Delen via


c2 audit mode Option

C2 audit mode can be configured through SQL Server Management Studio or with the **c2 audit mode **option in sp_configure. Selecting this option will configure the server to record both failed and successful attempts to access statements and objects. This information can help you profile system activity and track possible security policy violations.

Note

The C2 security standard has been superseded by Common Criteria Certification. See the common criteria compliance enabled Option.

Audit Log File

C2 audit mode data is saved in a file in the default data directory of the instance. If the audit log file reaches its size limit of 200 megabytes (MB), SQL Server will create a new file, close the old file, and write all new audit records to the new file. This process will continue until the audit data directory fills up or auditing is turned off. To determine the status of a C2 trace, query the sys.traces catalog view.

Important

C2 audit mode saves a large amount of event information to the log file, which can grow quickly. If the data directory in which logs are being saved runs out of space, SQL Server will shut itself down. If auditing is set to start automatically, you must either restart the instance with the -f flag (which bypasses auditing), or free up additional disk space for the audit log.

Permissions

Requires membership in the sysadmin fixed server role.

Example

The following example turns on C2 audit mode.

sp_configure 'show advanced options', 1 ;
GO
RECONFIGURE ;
GO

sp_configure 'c2 audit mode', 1 ;
GO
RECONFIGURE ;
GO