Auditing Alternatives with Application User Tracking

I'm looking for an auditing solution that does exactly what Change Data Capture (CDC) does, except I need it to also track the application user that made the change.  I'm currently using SQL Server 2012 Enterprise and may be upgrading to 2014 later
this year.
We already have an auditing solution in place that leverages Delete, Insert, and Update triggers, but some new requirements might force us to update every audit trigger and corresponding audit table.  Given various problems we've run in to with that
solution over the years, this seems like as good a time as any to reevaluate and potentially replace the solution.
To give you an idea of what I'm currently working with (and may be able to leverage), we use a stored procedure (ConnectionInitialize) to store a user id with a SPID in a table (ApplicationUser) and then we delete the row using another stored procedure (ConnectionReset)
once we're done making our deletes, inserts, and updates.
Were we to use CDC, I looked into adding a trigger to something like the cdc.lsn_time_mapping table, but I couldn't find a way to map the LSN back to the SPID (and therefore the user id) that was being used.  This also presented some other issues in
that CDC is always a little bit behind.
I looked into SQL Server Audit a little bit, but that presented some challenges of its own.  We're using Transparent Data Encryption (TDE) to appease some of our security requirements, but SQL Server Audit looks like it'd need a separate encryption
strategy; that and I'm more interested in the columns than in the actual SQL statements.  Even so, these aren't deal-breakers for me, so I'm still looking into it.
Given what I'm trying to accomplish, does anyone have any feedback or recommendations?  I realize that there's another
post that addresses what I'm trying to accomplish.  Unfortunately, adding some sort of "modified by" column to all of our tables isn't a very good option for us.  Given the fact that, that thread was resolved 2 years ago, I'm hoping
there will be some new ideas.

Microsoft does not have a good auditing story. CDC can tell you what was changed, but not my whom. And while SQL Audit can tell you who made the change, it can in the general case not tell you want change; you will only see parameter values.
What is left? Running your own triggers, I'm afraid.
Erland Sommarskog, SQL Server MVP, [email protected]

Similar Messages

  • LMS4.2 NullPointerException with no User Tracking?

    I have just got LMS 4.2 soft appliance up and running. When going to Inventory >> Acquisition summary, I get a HTTP 500 error with
    java.lang.NullPointerException.
    That is obviously a bug somewhere (although the TAC engineer disagrees with me). I am just wondering if this is could have been caused by the fact that I have not done any user tracking on this LMS server yet?
    HTTP Status 500 -
    type Exception report
    message
    description The server encountered an internal error () that prevented it from fulfilling this request.
    exception
    java.lang.NullPointerException
         com.cisco.nm.ani.clients.utng.action.UTDiscoveryStatAction.perform(UTDiscoveryStatAction.java:47)
         org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1786)
         org.apache.struts.action.ActionServlet.process(ActionServlet.java:1585)
         org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:491)
         javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
         javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
         org.ajaxanywhere.AAFilter.doFilter(AAFilter.java:46)
         com.cisco.nm.cmf.util.AccessLogFilter.doFilter(AccessLogFilter.java:128)
    note The full stack trace of the root cause is available in the Apache Tomcat/6.0.33 logs.
    Apache Tomcat/6.0.33

    Usertracking is on by default so after some time it should have gathered UT info.
    You need devices in campus 'Topology' of course.
    UT is a subprocesses of ANIServer so you can't see it running, you can only see it in the status of the collection summary view.
    You can crank up the debug levels to see whats going on.
    Cheers,
    Michel

  • LMS 4.2.2 User Tracking - IP resolving

    Hello,
    I have made a fresh install of LMS 4.2.2 and I have a problem with the user Tracking.
    My architecture :
    A pair of 4500-X running  Version 03.03.00.SG
    10 stack of 2960-S running IOS : 12.2.55.SE5
    The 4500-X are routing cores. Everything is running SNMP V3 and I have entererd the commands for each VLAN :
    snmp-server group SDIS03-GP-RW v3 priv context vlan-x write SDIS03-V-RW
    All equipments are seen correctly by LMS. My problem is the user Tracking does not show the IP Addresses, I only have the MACs. I suppose this is an issue with ARP Table of the 4500-X that are not dowloaded by LMS but I don't konw why.
    I have seen several post on the forum for similar problems but it do not seems to resolv mine.
    Thanks by advance for your ideas.
    Regards,
    Abel.

