Auditing database activity

Each database has an associated transaction log file. The transaction log is used for database recovery. It is a record of transactions executed against a database. See The transaction log.

The transaction log stores all executed data definition statements, and the user ID that executed them. It also stores all updates, deletes, and inserts and which user executed those statements. However, this is insufficient for some auditing purposes. By default, the transaction log does not contain the time of the event, just the order in which events occurred. It also contains neither failed events, nor select statements.

Auditing is a way of keeping track of the activity performed on a database. When you use auditing, additional data is saved in the transaction log, including:

  • All login attempts (successful and failed), including the terminal ID.
  • Accurate timestamps of all events (to a resolution of milliseconds).
  • All permissions checks (successful and failed), including the object on which the permission was checked (if applicable).
  • All actions that require DBA authority.

You cannot stop using a transaction log while auditing is enabled for a database. If you want to turn off the transaction log, you must first turn off auditing.


Controlling auditing
Retrieving auditing information
Adding audit comments
Auditing example
Auditing actions outside the database server