What SQL Audit Means at Bsafe
|
|
|
SQL auditing is the monitoring and review of SQL statements that have been executed on your systems. Bsafe Information Systems develops and produces two SQL audit software products - one for the IBM i midrange computer (iSeries, AS400) and one covering multiple platforms including MS SQL Server, IBM mainframe (z/OS) and iSeries.
|
|
|
The first of these products is Bsafe/Enterprise Security, a comprehensive security product for the protection and auditing of iSeries computes. The second product - the Cross Platform Audit - includes many related audit features such as data audit and the graphical Application Analyzer.
|
|
|
Here, we shall present specifically the SQL audit features of these products. Other product features are covered in more detail on other pages of this website.
|
|
Capturing the SQL Statements
|
|
First of all, the SQL statements are monitored as they are executed on the source computers - IBM mainframe, iSeries and SQL Server (see also SQL Server Auditing) - and logged on those computers locally. SQL statements originating on the iSeries and MS SQL Server platforms are immediately available for preview and audit via the Bsafe/Enterprise Security Manager. To audit SQL Statements logged on mainframes, you need to first import them into the CPA, something highly recommended for the other platforms too - as you'll see below. |
|
Direct SQL Statement Auditing for a Single Computer
|
|
|
SQL statements monitored on MS SQL Server and IBM i (AS400) databases are available for viewing by the administrator or auditor the moment they have been executed. This can be done anywhere on the network; the SQL Server audit screenshot below shows transactions of a local SQL Server instance.
|
|
|
|
|
|
Each SQL command can be displayed in detail, showing the SQL syntax used.
|
|
|
|
|
Making a Multi-Platform SQL Audit
|
|
|
An auditor's task can be made easier by having SQL statements grouped together from different computers. The Cross-Platform Audit lets you import SQL audit data from your mainframe, iSeries and SQL Server platforms, into a single, consolidated database. Once there, you can review SQL statements from different servers for a selected client IP address, or for a selected user. This is done using ‘global users' - virtual users you can create that represent any number of selected users on different platforms.
|
|
Graphical Analysis of SQL Statements
|
|
|
Consolidation of the SQL audit data from many computers and viewing it from the perspective of a user or client IP address gives you the ability to take full advantage of the Cross Platform SOC Analyzer. In the example below, SQL statement activity can be seen across multiple computers. The graph segments can be drilled-down to list the actual SQL audit events logged and these, in turn ,can be drilled down to show the SQL Statement detail.
|
|
|
|
|
|
See also:
|
|
|
|
|
|
