SQL Server Auditing and Maintaing Logs

Hi,

We are currently in process of building a large ERP solution and one of the requirement is to generate a report (We are using SSRS report Server) of who did what. Management wants a capability to be able to generate a report that could tell them x person created n records in Entity1, m records in Entity2 and so on.

So the most logical solution was to add a Log table for each entity and build a trigger for every Insert Update and Delete.

However, the same information can be extracted from the Transaction Logs as well. Atleast that is an idea I am working with. Can someone point me in the right direction here, as I have been entrusted to explore the possible solutions (Tools that can do that). The idea I am working on is that we should not be required to re-invent the wheel and there should be SQL Server tools that should be able to do that and much more.

Any help in this matter will be much appreciated and I understand, this is a subjective question but I will try my best to do the justice with most suitable response(s).

Thanks in Advance.
Amit
AmitJain001Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Ryan McCauleyConnect With a Mentor Data and Analytics ManagerCommented:
It looks like you're using SQL 2008 - have you checked into Change Data Capture (CDC)?

http://technet.microsoft.com/en-us/library/bb522489(v=sql.105).aspx

It's built to monitor tables for changes and write the details of those changes to a logging table that can later be queried for a summary report. This would be the easiest way I can think of to track table-by-table changes.

You could create triggers like you're suggesting, and that might be easy if all you care about is "this user inserted X records into table 1, updated Y records in table 2, and deleted Z records from table 3", but it will be difficult to track all the column-level changes via triggers (and what happens if you add new columns later). CDC would allow you to capture as much (or as little) detail as you want, and I think it would meet your needs.
0
 
AmitJain001Author Commented:
And I forgot to mention, points will also be awarded to the expert(s) for bringing out valid pros and cons of this approach, or advises a better approach.

Thanks,
Amit
0
 
Anthony PerkinsCommented:
I agree about CDC.  A big problem with using a TRIGGER is that more than likely the user is not available to the TRIGGER.

One caveat with CDC is that it is Enterprise Edition only.
0
 
Ryan McCauleyData and Analytics ManagerCommented:
Good call - I didn't realize it was an Enterprise-only feature.

As Anthony mentions, whatever user is making the DML change will also need rights to the place the trigger is writing the data tracking entries. Maybe not a big deal, but something to consider.
0
 
AmitJain001Author Commented:
Thank You Guys. I was initially inclined towards using a Third Party Tool such as ApexSQL LOG or PowerBroker Database for extracting information from Transaction Log but it seems SQL Server 2008 R2 has simplified extracting information from Log files using CDC.

Will definitely explore more in this regard. Thanks Ryan, yours is the most valuable feedback and certainly gives me something to dive into.
0
All Courses

From novice to tech pro — start learning today.