    I found a reference on the LMS Supported Devices Table:
    The following features are not supported:
    VRF Lite, LANE Management, User Tracking, VLAN Management
    Configuration Deploy Protocols: HTTPs
    Configuration Fetch Protocols: HTTPs
    I wonder if it's due to this fact (mentioned in the 4500-X IOS XE Release Notes):
    The following features are not supported on a Catalyst 4500-X Series switches:
    •CISCO-IETF-IP-FORWARD-MIB
    •CISCO-IETF-IP-MIB

  • User tracking utilities and windows 7 compatibility

    Does anyone knows if user tracking utilies is compatible with windows7 (windows 7 professionnal 64 bits) I tried to install it and "user search band" doesn't show in the toolbar menu.
    Thanks in advance

    First, I think you're confusing UTLite with the User Tracking Utility.  The former is for sending username information to UT while the latter actually sits in the task bar, and allows you to do searches.  UTU 2.0 was just released, but it only supports up to Windows Vista clients.  Windows 7 has not been tested yet, and thus is not officially supported.

  • LMS 4.0.1 and User tracking with SNMP v3

    Hi! (again )
    I've another problem with our new LMS 4.0.1.
    We manage our devices with SNMP v3 but the user tracking don't want to work flawlessly.
    I've attached an example from our SNMP configuration. Basicly it's the same in our devices.
    1st the problem was that no matter what I did the User tracking didn't want to find any host. I left it and worked on something else. After 2 weeks suddenly appeard couple of thousand end host.
    As earlier (LMS 2.6 or 3.2 with snmp v2) it is the same that LMS cannot differentiate normal end host and IP Phones although we have several thousand from both. But this is only one problem.
    The other is that there are switches with the same IOS and SNMP configuration and from one I get the UT data and from another one I didn't get anything. Only from some 4506 (aprox. 12-15) and 6506 (2) works and we have 20+ 4506 and 10+ 6506. Not to mention the other switches (couple of houndred 2960 and 3750).
    I'll be grateful if somebody could advice what to do.
    Thanks
    Gabor

    Understanding Debugger Utility
    The utility displays a report on the reasons why User Tracking failed to discover end hosts on specific ports.
    In many cases, User Tracking may not perform as expected. This may be  because of problems in other LMS applications. For instance LMS Server  may have devices that are not discovered or inadequate VLAN discovery in  Topology Services.
    You can run the utility to troubleshoot problems, or provide the report  and log generated by the utility when you contact TAC for help in  diagnosing problems.
    The debugger utility uses the data collected by LMS Server and reports the reasons for the missing ports in User Tracking.
    This tool also has an SNMP component embedded which runs an SNMP query  for the table as a part of verification for SNMP failure. For example,  SNMP bugs in Catalyst operating system because of which User Tracking  may fail to discover devices.
    This generates an Action Report that you can use to analyze the data.
    The Debugger Utility:
    1. Checks the switch ports in a sequential order.
    2. Reports violation of basic rules for each of the missing ports such as link ports and trunk ports.
    3. Checks for SNMP retrieval of data, if the ports pass the validity check.
    4. Generates an Action Report suggesting possible remedial actions to retrieve the valid missing ports.
    Using Debugger Utility
    The Debugger Utility is available at $NMSROOT/campus/bin/ (where $NMSROOT is the directory where you have installed CiscoWorks).
    To run the Debugger Utility, run the command:
    utdebug -switch switch-ip -port port1[,port2 ...] [-export filename]
    where,
    switch is the switch to which the end hosts are connected.
    ports are the ports on the switch which have missing end hosts User Tracking.
    -export filename specifies  that the debug messages be stored in the file specified. If this option  is not used, the messages are displayed on the console.
    For example,
    utdebug -switch 10.29.6.12 -port 5/12
    utdebug -switch 10.29.100.10 -port Fa0/10
    utdebug -switch 10.29.6.14 -port Gi6
    Pretty sure you will find this and perhaps more in the build in help of LMS
    Cheers,
    Michel

  • LMS 3.2 gives Application error during Campur User tracking

    Hi All,
    As per the subject during Campus User Tracking following error comes.
    Application error: URN_NOT_FOUND : urn "ogs_server_urn" : Not found !!..
    Please let me know if anybody has solution for this.
    Thanks in advance.
    Samir

    this looks like CSCsz79649
    I assume at least one of the ctm_config.txt files became corrupted.
    have a look at the file ctm_config.txt in both these locations:
        NMSROOT/MDC/tomcat/webapps/campus/WEB-INFlib
        NMSROOT/MDC/tomcat/webapps/cmapps/WEB-INF/lib
    and compare the content to the clean files Joe posted in this thread:
        https://supportforums.cisco.com/message/3153454#3153454
    Note: the parameter DYNAMIC_PORT_ALLOCATION=0 can be added to both files;
    If your files (or at least one) are different, then stop the daemon manager. When services are stopped, replace the corrupted file with the one Joe posted. Also move the ctmregistry and ctmregistry.backup files in these directories to a location outside NMSROOT (like C:\Windos\tmp)
    Restart the daemon manager.
    If everything is working you can remove the ctmregistry and ctmregisry.backup files you previously moved to C:\Windows\tmp

