looking for a reliable tool to capture DML/DDL including Selects on tables for PCI compliance

  • Hi, Iam currently trying different log reader tools from Quest, Appex, Idera. Actually my task is to find a tool that will capture all DML/DDL operations on tables including Select statements.

    Quest and Apex tools do not capture Select, Idera does but it uses trace which can be done without purchasing it. Just maybe somebody can share his experience with using log reading tools. Thank you in advance, LL

  • Have you tried Lumigent Log Explorer?

    MJ

  • I googled it now and saw that the company withdrew it from the market from January 1 2009, not available for purchase or evaluation. LL

  • No log reader tool is going to do what you want, because selects are not logged. To get all operations, including selects, you'll need to use a profiler trace or a 3rd party tool that uses a profiler trace,

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Thank you for your reply, actually I am looking for a tool that will use both, logs and trace. So far I saw only tools that only read logs or only use trace as technology, ex Quest Litespeed or Idera compliance management. Thanks to MANU I looked at Lumingent Audit Db tool that combines both and asked them for evaluation. LL

  • The lumigent tool that you would want to look at it called AuditDB and can be found at this LINK. Having had to support both SOX and HIPAA, that product was the only one that I found that could do it without homegrowing something fairly substantial on your own.

    David

    @SQLTentmaker

    “He is no fool who gives what he cannot keep to gain that which he cannot lose” - Jim Elliot

  • llokshin (2/13/2009)


    Thank you for your reply, actually I am looking for a tool that will use both, logs and trace.

    Why? Logs, while they can be used for some autiting, are not designed for auditng and will not contain all info that may be required (host name, app name). I also don't know how much security info is in there.

    Frequently reading logs on a busy server can be time consuming and may even slow the server down, since the disk head is no longer in place to write log records.

    Trace, however, is designed for auditing, and done properly doesn't cause a large performance impact.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Thank you David, I read it and already sent them an email for a quote, let's see if we can afford it. LL

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply