Enabling C2 Auditing in SQL Server

C2 auditing is used to make sure that no action can be performed without being captured to an audit trace file. In this video Brian show you how to enable C2 audit tracing and view the resulting files.

Brian is a SQL Server author, columnist, and MVP focusing primarily on SQL Server security. He currently serves as database administrator / architect at AgFirst Farm Credit Bank where he can focus on his passion: SQL Server. He formerly served as a systems and security architect for AgFirst Farm Credit Bank where he worked on Active Directory, Windows security, VMware, and Citrix. In the technical...

Steve on 3/25/2009

I think your video demonstrations are really great! Reading the books are fine, but learn so much more using video as you can see the theory in action.

B750460146 on 3/25/2009

more on how to control/add/remove tracepoints ?

Mark Horninger on 3/25/2009

Well done!

Mark Horninger on 3/25/2009

Would also be good to cover what is captured in the trace (events and cols)?

Steve Harris on 3/25/2009

Doesn't say why C2 auditing should/would be used. Also doesn't say in what way the trace could be used.

Dugi on 3/25/2009

very nice explanation here for C2 ...thnx Brian !

4F5430C3DD on 3/25/2009

Very useful and concise. Does not take a lot of time.

995751D667 on 3/25/2009

Explaining what Common Compliance auditing that replaced C2 audit;

Tom B. on 3/25/2009

Thanks. I am always interested in learning the extras when it comes to SQL Server. I will try this out.

Tom B. on 3/25/2009

I think the video is perfect, short and concise. The other topics need not be explained here, but in other videos. I think the key is to detail specific information so the user can understand that one point. Other topics related but not specific are target for coverage in other videos.

Richmond Platz on 3/25/2009

clear and precise, talk is a bit fast! No pun intended, LOL

Tony Knowling on 3/25/2009

Good vid, but wonder how huge the trace files will get!!

Shannon Ramirez on 3/26/2009

can you change the directory where the audit file gets placed.. would hate to leave the file in the data folder and get all that fragmintation.. would rather put it on it's own drive...

Mogammad Igsaan Ackers on 3/30/2009

I didnt know what C2 Auditing is, and I kinda expected this video to show me. Otherwise good. Thanks!

Anatoly Goldstein on 4/9/2009

The author is brilliant lecturer, but I think he forgot to mention at the beginning that the method he is demonstrating requires adminitrative access to SQL Server. Meanwhile the latter is designed as an Enterprize Level Data Managaemnt System and is commonly used as a shared DBMS in numerous corporate environments in which application programmers like myself has no admin privilages and so cannot use the demonstrated method. It looks like the lecturer silently assumes that this method is for DBAs having sa access to the SQL Server. Other than that it's a great lecture and I gave it a highest possible score, the author is extremely fluent in SQL Server technology.

Feroz Durani on 5/21/2009

Apreciate if you could show the difference between "Normal Trace File" and 'C2 Audit Trace File"

ChGuo on 8/26/2009

Great

Tonci on 9/21/2009

Great because it was to the point. Still, how to filter, group, etc trace data would be nice to add. Tonci.

Pradeep Kumar Satapathy on 9/28/2009

good

Kenneth on 3/11/2010

This is a nice guide on how to enable C2 Login Auditing.

Kenneth on 3/11/2010

Very nice!

Srinivas on 6/15/2010

Smooth and simple. Good job. Also if you could explain the server side trace audit and talk about the differences, it would give us a better insight into this whole audit world.

Edward on 12/21/2010

Straight to the point..Thanks for explaining the workflow..how to create and view the c2 audit trace

George on 6/28/2011

Very informative

Munna Bhai on 7/23/2011

Great video! Thanks for sharing.

Subir on 8/19/2011

Can you please provide some CDC related video

John O'Sullivan on 8/19/2011

a very good tip

Joe DeMarco on 8/19/2011

Would like to know more about auditing

Kevin Conan on 8/19/2011

Video quality was bad, couldn't read most of the text

Adam Collins on 8/19/2011

I am interested in knowing if the file location of the trace is configurable as well as knowing how much of a performance hit C2 auditing causes in a busy database.

5124CFD2E1 on 8/19/2011

Should have talked about the issues that could occur if the volume hosting the trace file runs out of space. Also, what was the other option for, "Common Criteria Compliance"?

Chuck Myers on 8/19/2011

Good overview of how to enable and view, but I'd like to know more about what is logged and the Common Criteria that is replacing it.

Crescencio on 8/19/2011

Would be nice to add the types of events covered by a C2 audit trace.

Michelle Poolet on 8/19/2011

Would be very useful to know what kind of overhead C2 auditing imposes on the SQL Server.

Mark Hions on 8/19/2011

Couldn't you double-click the trace to open it in Profiler?

WChaster on 8/19/2011

How large does the file grow and how quickly? To stop trace does it require another service restart?

Jacqueline Mornan on 8/23/2011

It would be nice if the presenter explained what C2 audit is before showing how to turn it on.

Scott Schommer on 8/26/2011

Interesting, but I've never heard of C2 auditing before.

jamie on 8/29/2011

too basic

Maurice Ivory on 1/18/2012

I got alot out of this video and was easy to follow

Russell Todd on 1/30/2012

should have said what a c2 audit is