Excerpted from Brad’s Sure Guide to SQL Server 2008, which is available as a free eBook.
Previous versions of SQL Server have included a variety of built-in ways to audit activity inside SQL Server. These included:
Login Auditing: Only tracks user login successes and/or failures. Results are sent to the OS Application Log.
SQL Server Profiler (SQL Trace) Audit and Related Events: Profiler includes over 40 specific audit events, and over 130 additional events that can be traced. Results are stored in trace files.
DDL Triggers: DDL triggers can be added to a database to identify when any DDL event occurs.
C2 Audit Mode: This former auditing standard (now superseded by Common Criteria Compliance) uses SQL Trace to capture audit events, which are stored in trace files.
Common Criteria Compliance: A new international auditing standard which also uses SQL Trace to capture data, which are stored in trace files.
None of the above methods offer much granularity, most are not easy to administer, and with the exception of Login Auditing, they can add a large amount of overhead to running SQL Server, hurting its performance.
To help overcome these problems, SQL Server 2008 includes a feature called SQL Server Audit. SQL Server 2008 Enterprise Edition includes all of the features described in this article, which includes both the SQL Auditing Foundation and Fine Grained Auditing. SQL Server 2008 Standard Edition only provides the SQL Auditing Foundation. Continue reading →