967
CHAPTER
42
SQL Audit
IN THIS CHAPTER
Confi guring SQL AuditTracking Server EventsS
QL Audit was fi rst introduced with SQL Server 2008. With the release of SQL Server 2012,
several new and enhanced features to SQL Audit are available. This chapter explains what
SQL Audit is and how to start using it, and points out the new features and updates from SQL
Server 2008 to 2012.SQL Audit is based on Extended Events technology; SQL Audit is both lightweight and powerful.
Although you can create your own auditing solution from Extended Events, SQL Audit is an out-of-
the-box solution to leverage Extended Events and collect server and database events. It is fast and
easy to confi gure.Although Extended Events is available for all editions of SQL Server 2008, SQL Audit is available
only for the Enterprise (and Developer) Edition. Beginning with SQL Server 2012, server audit-
ing is available for all editions of SQL Server; however, database audits are limited to Enterprise,
Datacenter, Developer, and Evaluation editions.SQL Audit Technology Overview
It takes several SQL Audit components working together to create a functioning Audit. A SQL Server
Audit object is a bucket that collects the audit events defi ned by a Server Audit Specification and the
Database Audit Specification and sends the audited events to a target. Following are the facts:■ A SQL Server Audit object can be written to by one Server Audit Specifi cation and one
Database Audit Specifi cation per database.
■ A SQL Server Audit can belong to only one SQL Server instance, but there may be several
SQL Server Audits within an instance.
■ A Server Audit Specifi cation defi nes which server-level events will be captured and passed
to the SQL Audit.
■ A Database Audit Specifi cation defi nes which database-level events are captured and passed
to the SQL Audit.c42.indd 967c42.indd 967 7/31/2012 10:17:46 AM7/31/2012 10:17:46 AM
http://www.it-ebooks.info