  • Exclued Application user from audit

    Hi ,
    My database 9.2.0.7.0 is configured with below init. parameters.
    NAME TYPE VALUE
    audit_file_dest string ?/rdbms/audit
    audit_sys_operations boolean TRUE
    audit_trail string DB.
    I need to exclued "Application user" logins from auditing.
    can someone please help on this?.
    Thanks

    Thanks Z.K for your response, I did read mentioned articale on Oracle base.
    but as I have mentioned previously we use Oracle basic auditing method and FGA is not used.
    please let me know if you have other suggestion.
    Edited by: user9123331 on Mar 28, 2010 5:06 AM

  • Can't Open 3rd party Apps with my User (Icon Bouncing then Application Not Responding)

    Hi
    Problem:
    I can't Open 3rd Part Apps with my user (FireFox, Chrome, Dropbox, GoogleDrive, Mega, Final Cut Pro X, etc) they just star bouncing and after a while they stop bouncing then i righ click on them and it says "Application Not Responding", but i can open native apps like Safari, iTunes, iMovie, Finder, Settings
    Other Events:
    -Just Before this happend i was editting a video on FCPX, y export it and tried to upload to Google Drive (in Chrome), when it was uploading I closed FCPX and the uploading stop it at 91%, y tried to reupload but then I realized that this video was in a temp folder and it wasnt there anymore, so I open FCPX to export it again and i couldnt, it was just bouncing and then "App not responding".
    -After Installing Yosemite i feelt it slow even after it finished the encriptation File Vault, specially in chrome.
    I have tried:
    1-Repair Disk Permisions
    2-Reset SMC
    3-Reinstall FCPX
    4-Decrypted the Disk and create another user and i was able to run Chrome, FireFox and FCPX, When I opened FCPX it started but when it was trying to open the project that i was working , it restarted the app and i couldnt open FCPX again, just bouncing and App Not Responding
    Any suggestions to keep my User working?
    Macbook Pro Mid 2012
    -OSX Yosemite,
    -16GB Ram1600MHz DDR3
    -750GB 5400RPM
    -2.9GHz dual-core Intel Core i7 processor (Turbo Boost up to 3.6GHz) with 4MB L3 cache

    Yes, as long as you let TM do a full disc backup (that is, you do not exclude anything in the TM backup settings) you will have a backup that allows a full system restore - puts everything back just as it was.
    You can also clone your system using the shareware app SuperDuper or the donation-ware app CarbonCopyCloner
    http://www.shirt-pocket.com/SuperDuper/SuperDuperDescription.html
    http://www.bombich.com/
    Both of these apps will make a true clone (literally, a bit-by-bit copy) of your hard drive onto an external drive.  This clone will actually be bootable itself (you plug in the drive and hold the option key during startup then select the clone to boot from).  You would boot from the clone, then reverse-clone it back onto your internal hard drive.
    If you are really serious about being highly confident of not loosing files, you could use both  - I keep a TM backup on one drive, and 2 clones on separate bus-powered hard drives.
    P.S. even if you had not had any issues, you really, REALLY should be keeping regular, up to date backups anyway - things go flooey without warning sometimes and you risk loosing everything on your machine if you DON'T keep regular backup copies available.

  • Open CC applications to default preferences with no user input

    I am searching for a way to open CC applications to default preferences with no user input. I understand there is a key board short cut (command/option/shift on start) but I am hunting for a way to have the preferences always revert to default. In the past I have written a script to delete the preference files upon computer start up but once again, it needs to be rewritten. Is there a method that does not require KLUDGE?

    Try:
    *http://kb.mozillazine.org/Preferences_not_saved

  • User Tracking - Application error: URN_NOT_FOUND

    hello
                running ciscoworks 3.2 on Windows 2008 SP2 - installed apps are:
    1.  Campus Manager 5.2.1
    2.  CiscoView 6.1.9
    3.  CiscoWorks Assistant 1.2.0
    4.  CiscoWorks Common Services 3.3.0
    5.  Device Fault Manager 3.2.0
    6.  Integration Utility 1.9.0
    7.  Internetwork Performance Monitor 4.2.0
    8.  LMS Portal 1.2.0
    9.  Resource Manager Essentials 4.3.1
    When I run a quick report in Campus Manager (User Tracking > Reports) I get the following error appearing in a window:
    Application error: URN_NOT_FOUND : urn "ogs_server_urn" : Not found !!.
    Acquisition is working fine – on completion it states how many new hosts have been discovered but I get the above error when I try running a report.
    Reloaded server but problem persists. I’ve attached the output of pdshow and the cmapps log - any advice/guidance appreciated.
    Thanks
    Andy

    Hello,
    I have the same problem.
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Tabla normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman","serif";}
    LMS2.6
    could anybody help me?
    I attach the ctm_config.txt file.
    Thanks

