Skip to content

c2-audit-mode-server-configuration-option.md

Latest commit

 

History

History
59 lines (47 loc) · 3.15 KB

c2-audit-mode-server-configuration-option.md

File metadata and controls

59 lines (47 loc) · 3.15 KB
title c2 audit mode Server Configuration Option | Microsoft Docs
description Get acquainted with C2 audit mode, a SQL Server configuration option that can help you profile system activity and track possible security policy violations.
ms.custom
ms.date 03/02/2017
ms.prod sql
ms.prod_service high-availability
ms.reviewer
ms.technology configuration
ms.topic conceptual
helpviewer_keywords
auditing [SQL Server]
audits [SQL Server], C2 Audit Mode option
C2 auditing
C2 Audit Mode option
recording attempts
ms.assetid 5a8d73a6-c4f6-4967-ba11-ecbcfc90b9cc
author markingmyname
ms.author maghan

c2 audit mode Server Configuration Option

[!INCLUDE SQL Server]

C2 audit mode can be configured through [!INCLUDEssManStudioFull] or with the c2 audit mode option in sp_configure. Selecting this option will configure the server to record both failed and successful attempts to access statements and objects. This information can help you profile system activity and track possible security policy violations.

Note

[!INCLUDEssNoteDepFutureAvoid] The C2 security standard has been superseded by Common Criteria Certification. See the common criteria compliance enabled Server Configuration Option.

Audit Log File

C2 audit mode data is saved in a file in the default data directory of the instance. If the audit log file reaches its size limit of 200 megabytes (MB), [!INCLUDEssNoVersion] will create a new file, close the old file, and write all new audit records to the new file. This process will continue until the audit data directory fills up or auditing is turned off. To determine the status of a C2 trace, query the sys.traces catalog view.

Important

C2 audit mode saves a large amount of event information to the log file, which can grow quickly. If the data directory in which logs are being saved runs out of space, [!INCLUDEssNoVersion] will shut itself down. If auditing is set to start automatically, you must either restart the instance with the -f flag (which bypasses auditing), or free up additional disk space for the audit log.

Permissions

Requires membership in the sysadmin fixed server role.

Example

The following example turns on C2 audit mode.

sp_configure 'show advanced options', 1 ;  
GO  
RECONFIGURE ;  
GO  
  
sp_configure 'c2 audit mode', 1 ;  
GO  
RECONFIGURE ;  
GO

See Also

RECONFIGURE (Transact-SQL)
Server Configuration Options (SQL Server)
sp_configure (Transact-SQL)