/administration/auditing
AUDITING
This feature can be enabled upon request. Please contact support for instructions.
Create an Audit Database Table
Before you can configure auditing you will need to create a SQL Server database on your network. Although you can create the audit database on the same server where Enzo Server is running, it is recommended to create an external database for stronger separation of duties. Use SQL Server Management Studio to connect the SQL Server you will be using to store the audit log, and create a database using the CREATE DATABASE T-SQL command (or ask a database administrator to help you).
Once the database has been created, run the following command on the database to create the audit log table:
--CREATE DATABASE database_name; --GO; --USE database_name; --GO; SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[EnzoRxLog]( [EnzoRxLogID] [bigint] IDENTITY(1,1) PRIMARY KEY NOT NULL, [RequestTime] [datetime] DEFAULT (getutcdate()) NOT NULL, [ServerName] [nvarchar](128) NULL, [InstanceName] [nvarchar](128) NULL, [ListenerType] [nvarchar](30) NULL, [ListenerName] [nvarchar](128) NULL, [CommEvent] [nvarchar](30) NULL, [Namespace] [nvarchar](128) NULL, [Schema] [nvarchar](128) NULL, [Handler] [nvarchar](128) NULL, [Operation] [nvarchar](30) NULL, [Login] [nvarchar](128) NULL, [Hostname] [nvarchar](128) NULL, [ClientIPAddress] [nvarchar](50) NULL, [ClientMAC] [nvarchar](20) NULL, [Application] [nvarchar](128) NULL, [Pid] [int] NULL, [Spid] [int] NULL, [RequestBytes] [bigint] NULL, [RequestArguments] [nvarchar](max) NULL, [RequestFilter] [nvarchar](max) NULL, [ResponseTime] [datetime] NULL, [ResponseBytes] [bigint] NULL, [ResponseColumns] [nvarchar](max) NULL, [ResponseRows] [int] NULL, [ErrorValue] [int] NULL, [ErrorMsg] [nvarchar](max) NULL ) GO CREATE NONCLUSTERED INDEX [IX_EnzoRxLog_Login] ON [dbo].[EnzoRxLog] ( [RequestTime] ASC, [Login] ASC ) GO CREATE NONCLUSTERED INDEX [IX_EnzoRxLog_Adapter] ON [dbo].[EnzoRxLog] ( [RequestTime] ASC, [Namespace] ASC, [Schema] ASC, [Handler] ASC ) GO
You may need to create additional indexes to support the queries you will be running against the audit log.
You can point multiple installations of Enzo Server to the same audit log. One of the fields in the log contains the Enzo Server server name so you can filter audit by server.
Configure Auditing
To configure the audit log you must edit the EnzoUnifiedSvc.exe.config; this configuration file is found under the install directory of Enzo Server. Add the following section under the listeners node, set the connection string to the database that will store the audit data, and restart the Enzo Server service.
To use an SSPI context for database connection string, the service name running Enzo Server must have access to the database. Enzo Server only performs INSERT operations to the audit log database.
<txRequestLogging> <dbRequestLogs> <dbRequestLog name="auditlog" type="mssql" connectionString="Data Source=servername;Database=dbname;User ID=uid;Password=pwd" /> </dbRequestLogs> <fileRequestLogs> <fileRequestLog name="default" /> </fileRequestLogs> </txRequestLogging>
Accessing the Audit Log
When configured, the log is stored on an external database of your choice and contains key audit fields, operation, and whether the operation succeeded or failed. To access the log, connect to the database that was configured to store the audit and execute this command:
SELECT TOP 100 * FROM EnzoRxLog
Because the audit log is stored externally and not directly accessible through Enzo Server, all 'sa' activity is logged and cannot be altered through Enzo. This provides strong separation of duties for information security purposes.
In addition, this audit log contains payload size of result data and the number of rows returned, allowing charge back allocation if desired.