Hi,
I saw in this or the SQL Server Security news group that it's recommended to
store auditing logs on an unused disk drive because auditing logs could grow
wildly. But based on this article
http://www.microsoft.com/technet/security/prodtech/sqlserver/sql2kaud.mspx,
SQL Server doesn't let you log auditable events to an alternative location.
<QUOTE>After you enable C2 auditing for the default database or for an
instance, the database server will log all activity to the data directory
that you specified during the installation process. (SQL Server doesn't let
you log auditable events to an alternative location.) This directory holds
the databases that SQL Server initially created. This directory is also the
default location for all new databases and their transaction log
files.</QUOTE>
Now I'm confused. I have data/transaction logs on one drive, I'm planning
to add additional disk drive specifically for auditing. Is it possible to
direct auditing logs to the new drive?
Thanks,
Bing
Hi Bing
"bing" wrote:
> Hi,
> I saw in this or the SQL Server Security news group that it's recommended to
> store auditing logs on an unused disk drive because auditing logs could grow
> wildly. But based on this article
> http://www.microsoft.com/technet/security/prodtech/sqlserver/sql2kaud.mspx,
> SQL Server doesn't let you log auditable events to an alternative location.
>
> <QUOTE>After you enable C2 auditing for the default database or for an
> instance, the database server will log all activity to the data directory
> that you specified during the installation process. (SQL Server doesn't let
> you log auditable events to an alternative location.) This directory holds
> the databases that SQL Server initially created. This directory is also the
> default location for all new databases and their transaction log
> files.</QUOTE>
> Now I'm confused. I have data/transaction logs on one drive, I'm planning
> to add additional disk drive specifically for auditing. Is it possible to
> direct auditing logs to the new drive?
> Thanks,
> Bing
If you change the default data and log directories in the Database
properties task in Enterprise Manager on the properties page of the instance
(right click) do new audit files get created their (you may need to restart)?
If not you can move the databases away from this location using
sp_detach_db/sp_attach_db or backup/restore see
http://support.microsoft.com/kb/314546. When you do the initial install, the
default location is the system disc e.g. C:\Program Files\Microsoft SQL
Server... this should be changed as filling up the system disc with audit
logs will make the system unusable.
You can move system databases (possibly to different spindles!) as well as
user databases http://support.microsoft.com/kb/224071/ and using different
discs for full text catalogs will also be a way of improving performance
http://support.microsoft.com/kb/240867/ Database data files and log files
should be on separate drive arrays as they perform different types of I/O
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sqlIObasics.mspx
You should also consider what RAID level and resilience you require for
these disc subsystems.
John
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment