Return
-
Title
Change Auditor for SQL Service running but not picking up changes -
Description
An Administrator noticed after a few days the Change Auditor agent stops recording SQL Data Level events. He observed the agent service is still running and still recording other SQL events like Logons/Logoffs but no Data Level events. He manually stops and restarts the service and Data Level recording resumes for a few days then stops again.
-
Cause
The minimum requirements for SQL Data Level Auditing were not met. -
Resolution
SQL Servers supported up to the following versions:• Microsoft SQL Server 2014 SP3• Microsoft SQL Server 2016 SP3• Microsoft SQL Server 2017• Microsoft SQL Server 2019
• Microsoft SQL Server 2022
NOTE: .Net 4.7.2 is required on the SQL Server where auditing will take place.
NOTE: Auditing is supported on SQL clusters only when they are not usinghigh availability technologies. In this configuration, the agent only audits theactive nodes in the cluster where agents are deployed.
NOTE: Change Auditor SQL Data Level auditing currently only supportsauditing databases in Full and Bulk logged recovery models. Minimallylogged operations performed in bulk logged recovery model may notproduce auditing events. An initial backup is required for both Full and Bulklogged databases before the transaction log can properly support auditing.
NOTE: Encrypted databases are not supported.
NOTE: Change Auditor does not support auditing databases that have rowand page compression applied.
NOTE: Agent memory can increase 1.5 GB per audited database.
NOTE: SQL Data Level auditing templates are assigned to an agent whenyou create the template. Each audited database requires one templateassigned to a single agent.
Required permissions: The account specified in the auditing template that is used to access theSQL Server instance must have the following database permissions:
• Permission to open a connection to the targeted database.• Read permissions on targeted tables and system tables.• VIEW SERVER STATE permission.• SYSADMIN server role.• CONTROL SERVER permission.
For more information See the Change Auditor for SQL Server User Guide.