LOGbinder Blog

Updates, Tips and News   RSS Feed  

«  Dealing with large amount... | LOGbinder SP use of SQL P... »

SQL Server Audit Support in Different Editions and Versions

Sat, 23 Nov 2013 14:02:05 GMT
***This article was has been updated with the release of SQL Server 2017.  The updated article is located here.

SQL Server 2012 made SQL Server Audit partially available to all editions. Until SQL Server 2012, this true, native auditing feature (introduced in SQL Server 2008) was only available in Enterprise and Datacenter editions. Starting with SQL Server 2012,the server-level auditing portion of SQL Server Audit was made available to all editions, leaving only the more granular database-level auditing still exclusive to the Enterprise edition.

SQL Server Audit is based on actions and action groups. The audit can contain server-level audit specification and database-level audit specifications:
  • Server-level auditing consists of server-level audit action groups, which include server operations, such as security operations involving logins, roles and permissions, logon and logoff operations, database backup and restore,manipulation of certain database-, server-, and schema objects.
  • Database-level auditing is auditing at the database scope, and it is set on each database individually. This feature is not available in all editions of SQL Server, only in Enterprise editions. Database-level auditing utilizes database-level audit action groups, and database-level audit actions.
    • The database-level audit action groups cover some similar areas as the server-level audit groups, if applicable, but at the database level.
    • Additionally to auditing action groups,database-level auditing also enables auditing certain individual actions, such as SELECT, INSERT, UPDATE, DELETE, EXECUTE, RECEIVE, and REFERENCES. These database-level audit actions can be restricted to a specific database, an object (such as table, view, stored procedure), or a schema.
Here is a summary of the SQL Server Audit support in the different editions:

 Edition  SQL Server 2008 and 2008 R2  SQL Server 2012 and 2014
 Enterprise
 Server- and database-level Server- and database-level
 Evaluation  Server- and database-level Server- and database-level
 Developer  Server- and database-level Server- and database-level
 Datacenter  Server- and database-level N/A
 Business Intelligence  None  Server-level
 Standard  None  Server-level
 Web  None  Server-level
 Express  None  Server-level

So where does LOGbinder SQL fit into the SQL audit equation? LOGbinder SQL can be installed on any Windows server running SQL Server 2008 or later regardless of the edition, including Express. It does not need to be installed on Enterprise edition. The requirement is that the SQL Server that is being audited is:

  1. Set to produce audit events.
  2. Set to output these audit events to a location accessible to LOGbinder SQL.
The audit file can then be accessed and processed by LOGbinder SQL and made available for your SIEM / log management solution.

To summarize, audit logs could move the following way:


Comments disabled

powered by Bloget™