C2 auditing

Discussion in 'Software' started by helensmith, May 25, 2006.

  1. helensmith

    helensmith

    Joined:
    May 19, 2006
    Messages:
    3
    :stupido2: Will any one just help me to find what is C2 auditing? Your help will be much appreciated.
    helensmith, May 25, 2006
    #1
    1. Advertising

  2. helensmith

    The Modfather

    Joined:
    Sep 11, 2005
    Messages:
    2,424
    The US Department of Defense established a set of ratings applicable to security levels of computer systems, based on their capabilities in regard to auditing and discretionary access control. SQL Server 2000 was determined to be compliant with a C2 rating in August 2000 by the National Computer Security Center (more information about the C2 evaluation process is available on the Microsoft Web site at http://www.microsoft.com/technet/tr...l=/technet/security/prodtech/dbsql/sqlc2.asp). This compliance is relevant for companies, which need to secure their computing operations according to the US Government requirements (which applies to most government agencies and contractors).

    C2 auditing records information that goes beyond server-level events, such as shutdown or restart, successful and failed login attempts, extending it to successful and failed use of permissions when accessing individual database objects and executing all Data Definition, Data Access Control, and Data Manipulation Language statements. The audit information contains the timestamp, identifier of the account that triggered the event, target server name, event type, its outcome (success or failure), name of the user's application, and Server process id of the user's connection.

    Audit logs are stored in the Program Files\Microsoft SQL Server\Data\ folder as AuditTrace_yyyymmddhhmmss.trc, where the second part of the name indicates date and time when the log file was created. Size of a log is limited to 200MB, but new ones are generated automatically whenever the old one is full as long as there is available disk space. Otherwise, shutdown of SQL Server is initiated. Ensure that you have sufficient space on your hard drive, as the volume of recorded information is significant. In emergency situations, where no space can be immediately freed for new log files, you can restart SQL Server with the -f flag, which will disregard auditing settings.

    The content of the audit files can be viewed using SQL Server Profiler (you can also import them into a new or an existing table). Alternatively, you can use for this purpose a built-in function fn_trace_gettable, which displays the content of a trace file in a table format (the following sample T-SQL command can be executed from the SQL Query Analyzer):
    The Modfather, May 27, 2006
    #2
    1. Advertising

  3. helensmith

    XhArD

    Joined:
    Aug 30, 2005
    Messages:
    1,709
    Location:
    Queensland, Australia
    i swear every tech question we've had is from the same person, who makes hundreds of accounts. "your help will be much appreciated" one topic after another, and the already dodgy circumstances of having tons of heavy tech questions in a short period of time.
    XhArD, May 27, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jones_net
    Replies:
    2
    Views:
    449
    jones_net
    Oct 22, 2003
  2. Hairy One Kenobi

    Open Source auditing

    Hairy One Kenobi, Feb 2, 2004, in forum: Computer Security
    Replies:
    4
    Views:
    433
    Hairy One Kenobi
    Feb 4, 2004
  3. david_liteman

    international journal of auditing

    david_liteman, Apr 23, 2004, in forum: Computer Information
    Replies:
    0
    Views:
    408
    david_liteman
    Apr 23, 2004
  4. LMOTIKENG@YAHOO.CO.UK

    security auditing processes

    LMOTIKENG@YAHOO.CO.UK, Oct 18, 2006, in forum: Computer Security
    Replies:
    1
    Views:
    856
    Jason
    Oct 20, 2006
  5. Hoss
    Replies:
    0
    Views:
    483
Loading...

Share This Page