Audit Logging
Audit logging in dbWatch Control Center provides traceability and accountability for actions taken by users and the system. It is designed to help administrators:
- Track configuration changes and user behavior
- Support compliance and governance requirements
- Detect anomalies or unauthorized access
- Retain evidence for internal audits or investigations
Enabling Audit Logging
Audit logging is an optional feature that can be enabled via configuration. It is disabled by default but can be activated depending on your organization’s needs.
To enable audit logging:
1. Navigate to your Control Center configuration settings
2. Locate the audit logging options under the system or domain controller setup
3. Set the desired log level (see below)
More detailed configuration steps are available on the separate auditing wiki page.
Read more:
Audit Configuration Details
Available Logging Levels
dbWatch supports three distinct levels of audit logging:
Level | Description |
---|---|
0 | No logging (default) |
1 | Logs only SQL statements and operations triggered by direct user actions |
2 | Logs all SQL statements, including background jobs, scheduled tasks, and system-initiated operations |
> Recommendation: For production environments, start with level 1. Use level 2 only for short periods or detailed investigations, as it generates more log volume.
Audit Log Storage
- Logs are written to disk on the Control Center Server
- Location: Typically within the installation or logging directory (e.g., `/var/dbwatch-controlcenter/logs/` or `C:\ProgramData\dbWatchControlCenter\logs\`)
- Files are rotated based on standard log retention policies (configurable)
Audit logs can be monitored externally using tools like Splunk, ELK stack, or other SIEM systems.
Use Cases
- Security investigations: Determine what changes were made, by whom, and when
- Compliance evidence: Retain proof of activity for PCI-DSS, ISO 27001, or internal IT audits
- Usage analytics: Analyze how users interact with dbWatch and what features are being used
- Troubleshooting: Identify root causes by correlating user actions with errors or job failures
Recommendations
- Keep audit logging enabled at level 1 for critical environments
- Rotate and archive logs regularly to comply with your data retention policy
- Review logs periodically to spot unauthorized activity or configuration drift
- Use external log collectors if centralized monitoring is required
Related Topics
For help configuring audit logging, integrating with external logging systems, or designing log rotation policies, contact:
support@dbwatch.com