970
Part VII: Monitoring and Auditing
is reached and an action causes a new audit event to be recorded, the action that caused
the event fails. To understand more about max_files, review create server audit.If the target is the Windows Security Log, then there are special security permissions
and confi gurations required. See http://msdn.microsoft.com/en-us/library/
cc645889.aspx for detailed information.SQL Server 2012 provides additional Transact-SQL stack frame information. Having this
additional information can help auditors determine whether a query was called by an appli-
cation or by a stored procedure.Using T-SQL
You can create the SQL Server Audit object using the CREATE SERVER AUDIT
command. The following example creates the same SQL Server Audit object (refer to
Figure 42-1):CREATE SERVER AUDIT [SQL Server 2012 Bible Audit]
TO FILE (
FILEPATH = N'C:\SQLData',
MAXSIZE = 64 MB,
MAX_ROLLOVER_FILES = 2147483647,
RESERVE_DISK_SPACE = OFF
)
WITH (
QUEUE_DELAY = 1000,
ON_FAILURE = CONTINUE
)You can also modify the SQL Server Audit object using an ALTER command.Beginning with SQL Server 2012, SQL Server Audit has the capability to fi lter audit events
before being written to the audit log. You can accomplish this by including a where clause
in the create server audit statement.CREATE SERVER AUDIT [SQL Server 2012 Bible Audit]
TO FILE (
FILEPATH = N'C:\SQLData',
MAXSIZE = 64 MB,
MAX_ROLLOVER_FILES = 2147483647,
RESERVE_DISK_SPACE = OFF
)WITH (
QUEUE_DELAY = 1000,
ON_FAILURE = CONTINUE
)
WHERE Object_name = 'SensitiveData';c42.indd 970c42.indd 970 7/31/2012 10:17:48 AM7/31/2012 10:17:48 AM
http://www.it-ebooks.info