe you should include Sql Server's change tracking feature. Basically, it is an internal triggerless mechanism to observe dml changes to all tables of a database, with a purging mechanism.   http://technet.microsoft.com/en-us/library/bb933875.aspx   and   http://msdn.microsoft.com/en-us/library/cc305322.aspx



download


Recommended Reading

Auditing Failed Logins in SQL Server

Auditing your SQL Server database and server permissions

Identify SQL Server databases that are no longer in use

SQL Server Login Properties to Enforce Password Policies and Expiration

Audit SQL Server Logins without filling up the Error Log





get free sql tips
agree to terms


Learn more about SQL Server tools