?

Recently, the SQLServerCentral.com labs had the chance to

get a sneak peak at Lumigent?s latest creation, Entegra, which is scheduled to

ship in the second week in December. Entegra monitors database activity and

provides a complete record of access to the data and changes to database

structure and permissions. In short, it allows a company to perform advanced

auditing of their databases without the use of triggers. This product is built

from the ground up as an enterprise product, with Oracle slated for 2003 and

other DBMSs behind that.

?

Unlike Lumigent?s previous product, Log Explorer, Entegra

can consolidate all the servers? audits into a single point of record

repository. ?Entegra builds upon Log Explorer?s award winning technology to

provide enterprise-class data access accountability. Log Explorer provides

interactive, on-demand database transaction analysis and selective, on-line

data recovery. Designed to always be running, Entegra provides full-time

alerting on critical database access, and recording of audit data into a

structured repository for analysis, reporting, and regulatory or policy

compliance,? stated Michael Grabscheid, Vice President for Marketing at

Lumigent.

?

Entegra in a Nutshell

In a nutshell, Lumigent installs a small extended stored

procedure on each of the servers that you?d like to audit. There is also a

Collection Agent (deployed as a Windows service) that combs your transaction

logs periodically looking for certain events that the administrator defines.

When an event is found, it is passed to the Repository Agent (also a Windows

service) and it is then inserted into a common repository. The auditor can then

look into the repository using a custom report or the out of the box solution

that Lumigent provides.

?

This solution is geared at companies that have to comply

with strict regulations, whether governmental, internal or from a customer. It

provides a single area to look at the history of the data and who has modified

it during the life of a record. It does not use triggers to perform this so

impact on your server is minimal.

Hands-on With Entegra

The installation of Entegra went for me without a hitch

despite its lengthy list of prerequisites. First you must install the Java 2

SDK, followed by the Jakarta Tomcat web server software, then finally the

Microsoft JDBC Driver. That?s before you even install Entegra. These

prerequisites power the reporting engine that I?ll discuss later. Being a

Microsoft purest, I was disappointed that Entegra couldn?t use IIS, which is

already installed on most administrator?s PCs. The Jakarta footprint is very

light though and didn?t use more than a few megabytes of RAM even when I was

requesting large reports. Much of the choice to use Jakarta I?m sure is to keep

Entegra an open-ended solution that not only appeals to Microsoft enthusiasts

but also Unix ones as well.

?

Once the product is installed, you can launch the

Entegra Management Console (shown below with the server names blurred), which

utilizes the common Microsoft Management Console (MMC). I like this integration

quite a bit as you can snap-in the Lumigent components into your SQL Server

Enterprise Manager and unify the two tools.

?

?

If you didn?t know better, you would think you

were in Enterprise Manager. The entire installation process for adding new

audited servers, Collection Agents, and Repository servers is driven through

very simple wizards.

?

After you walk through a simple wizard, Entegra

will install a service on the Collection Server, which reads the log files and

passes the data to the Repository. On a very active OLTP system, it is

recommended that your Collection Agent be on a separate server from the audited

system. Most DBAs however will find the minimal impact of the Collection Agent

fine for living on the same system as their audited database.

?

At a server-level, you can set the Collection

Agent to alert you on given events through e-mail (shown below). You can

configure Entegra to e-mail you on events such as database restores occurring

or someone failing to login. This alone is a pretty powerful option that takes

out tons of configuring SQL Server operators. The email is configured under the

Notification tab. I would recommend that you send the e-mail to a distribution

list rather than one person so it can be rectified by the first available

person.

?

?

If a user were to create a table inside your

audited Northwind database and alerts were turned on, you?d receive the

following message in e-mail:

?

The user DEVSQL created

a new table named "TestTable" in the "Northwind" database

on FSNDBAZ.? The user

was logged in via an application that identified

itself

as "SQL Query Analyzer" from the computer BKNIGHT.

?

If a user were to mistype the sa password and this event was

being monitored, you would receive the following message:

?

