October 12, 2007 at 11:37 am
Hello all,
I am in the process of evaluating and choosing proper third party tool for database auditing.
Does anybody have any experience with Idera SQLCompliance, Lumigent AuditDB, Quest InTrust? Any other tools?
I would like to know all problems, bottlenecks, headaches, etc. you experienced. Well, good things help also 🙂
Thank you!
Julia
October 16, 2007 at 1:31 pm
Hi,
I'm not exactly sure which kind of auditing you require. However, if you're looking for something that audits changes made to your database (its schema, code, objects) I suggest you try out SQL CodeSecure. Not only does it audit, it actually protects your database and allows you to set security permisions very easily. It can even rollback changes.
You can find more information about the product on SqlLabs' website:
October 16, 2007 at 2:48 pm
Seen demos of Lumigent's, but haven't actively used any of them. Have Apex SQL Audit, which should probably be on your list. However, what are your requirements with respect to auditing? What are you trying to capture?
K. Brian Kelley
@kbriankelley
October 17, 2007 at 9:11 am
I've tried both Lumigents AuditDB (Entegra at the time) and Idera's SQLCompliance. It's been a couple of years since I've used Lumigents product but here is what I know from back then. Lumigent reads the log files and since the logs only store net changes, Lumigent has to try and rebuild the records... so you have to have FULL recovery model. What we saw was that over 99.9% of the time it worked fine but every so often it could not re-build an UPDATED record. We even tried out their Log reader and it had the same issue with the records. We were not using it for compliance reasons but rather to test a customized replication process so we analyzed 100% of the transactions. They could not repeat all the transaction 100% of the time and worked with their support for over a year on this. In the end they could not figure out why it was happening so we had to abandon their product... but that was couple years ago and hopefully they've made some improvements. We did not get into alerts, filters or archiving so I cannot speak to this about their product.
I'm with a new company and we are currently using Idera's SQLCompliance Manager. It seems to work well and support is good. Idera uses trace files to capture transactions and ships them to a central repository. This is nice because it's not dependent on keeping log files around. The software is easy to install, upgrade and configure. I have not noticed any significant performance impact with the trace files. They have good assortment of alerts which is great to automatically be notified when something happens on a server such as DDL or security changes. I'm hopefully they will continue to expand the alerting capability. They do have issues where they sometimes read the same transaction multiple times causing the same alert to be fired off multiple times. This can be rather annoying, especially when the repeated alerts occur over a day apart. Not sure why this is occurring but support is aware of this and I'm confident they will figure it out. They have a nice archive process which helps keep the main repositories from getting too large. You can filtering events to audit but this is a bit limiting and I'm hoping this will be expanded in a future new release.
Some other issues I have with SQLCompliance Manger besides the duplicated alerts:
- No alerting if central repository is unable to connect to audited database server. This seems rather basic that if the repository cannot connect to the remove server after a specified time frame, send out an email. Not a big deal if you open their software a lot but I would rather not baby sit the product. The remove server can keep trace information until it re-synchs with the repository so nothing should be lost.
- When running reports in SSRS, each database is a separate repository so no current method for viewing all data for all databases... you have to pick one in the report. I've opened a ticket and suggested they use partitioned views but still waiting to see if they use it. You could do this yourself and create your own custom reports. Without this, to me, their reports are a bit worthless... who wants to receive dozens of daily DDL change reports instead of just one with breakdown by server.
- Since the product is for compliance reasons, I would like the ability to define standard audit configuration, verify that all servers match this standard so that I could easily report back that all servers are configured properly. Not a big deal... just a nice to have.
In the end the product works and I think Idera is a good company to work with so I would recommend their product. To be fair though, SQLCompliance Manager was dropped in my lap and I did not compare it to other auditing software such as Apex.
Good luck
David
October 17, 2007 at 4:49 pm
Thank you everyone! Sorry, I was not clear on what needs to be audited: any kind of data access (like select statements, data modification) has to be logged. If you capture select statements you most likely capturing everything else.
David,
Yes, I have similar feelings about Lumigent and Idera.
Looks like, nobody in SQL world is using InTrust tool from Quest.
Thank you!
October 19, 2007 at 11:41 am
We also are pretty happy with Idera's Compliance manager. When I was shopping 6 months ago, I don't think Quest's product had been released yet, so maybe that's why no one has it. Most companies withh give you a free demo for a couple of weeks to try them out.
October 24, 2007 at 9:11 pm
You can also try Enzo Audit - the new release just came out - it's a simpler product, but very effective - it comes with alerting capabilities and a .NET API that allows you to expand the capabilities of the product. Just check it out on the pynlogic website.
Herve Roggero
hroggero@pynlogic.com
MCDBA, MCSE, MCSD
SQL Server Database Proxy/Firewall and Auditing
October 23, 2014 at 8:06 am
We purchased Idera Compliance Manager and found out that it will only track data if it is NOT in a view or SP. Since my company only has views set up for the end users to access PHI data this tool is pretty much useless to us for tracking data.
If anyone is using the Idera Compliance Manager and your company does use views, how are you getting around this obstical?
I did talk to Idera and they say there might be a fix come Feb 2015.
I'm in the process of looking for other diagnostic, tracking, and security tools.
December 10, 2014 at 11:06 am
Not sure who you talked to at Idera that told you that... We audit DML, DDL, Selects and more, including on views, stored procedures, as well as indexes...
I found this post from a prospective buyer of compliance manager that saw this while researching auditing tools for SQL server. He asked about it, I was stumped, but showed him how we do indeed audit views, no problem, in SQL compliance manager. I've been with the company for 3 years and in this time this hasn't been new functionality...
*shrugs*
I'd be happy to demonstrate this or the tool in general to anyone interested in it.
Best,
Robert Vandervoort
Senior Sales Engineer
Idera Software
December 10, 2014 at 12:19 pm
Hi Robert,
I just sent you an email. "Wed 12/10/2014 11:14 AM"
Thanks much
December 18, 2014 at 3:34 pm
I ran this one down and did some testing on my own. It turns out we don't properly show when views access data on a column involved in our "sensitive column auditing" functionality. However, if you set it to monitor select activity on the table that contains said column, it works just fine. This is listed as a bug deferred to development and will be addressed in an upcoming release, likely along the timelines mentioned to you by support. I was not aware of this limitation personally. So, the bottom line is that we CAN audit views, but not using the sensitive column auditing functionality, which, actually, only audits selects that involve a specific column or columns (and in this case, right now, not including views).
Hope this clears the air. I will try my best to remember to report back here when this issue is cleared up.
Thanks, and if anyone has any more questions, feel free to reach out to either myself or my team over at Idera, we're always willing to help!
~R
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply