Third-Party Audit-Logging Options

Third-party transaction-log analyzers and gateways can audit logs and process and filter SQL Server traffic. Here’s a quick glimpse at the functionality such products provide:

Third-party transaction-log analyzers. SQL Server 2005 keeps relational tables and other objects in .mdf- and .ndf-file data pages and tracks data-page changes in transaction logs (in .ldf files). These transaction-log files are in a proprietary binary format. By analyzing a backed-up transaction log, the third-party tools can provide auditing capabilities without slowing production-server performance.

Third-party gateways. A gateway uses a listener agent on the SQL Server network port to collect and process all SQL Server traffic and filter out the interesting stuff, such as failed logins, schema changes, and dml statements run from query tools rather than production applications. This can be an effective vendor-agnostic database solution. One problem with this approach is that it might not perform optimally with encrypted data. Any database connections passing privileged information should be encrypted on the wire, but encryption makes the gateway’s job very difficult since the encrypted traffic appears to be gibberish. The gateway would need to unencrypt the traffic to make sense of it. Another potential issue is multi-instance server port tracking. A gateway must work with the SQL Browser service, which manages connections and ports.