  • LMS 2.6 User Tracking - Application error: URN_NOT_FOUND

    Hi,
    When I run a quick report in Campus Manager (User Tracking  > Reports) I get the following error appearing in a window:
    Application error: URN_NOT_FOUND :  urn "ogs_server_urn" : Not found !!.
    Could anybody help me?
    I attach the ctm_config.txt file
    thanks

    From which directory did you get this ctm_config.txt?  I need to see the ones under NMSROOT/MDC/tomcat/webapps/campus/WEB-INF/lib and NMSROOT/MDC/tomcat/webapps/cmapps/WEB-INF/lib.
    Since this is LMS 2.6, I also need to see the output of the pdshow command.

  • Dynamic User Tracking with WS-C4506-E

    Hello,
    I've the following problem, configured dynamic user tracking on a
    WS-C4506-E with a WS-X45-SUP6L-E, System image file is a Version 12.2(53)SG2
    Interface configuration:
    snmp trap mac-notification change added
    snmp trap mac-notification change removed
    Global configuration:
    snmp-server enable traps mac-notification change
    snmp-server host xx.xxx.xx.xxx version 2c COMMUNITY udp-port 1431 mac-notification
    mac address-table notification change interval 60
    mac address-table notification change history-size 50
    mac address-table notification change
    #sh mac address-table notification change
    MAC Notification Feature is Enabled on the switch
    Interval between Notification Traps : 60 secs
    Number of MAC Addresses Added : 21509
    Number of MAC Addresses Removed : 21484
    Number of Notifications sent to NMS : 11632
    Maximum Number of entries configured in History Table : 50
    Current History Table Length : 50
    MAC Notification Traps are Enabled
    UTU2 does not found any records for the device name or if I search for a directly connected PC to this switch.

    Where is this Collector Status screen? What dashboard is it on ?
    >> Device Center > Troubleshooting Workflow
    The  fact that you have success for usertracking does not mean you server  receives mac address notification traps. It only means the passive  usertracking has run. The UT results from the other switch may come from  this process.
    >> Yes you're right.
    Only via snoop or packetcapture you can be sure you receive the traps you want.
    >> I set up a packetcapture on the server, the server receives the mac address notification traps on UDP port 1431.
    >>Dynamic user tracking of switches from the same site works...for example I have three WS-C3750V2-48PS-S over >>there.
    Also  if you look at the Collection Sumary in the Inventory -> Device  Status dashboard you may find that some devics fail on usertracking.
    >> Both switches are not under the failed devices.
    >>I'm a little bit confused now.... I can't even start a acquisition manually, LMS says device is not reacheable... but in Device Center (1st picture) "ping", "snmp" etc... is OK...

  • Run SAP BPM with alternative portal applications ?

    Hi BPM experts,
    Is it possible to run SAP BPM without SAP NW Portal and use an alternative portal application instead?
    The general idea here is to use alternative SAP-independent frontend technology and use SAP BPM for process control "only".
    Best regards,
    Peter

    Benjamin,
    thanks for your reply. Does this mean that there's defnitely no other way and one MUST use SAP NW Portal in order to run a SAP BPM application (at least with the current release)?
    Best regards,
    Peter

  • This is an message when I open up CS4 in Illustrator.  "Some plugins in additional plugins folder are conflicting with application or user plugins.  It will skip loading plugins from additional plug-ins folder?  What does this mean and how can I fix it.

    This is an message when I open up CS4 in Illustrator.  "Some plugins in additional plugins folder are conflicting with application or user plugins.  It will skip loading plugins from additional plug-ins folder?  What does this mean and how can I fix it?

    Thanks Larry.  I thought so.  I will do this weekend.  Again, I appreciate your help.
    Trying to get updated software – I am not a fan of the cloud stuff.  Nothing I can do about it.
    Thanks again Larry!

  • Problem with user tracking Cisco Prime lms 4.2

    Hi
    When I use the User tracking utility, it dont find the usernames, I dont kwow if I have to use the tool UTlite33.exe un all end host or not, please helpme.

    Hi Andres,
    Check this ::
    Understanding UTLite
    UTLite is a utility that allows you to collect user names from Primary Domain Controllers, Active Directory, and Novell servers.
    To do this you need to install UTLite in the Windows Primary Domain  Controllers and in the Novell servers. You can also install UTLite in an  Active Directory server.
    UTLite sends traps to LMS whenever a user logs in or logs out. UTLite  traps are processed by LMS at the rate of 150 traps per second, with a  default buffer size of 76800.
    Follow the below link and it should help:
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/user/guide/admin/appendixcli.html#wp1032284
    Thanks-
    Afroz
    [Do rate the useful posts]

Maybe you are looking for