c2 audit mode (server configuration option)
Applies to: SQL Server
C2 audit mode can be configured through SQL Server Management Studio or with the c2 audit mode option in sp_configure. Selecting this option will configure the server to record both failed and successful attempts to access statements and objects. This information can help you profile system activity and track possible security policy violations.
This feature will be removed in a future version of Microsoft SQL Server. Avoid using this feature in new development work, and plan to modify applications that currently use this feature. The C2 security standard has been superseded by Common Criteria Certification. See the common criteria compliance enabled Server Configuration Option.
Audit Log File
C2 audit mode data is saved in a file in the default data directory of the instance. If the audit log file reaches its size limit of 200 megabytes (MB), SQL Server will create a new file, close the old file, and write all new audit records to the new file. This process will continue until the audit data directory fills up or auditing is turned off. To determine the status of a C2 trace, query the sys.traces catalog view.
C2 audit mode saves a large amount of event information to the log file, which can grow quickly. If the data directory in which logs are being saved runs out of space, SQL Server will shut itself down. If auditing is set to start automatically, you must either restart the instance with the -f flag (which bypasses auditing), or free up additional disk space for the audit log.
Requires membership in the sysadmin fixed server role.
The following example turns on C2 audit mode.
sp_configure 'show advanced options', 1 ; GO RECONFIGURE ; GO sp_configure 'c2 audit mode', 1 ; GO RECONFIGURE ; GO