When it comes to logging, I won’t even step on the same court as Anton. But a couple weeks ago (while I was on the road, thus the late response) he posted on the options for database logging.

It’s a good overview of using native logs and log management vs. network appliances, but he totally misses a third option.

Most of the Database Activity Monitoring vendors use additional techniques, including agents, to gain a granularity that’s not supported by most native database logs (or better performance when that granularity exists). This is absolutely critical if you want to monitor SQL-statement activity; a growing security requirement. Log management won’t help you if you want to know which administrator is changing your corporate financials, detect SQL injection attacks, or alert when that call center employee drops a “SELECT CC# FROM Customers” using that ad-hoc query tool your forgot to block.

There are MANY cases where log management is enough today, but I think over time we’ll all migrate to needing to know the SQL (and then correlate that with application activity).

Share: