How To Check Disabled Audits Using Policy Based Management

Policy-Based Management is a feature that is introduced with SQL Server 2008. It allows us to set the rules we want in our systems, to set our standards and to make our controls automatically. For example, we can create a policy for control purposes so that the names of our stored procedures do not start with a number or database recovery models are not simple.

To comprehend Policy Based Management (PBM), you need to understand some concepts.

Facet

A feature that can be managed by PBM. For example, there is a facet called Audit. And using this facet, you can create a policy that checks whether the audits you have defined are disabled.

You can access all facets via SSMS as follows. To access the facet details, you must double-click on it.

Condition

Checks whether the sub-property of the related facets provide the specified condition. Örneğin Audit facet’ının Enabled alt özelliğini kontrol ederek disable edilmiş audit’leri kontrol edebilirsiniz.

Let’s create a policy that checks disabled audits.

Create a Policy

Right click Policies tab as follows from the Management> Policy tab and click New Policy.

We give a name to Policy on the screen that appears. We need to create a condition from Check Condition.

We’re clicking on New Condition.

We give a name to the condition from the screen that appears.

We select Audit facet  from facet section because we will check disabled audits.

By clicking “…” in the Expression section, we select @Enabled, which is the sub-feature of Audit facet.

We select = from Operator, and True in Value. Thus, if Audit is disabled the policy will fail.

If you want to check that the Database Audit Specification that will use this Audit is also disabled, you must use the Database Audit Specification Facet in another policy. For detailed information about audits, I recommend reading “How To Create SQL Server Audit“.

By selecting On Schedule from the Evaluation Mode, we select the interval at which the policy will be checked and then click the Enable check box.

If we choose On Demand, it only checks when we execute policy.

If you have a server-based condition, you can create a server-based condition from the server restriction section.

If you want it to be checked automatically at certain intervals, click New in the Schedule section and determine the frequency that the policy will check the condition. We set it up to work once every day at 12: 00: 000 PM.

We created our policy. We click Evaluate as below to run it manually.

I got a result as follows in my local.

I would like to talk about another thing about Audit Facet.

You can create a condition that sets the OnFailed property to Continue as follows. It ensures that some audits are set to Continue instead of Shutdown.

The reason we do this is when the audit fails, if the audit is set to Shutdown, the sql server service fails. This is usually something we don’t want. Of course, you may need to shutdown sql server service for some critical applications if cannot write the audit.

Or you can use the DateLastModified property to check whether the audit has been modified by anyone.

With Policy Based Management, you can check many things on SQL Server. And I think a professional database manager should use this feature that SQL Server offers us. You can find more articles on Policy Based Management at the following links.

How To Check the Compatibility Level of Databases Using Policy Based Management“,

How To Check Recovery Model of All Databases Using Policy Based Management“,

How To Check Stored Procedure Names Using Policy Based Management“,

How To Check VLF Counts in the Databases Using Policy Based Management“,

How To Check SQL Logins Without Password Policy Enforced or Password Expiration Enabled Using Policy Based Management“,

“How To Check Auto Shrink Option of Databases Using Policy Based Management”,

“How To Check Whether Availability Groups is Ready To Failover Using Policy Based Management”,

“How To Check Availability Group’s Backup Preference Using Policy Based Management”,

“How To Check Availability Group Automatic Failover Settings Using Policy Based Management”,

“How To Check Whether Readable Secondary is Enabled on Availability Groups Using Policy Based Management”,

“How To Check Whether Data File Sizes is Reached a Specific Size Using Policy Based Management”,

“How To Check Auto Close Option of Databases Using Policy Based Management”,

“How To Check Last Log Backup Time Using Policy Based Management”,

“How To Check Page Verify Option of Databases Using Policy Based Management”

dbtut
Author: dbtut

We are a team with over 10 years of database management and BI experience. Our Expertises: Oracle, SQL Server, PostgreSQL, MySQL, MongoDB, Elasticsearch, Kibana, Grafana.

Leave a Reply

Your email address will not be published. Required fields are marked *