none
Audit to Security log

    Question

  • I created audits tagret 'ServerAuditDB' to log events on Security Log. When I tried to enable it i get error:

     

    Audit 'ServerAuditDB' failed to start. For more information, see sys.dm_os_ring_buffers where ring_buffer_type = 'RING_BUFFER_XE_LOG' and the Error log. (.Net SqlClient Data Provider)

     

    Record in sys.dm_os_ring_buffers is: <Record id = "1" type ="RING_BUFFER_XE_LOG" time ="109770"><XE_LogRecord message="seclog: module 'authz.dll' failed load or missing exports (last error: 7f)"></XE_LogRecord></Record>

     

    Error in event viewer is: SQL Server Audit failed to access the security log. Make sure that the SQL service account has the required permissions to access the security log.

     

    From BOL: 

    Writing to the Windows Security log requires the SQL Server service account to be added to the Generate security audits policy . By default, the Local System, Local Service, and Network Service are part of this policy. Additionally, the Audit object access security policy must be enabled for both Success and Failure. These setting can be configured by running Secpol.msc, using the Run command that you can access from the Start button.

     

    My OS is: Windows XP in workgroup. SQL Server is Feb CTP. SQL services account runs under local account. That local account is in administrators group.

    I added SQL Server service account to Generate security audits and Audit object access is enabled for Success and Failure.

     

    What is wrong? What is required permissions for the SQL Server service to access the security log.

    Tuesday, May 13, 2008 2:29 PM

Answers