MSSQL server audit

By -
MSSQL Server Auditing on AWS RDS

Enable MSSQL Server Auditing on AWS RDS

To enable MSSQL server auditing on AWS RDS, please follow these steps:

  1. Login to AWS console and go to RDS.
  2. Create an option group under RDS > Option groups
  3. Give name as 'SqlServerAudit'
  4. Provide description as 'Option group for SQL Server audit'
  5. Choose the engine as same as the one used while creating the database in RDS.
  6. Choose the latest engine version. Save.
  7. Go to RDS > Option groups and select the radio button on the option group you just created
  8. Click on Add Option.
  9. Select SQLSERVER_AUDIT under “Option name”
  10. Choose the S3 bucket name where you want to keep the audit files once they grow more than the specified limit.
  11. Choose the appropriate IAM role with write access to the S3 bucket.
  12. Scheduling > Immediately and then click on “Add Option“.
  13. Go to RDS > Databases and select the database where you want to attach the auditing. Click on Modify button
  14. Go to Database options and then in the “Option Group“ dropdown select the option group created in step 5.
  15. Continue, apply immediately and then click on Modify DB instance.

SQL auditing logs will now be uploaded to the S3 bucket.

After doing the above setup, enable audits at the server and database level by performing the following steps on the database (master):

  1. Provide permissions to the user who is going to create audits
    2. USE master;
    GRANT ALTER ANY SERVER AUDIT TO <user_creating_auditing>;

    USE <database>;
    GRANT ALTER ANY DATABASE AUDIT TO <user_creating_auditing>
  2. Define SQL Server Audit
    3. CREATE SERVER AUDIT [TestDBAudit] TO FILE
    (      FILEPATH = N'D:\rdsdbdata\SQLAudit\'
          ,MAXSIZE = 10 MB
    )
    WITH
          (QUEUE_DELAY = 1000
          ,ON_FAILURE = CONTINUE
    )
    ALTER SERVER AUDIT [TestDBAudit] WITH (STATE = ON)
  3. Define server audit specifications
    4. CREATE SERVER AUDIT SPECIFICATION [SERVER_LEVEL_AUDIT_SPEC]
    FOR SERVER AUDIT [TestDBAudit]
    ADD (APPLICATION_ROLE_CHANGE_PASSWORD_GROUP), 
    ADD (AUDIT_CHANGE_GROUP),
    ... (other action groups)
    WITH (STATE = ON)
  4. Define database audit specifications
    5. use <the_db_to_use>;
    CREATE DATABASE AUDIT SPECIFICATION [TEST_DB_AUDIT_SPEC]
    FOR SERVER AUDIT [TestDBAudit]
    ADD (APPLICATION_ROLE_CHANGE_PASSWORD_GROUP) ,
    ADD (AUDIT_CHANGE_GROUP),
    ... (other action groups)
    WITH (STATE = ON)

To view the audit logs on RDS, run the following query. The logs will be returned until they are archived and uploaded to the S3 bucket (step 9 above):

SELECT * FROM msdb.dbo.rds_fn_get_audit_file
('D:\rdsdbdata\SQLAudit\*.sqlaudit' , default , default )

The audit logs will be pushed to the configured S3 bucket as soon as they reach the configured size (10 MB in our case). You can download the logs from there afterward.

Note: There is no additional performance overhead by enabling the audits. Refer to Microsoft forums for more details: Performance Impact for SQL Server Audit and Microsoft Documentation.

Comments

Post a Comment

Popular posts from this blog

Unmarshall SOAP Message (XML) to Java Object using JAXB

By -
Hello Visitor, In this blog post I will guide you to Unmarshall the SOAP message using JAXB to your Java Object. You might have already tried it and some of you have got the below exception when unmarshalling a soap message, then this post will help you recovering the unmarshall error. javax.xml.bind.UnmarshalException: unexpected element  (uri:"http://schemas.xmlsoap.org/soap/envelope/", local:"Envelope"). Expected elements are <{}Envelope> Here is the SOAP message which we want to unmarshall to Java object:    <soap:envelope xmlns:ns1="http://mynamespace.com/ns1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:body> <ns1:updatemydetails> <ns1:items> <ns1:id>1</ns1:id> <ns1:name>crazy coders</ns1:name> <ns1:email>crazycoders4u@gmail.com</ns1:email>
Read more

Circuit breaker implementation in spring boot2

By -
Image
What is it Circuit breaker is a design pattern used in modern software development. It is used to detect failures and encapsulates the logic of preventing a failure from constantly recurring, during maintenance, temporary external system failure or unexpected system difficulties. The Circuit breaker pattern helps to prevent such a catastrophic cascading failure across multiple systems. The circuit breaker pattern allows you to build a fault tolerant and resilient system that can survive gracefully when  key services are either unavailable or have high latency. White box libraries There are many libraries which claim that they have successfully implemented the Circuit Breaker Design Pattern. Few of them are: Hystrix : Opensource Library designed by Netflix. This is the best library available as of today but it  is no longer in active development, and is currently in maintenance mode. Because of this reason we have kept it out from our scope. Sentinel : Opensource Library designe
Read more

Hibernate inserts duplicate child on cascade

By -
At times we all use hibernate's cascade feature to cascade the child entries into database for OneToMany and ManyToMany relationships. If it is a first entry in DB then everything works fine but when we want to update the number/quantity of child of an existing parent, hibernate adds duplicate children. Assume the parent already exists with few children. Below is the relationship: Parent Mapping for OneToMany with Child: @OneToMany(targetEntity = ChildrenImpl.class, mappedBy = "parent", orphanRemoval = true, fetch = FetchType.LAZY) @Cascade(value = CascadeType.ALL) private List<Children> children = new ArrayList<Children>(); Child Mapping with parent ManyToOne @ManyToOne(targetEntity = ParentImpl.class, fetch = FetchType.LAZY) @JoinColumn(name = "PARENT_ID") private Parent parent; Below is the code which leads to duplicate children. Children newChild = new ChildrenImpl(); newChild.setName("I am a new child"); /* More setters here *
Read more