C2 Logging on SQL Servers 2573



  • Hello,
    If C2 audit logging on the SQL server is crippling the system what can one do to mitigate the risk of not having this audit turned on.
    Can I just write it into my IT policy that the company accepts the risk and leave it turned off?
    Thanks in advance. 🙂



  • Hi - C2 logging may be ‘overkill’ for some of your SOX 404 compliancy needs, as you’re logging a lot of ‘successes’ that may be in the normal job roles for individuals. Still, if this is a financial server system, you may have to log some level of successes on sensitive transactions.
    Suggestions:

    1. You can throw more ‘iron’ at the problem by beefing up server, network, moving to latest SQL-Server and Windows Server editions (2008 versions). I’d only go that route if you absolutely had to on a very mission critical finanical system, as it’s expensive.
    2. If you’re logging too many successes, finding a true issue is like finding a needle in a haystack. You can look at a more customized approach where you log ‘failures’ and then only the most sensitive ‘successes’ (many companies take this route - and maybe working with your external SOX auditors can lead to a good compromise)
      More on C2 logging can be found in links below:
      http-and-#58;//www.google.com/search?hl=en-and-q=c2 audit mode

Log in to reply