Linq to SQL Audit Trail / Audit Log: should I use triggers or doddleaudit?

Question

Hi, I'm working on a business app that requires that ALL database transactions be audited (for legal purposes mainly).

I've looked around the web and came across DoddleAudit (http://www.codeplex.com/DoddleAudit) which basically adds the ability for Linq to SQL to track the changes. Much like people use Interceptors in Hibernate.

The thing that concerns me with this is the reliability issue. While an audit log on the ORM layer may record everything that happens via code, it won't log any changes if say a someone manually issues an SQL statement against the database, or a hacker etc. Basically the information I'm dealing with is somewhat sensitive. That's what leads me to believe that Triggers is probably the most reliable way. (?)

Other ways to log would be through code, or through stored procedures which seems a bit hacky and unreliable. So I'm basically down to either using triggers or something like DoddleAudit.

I was hoping to get a few opinions though before choosing either.

Answer 1

If you are using SQL Server 2008 (the question didn't specify), have you looked at the support added in that version?

http://msdn.microsoft.com/en-us/library/dd392015.aspx

Answer 2

If the audit is for legal purposes then you have to do it through a certified for compliance methodology. Such methodologyes are very specific to the specific threats being mitigated via audit. You need to read up on Auditing (Database Engine) and more than likely consult a specialist that can give you guidance on the various legal frameworks that surround data audit, specific to your location and domain.

SQL Server has the C2 compliant audit mode, see c2 audit mode Option, which is a certified compliant mode. Linq2sql audit or custom data audit may be brilliant feats of engineering, but they're not gonna hold a drop of water if they are not certified for compliance (and they're not).