Current location - Education and Training Encyclopedia - Education and training - How to Write Server Audit Events to the Security Log
How to Write Server Audit Events to the Security Log
In a highly secure environment, the Windows security log is an appropriate place to write events accessed by recorded objects. Other audit locations are also supported, but they are more vulnerable to tampering.

There are two key requirements for writing SQL Server server audits to the Windows security log:

Audit object access settings must be configured to capture events. You can use the best configuration method according to your operating system.

In Windows Vista and Windows Server 2008, use the audit policy tool (

auditpol.exe

)。 Audit policies and procedures are open.

Audit object access

Multi-sub-policy settings in categories. To allow SQL Server audit object access, configure

Settings generated by the application.

For earlier versions of Windows, the Audit Policy tool is not available. Please use the Security Policy snap-in (secpol.msc) instead.

)。 If available, the audit policy is the preferred policy, because more granular settings can be configured.

The account running the SQL Server service must have

Generate security audit

Permission to write to the Windows security log. By default, local service and network service accounts have this right. If SQL Server is running under one of the accounts, this step is not required.

When the Windows audit policy is configured to write to the Windows security log, it may affect the audit of SQL Server. At this time, if the audit policy is not configured correctly, it may lead to the loss of events. Typically, the Windows security log is set to overwrite old events. This keeps the latest events. However, if the Windows security log is not set to overwrite the old events, the system will issue the Windows event 1 104 when the security log is full. At this point:

Security events will no longer be logged.

SQL Server will not be able to detect whether the system can record events in the security log, which may lead to the loss of audit events.

The log behavior will return to normal after the machine administrator repairs the security log.

Administrators of SQL Server computers should be aware that the local settings of security logs may be overridden by domain policies. In this case, the domain policy can override the subcategory settings (

Audit/Acquisition/Subcategory: "Application Generated"

)。 This may affect the ability of SQL Server to record events, and it is impossible to detect whether the events that SQL Server tries to audit will not be recorded.

You must be a Windows administrator to configure these settings.

Related articles
  • What does it mean for a woman to dream that someone else will take the exam for me?
  • Judicial expertise personnel training pilot class
  • I'm not majoring in computer science. Can you find a good job by taking the training of software development after graduation?
  • Which is better, the virtual hall or Bollywood? Which one is better?
  • How much does Hefei charge for outward bound training?
  • Does Xiamen do laser acne?
  • How about the training instructor evaluation form?

    How to write training and learning suggestions

    I was lucky enough to attend this employee training course. After a period of course study

  • Measures for the investigation and management of hidden dangers of production safety accidents in Shandong Province
  • What are the places and places to play badminton in Yangzhou? How much is the telephone charge? Thank you for your detailed answers!
  • How to fill in the safety education and training files of enterprise employees?

    • copyright 2024 Education and Training Encyclopedia All rights reserved