• Article

Audits (General Page)

Use this page to create, change, or view an audit. For more information on SQL Server Audit, see Understanding SQL Server Audit.

  • Audit name
    The name of the audit. This is generated automatically when you create a new audit but is editable.

  • Queue delay (in milliseconds)
    Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. A value of 0 indicates synchronous delivery. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647 (2,147,483.647 seconds or 24 days, 20 hours, 31 minutes, 23.647 seconds).

  • Shut down server on audit failure
    Forces a server shut down when the server instance writing to the target cannot write data to the audit target. The login issuing this must have the SHUTDOWN permission. If the logon does not have this permission, this function will fail and an error message will be raised.

    As a best practice, this should only be used in cases where an audit failure could compromise the security or integrity of the system.

  • Audit destination
    Specifies the target for auditing data. The available options are a binary file, the Windows Application log, or the Windows Security log. SQL Server cannot write to the Windows Security log without configuring additional settings in Windows. For more information, see How to: Write Server Audit Events to the Security Log.

    Note

    Writing to the Security log is not available on Windows XP.

  • File path
    Specifies the location of the folder where audit data is written when the Audit destination is a file.


  • Opens the Browse For Folder dialog to specify a file path or create a folder where the audit file is written.

  • Maximum rollover files
    Specifies the maximum number of audit files to retain in the file system. When the setting of MAX_ROLLOVER_FILES=UNLIMITED, there is no limit imposed on the number of rollover files that will be created. The default value is UNLIMITED. The maximum number of files that can be specified is 2,147,483,647.

  • Maximum file size (MB)
    Specifies the maximum size, in megabytes (MB), for an audit file. The minimum size that you can specify is 1024 KB and the maximum is 2,147,483,647 terabytes (TB). You can also specify UNLIMITED, which does not place a limit on the size of the file. Specifying a value lower than 1024 KB will raise the error MSG_MAXSIZE_TOO_SMALL. The default setting is UNLIMITED.

  • Reserve disk space
    Specifies that space is pre-allocated on the disk equal to the specified maximum file size. This setting can only be used if MAXSIZE is not equal to UNLIMITED. The default setting is OFF.

Remarks

When you first create an audit, it is disabled. You should enable the audit after you create a server or database audit specification that uses this audit.

File as Audit Destination

The SQL Server service account must have CREATE FILE permissions on the directory where the audit log file is created.

When File is chosen as the Audit destination, SQL Server Audit generates the audit log file name for you and creates using the path that you specify in File path. This is done to ensure that similarly-named audits do not generate conflicting file names. The audit log file name is constructed using the following elements:

  • AuditName - The name of the audit provided when the audit is created.

  • AuditGUID - The GUID that identifies the audit that is stored in the metadata.

  • PartitionNumber - A number generated by SQL Server Extended Events to partition file sets.

  • TimeStamp - A 64 bit integer generated by converting the UTC time when the audit file is created.

  • File extension - sqlaudit

Permissions

To create, alter, or drop a server audit, principals require ALTER ANY AUDIT or CONTROL SERVER permission.