C2 Logging on SQL Servers 2573

  • Hello,
    If C2 audit logging on the SQL server is crippling the system what can one do to mitigate the risk of not having this audit turned on.
    Can I just write it into my IT policy that the company accepts the risk and leave it turned off?
    Thanks in advance. 🙂

  • Hi - C2 logging may be ‘overkill’ for some of your SOX 404 compliancy needs, as you’re logging a lot of ‘successes’ that may be in the normal job roles for individuals. Still, if this is a financial server system, you may have to log some level of successes on sensitive transactions.

    1. You can throw more ‘iron’ at the problem by beefing up server, network, moving to latest SQL-Server and Windows Server editions (2008 versions). I’d only go that route if you absolutely had to on a very mission critical finanical system, as it’s expensive.
    2. If you’re logging too many successes, finding a true issue is like finding a needle in a haystack. You can look at a more customized approach where you log ‘failures’ and then only the most sensitive ‘successes’ (many companies take this route - and maybe working with your external SOX auditors can lead to a good compromise)
      More on C2 logging can be found in links below:
      http-and-#58;//www.google.com/search?hl=en-and-q=c2 audit mode

Log in to reply