What Can SQL Server Auditing Provide?
SQL Server 2008 introduced a
totally new audit logging facility which is critical
to enterprises storing sensitive information and/or processing important transactions
in today’s demanding compliance environment.
SQL Server Audit is flexible in terms of audit policy and comprehensive in relation
to the breadth and depth of objects and actions that can be audited. However, the
audit data generated by SQL Server needs additional refinement and processing before
it can be relied upon as a usable audit trail and managed by your existing log
LOGbinder SQL Bridges the Gap between SQL Server and Your SIEM
The audit records generated by SQL Server audit are cryptic and difficult to understand.
Basically, one log record format is used for documenting everything from an insertion
on a table to a modification of a stored procedure. And while SQL Server can write
events to the security log or Syslog, it uses the same event ID for all events, and the IDs
and keywords are not resolved. Thus, it requires in-depth knowledge of the SQL audit
model in order to decipher events.
Frees SQL audit logs from their proprietary format
The preferred and highest performance option for audit log output results in a proprietary
file format that cannot be parsed by log management/SIEM solutions using typical
text log file-based parsing engines.
Our LOGbinder SQL collector, processes the proprietary formatted
SQL Server audit log and enriches SQL Server’s cryptic and generic audit messages
to produce an easy-to-understand audit log event which then outputs to the Windows
event log, where any log management or SIEM solution can collect, alert, report, and
Enriches SQL audit logs without impacting SQL Server performance
LOGbinder SQL can be installed either on the SQL server itself or, to eliminate any
impact on business database functions, you can deploy a separate server with the
LOGbinder SQL collector, processing audit logs from multiple SQL Servers via share folders.
Raw Audit Event from SQL Server
statement: EXEC sp_addrolemember N'MyAudit', N'public'
Same Event After LOGbinder SQL Processing
Event ID: 24020
Add member to database role succeeded
A principal was successfully added to a database role
Action Group: DATABASE_ROLE_MEMBER_CHANGE_GROUP
Occurred: 9/16/2010 12:35:30.0000000 PM
Session ID: 54
Domain name: n/a
Statement: EXEC sp_addrolemember N'MyAudit', N'public'
For more information, see http://logbinder.com/support
Connects SQL Audit to Your SIEM
LOGbinder SQL fills a critical gap between enterprise database servers and audit
log management solutions, allowing you to obtain a clearly-written and easy-to-understand
audit log that is accessible to your existing log management solution. Similar
to our efforts with LOGbinder SP, we are working with log management and SIEM
solution providers to build recommended alerts and reports into their systems
for SQL server audit logs processed by LOGbinder SQL.
Download LOGbinder SQL Now!
Or if you want further information
on this new solution, please