The user sa attempted to

log in to DEVSQL from the computer BKNIGHT, using an application that

identified itself as "SQL Query Analyzer".? The login attempt failed.

?

As mentioned earlier, as data is collected, it?s passed to a

central repository. This is what makes the solution an enterprise solution. You

can have 100 servers all reporting to a consolidated system. The repository can

then be seen through a previously mentioned web server. By selecting the Entegra

Browser in your Entegra program group, a login page will appear asking you for

a SQL Server login to sign into the Repository.

?

Once you?re signed in, you can drill into the data. The

below screenshot shows you a condensed view of the reporting engine. You can

click on an individual tab to sort or filter out given data. You can filter out

given tables, types of transactions, users or dates to help you track down the

data you?re looking for.

?

?

You can also double-click on a row to see the details on the

transaction as shown below:

?

?

When performing detective work, you can single-click on a row,

you will see the key in bottom of the browser. If you select that key, you will

then see the history of that row from the initial insert all the way to the

last update. This is a fantastic way to track down criminal behavior and to see

who made a malicious change to your data. Tracking down the culprit is of

course dependent on him signing in with his own login name.

?

?

At any time you can take a snapshot of your report in

printable form by clicking on the Print Report button. This will output the

report to Adobe Reader format.

?

Lumigent has built the Repository to be an open-ended

database that you can run Crystal Reports against or any custom reporting

solution. During the pre-review interview Michael Grabsheid stated, ?We don?t

want to be in the report writing business?. This approach is apparent in the

out-of-the-box reporting engine. Lumigent spent their research money in a

killer collection agent but the reports in this reviewer?s eyes seemed clunky

and lacking. I found the reporting system very slow when paging through

records, requiring up to 10 seconds when moving to a new page. The reporting

features themselves were fantastic, but the speed was a problem.

?

There was also no built-in selective purge process. There is

an overall purge process built into the console but it purges all your data. It

would be nice to see a method to purge from a begin date to end date. Additionally,

purge processes would be nice to remove certain ?noise data? after a certain date

and leave the rest for research or prosecution purposes. Lumigent has stated

though that they will provide customers a query to purge their repository.

?

These two gripes can be worked through when you have a

product that does what no other product does in the industry. Trying to come up

with a similar solution would result in a company spending thousands of hours

to develop their own solution. Lumigent is currently working on adding the

ability to audit every SELECT event as well.

?

Conclusion

Simply put, there is no stronger data monitoring system on

the market. Entegra provides an invaluable non-invasive enterprise solution for

finding who did what when. DBAs, security analysts, and auditors will find this

to be an essential tool in the toolkit for day-to-day work. After they own

Entegra for a few weeks, they won?t know how they did their job before without

it before.

?

Entegra is priced as an enterprise solution. The initial

investment if you want to monitor data modifications starts at $5,000 (includes

the core engine and data modification agent). For more information, see the

pricing section below. This price tag may give sticker-shock to many smaller

companies.

?

Rating

Specifics

Vendor Information

Lumigent

Phone: (866) LUMIGENT
Address: 289 Great Road Acton, MA 01720 USA
E-mail : info@lumigent.com?
Website : http://www.lumigent.com

Pricing

Entegra Core Engine
Price : $3,000
Includes: 5 Alert Agents, multiple management consoles, 1 data

repository, 1 report server (supports unlimited browser clients)

Data Modification Agent
Price : $2,000 per server
Purpose: Collects and creates an audit trail for data modification

Alert Agent
Price : $300 per server
Purpose:

Data Repository (optional)
Price : $1,500 per additional repository
Purpose: Receives and stores information collected from data

modification and alert agents. One is included in the core engine. Add

additional repositories for large systems or to segment collected data.

Note: By purchasing the core engine (required), you will receive a

lot of what you need to get started. If you want to monitor data modification

versus just DDL changes, you would have a $5,000 investment (Core Engine plus

the Data Modification Agent).

?30 day full demos are available of all Lumigent Products

?