audit

Suggestions for implementing audit tables in SQL Server?

One simple method I've used in the past is basically just creating a second table whose structure mirrors the one I want to audit, and then create an update/delete trigger on the main table. Before a record is updated/deleted, the current state is saved to the audit table via the trigger. While effective, the data in the audit table is...

Data Auditing in NHibernate and SqlServer

I'm using NHibernate on a project and I need to do data auditing. I found this article on codeproject which discusses the IInterceptor interface. What is your preferred way of auditing data? Do you use database triggers? Do you use something similar to what's dicussed in the article? ...

What is the best implementation for DB Audit Trail?

A DB Audit Trail captures the User Last Modified, Modified Date, and Created Date. There are several possible implementations: SQL Server Triggers Add UserModified, ModifiedDate, CreatedDate columns to the database and include logic in Stored Procedures or Insert, Update statements accordingly. It would be nice if you include implem...

How to Audit Database Activity without Performance and Scalability Issues?

I have a need to do auditing all database activity regardless of whether it came from application or someone issuing some sql via other means. So the auditing must be done at the database level. The database in question is Oracle. I looked at doing it via Triggers and also via something called Fine Grained Auditing that Oracle provides. ...

Good pattern or framework for adding auditing to an existing app?

I have an existing J2EE enterprise application to which I need to add auditing, i.e. be able to record CRUD operations on several important domain types (Employee, AdministratorRights, etc.). The application has a standard n-tier architecture: Web interface Business operations encapsulated within a mixture of stateless session beans a...

How do you implement audit trail for your objects (Programming) ?

I need to implement an audit trail for Add/Edit/Delete on my objects,I'm using an ORM (XPO) for defining my objects etc. I implemented an audit trail object that is triggered on OnSaving OnDeleting Of the base object, and I store the changes in Audit-AuditTrail (Mast-Det) table, for field changes. etc. using some method services ca...

Counting the number of deleted rows in a SQL Server stored procedure

In SQL Server 2005, is there a way of deleting rows and being told how many were actually deleted? I could do a select count(*) with the same conditions, but I need this to be utterly trustworthy. My first guess was to use the @@ROWCOUNT variables - but that isn't set, e.g. delete from mytable where datefield = '5-Oct-2008' se...

best design for a changelog / auditing database table?

i need to create a database table to store different change log/auditing (when something was added,deleted,modified,etc). i dont need to store particularly detailed info, so i was thinking something along the lines of: id (for event) user that triggered it event name event description timestamp of the event am i missing something her...

How to audit when a user leaves an ASP.NET app

In ASP.NET, I'm looking for a way to audit a user leaving my application. To be specific, I'd like to insert a 'logout' record in an audit table in SQL Server when the user's session is abandoned/destroyed for any reason (not necessarily because of a call to session.abandon) I have a 'SessionHelper' class that manages the session setter...

How should I audit changes in a MySQL table (using MySQL 4)?

I have been asked to audit any/all changes in a MySQL table. Does anyone know of any tools out there to help me do this or do I need to write my own solution? If I write my own audting, my initial thought it to make a separate table and build a string of changes in the PHP code. Something like "fieldname1 -> oldvalue | fieldname2 -> old...

Audit Schema Mapping with Hibernate and AOP

Hi, I am trying to audit the action that the user performed that resulted in changes to corresponding tables. For example if a user were to transfer money between 2 accounts this would generate the following sequence of events: Insert transfer amount into Transfer table Subtract transfer amount from balance in Balance Table for Accoun...

Audit trails and implementing SOX/HIPAA/etc, best practices for sensitive data

I consider myself to be relatively proficient in terms of application design, but I've never had to work with sensitive data. I've been wondering about what the best practices were for audit trails and how exactly one should implement them. I don't have to do it right now, but it'd be nice to be able to confidently talk with a medical co...

SQL Server: Modifying the "Application Name" property for auditing purposes

As we do not implement the users of our applications as users in SQL server, when the application server connects to a database each application always uses the same credentials to attach to each database. This presents an auditing problem. Using triggers, we want to store every update, insert and delete and attribute each to a particul...

Implementing Audit Trail for Objects in C#?

I'm looking for ideas on how to implement audit trails for my objects in C#, for the current project,basically I need to: 1.Store the old values and new values of a given object. 2.Record creation of new objects. 3.Deletion of old object. Is there any generic way of doing this,like using C# Generics,so that I don't have to write code f...

Script or tool to enumerate windows users and groups

I'm auditing an existing Windows 2000 server that's plagued with non-expiring passwords, stray users, and groups pointing to SharePoint and Interdev-created accounts. What's the best way to enumerate each group, display the resource that the group points to (it's show in the description field of Local Users and Groups), and display all ...

SQL Server 2005 Change Auditing

Is there a built in way in SQL Server 2005 to audit things specifically like deleting a stored procedure? Is there a history table that I can query? We have a mystery sproc that has disappeared a few times now. ...

How to test that I configured Subversion Path Based Authorization in the right way?

The problem is about security settings of the Subversion repository served trough the Apache web server. I use the Path Based Authentication to protect some company information from external collaborators. I need something that tests that the authorization is given the people I want, i.e. I need to check that I hadn't make mistakes in t...

Tool to Audit Code Moves to production Web Servers?

My team recently received the results of an External Audit and we must correct one item. They want us to change the way we move code to our production environment. We currently use source control and a ticketing system for all code changes and move requests etc.. The problem comes in with how the code is pushed to our production webser...

Maintaining audit log for entities split across multiple tables

We have an entity split across 5 different tables. Records in 3 of those tables are mandatory. Records in the other two tables are optional (based on sub-type of entity). One of the tables is designated the entity master. Records in the other four tables are keyed by the unique id from master. After update/delete trigger is present on ...

What reporting is available for svn?

We are in the process of moving to SVN. Unfortunately for us, we are audited periodically, where the auditors require information like: Histories of changes to files History of access to SVN New files Added Changes in files Is there a tool which can produce these reports for us (or some of these)? ...