Auditing
dbWatch Control Center includes support for SQL audit logging of all statements executed on monitored database instances via dbWatch operations. This feature is particularly useful for:
- Security and compliance reporting
- Change tracking
- Internal investigations and usage analytics
Audit logging captures queries initiated both by user actions (e.g., manual operations via the GUI or CCC scripts) and, if configured, automated jobs run by the system.
Enabling Auditing (Manual Configuration)
Currently, auditing must be configured manually by editing the `server_configuration.xml` file on the Control Center Server.
Step-by-Step Instructions
1. Stop the dbWatch Server service before making any changes
2. Navigate to the location of the configuration file (typically: `C:\ProgramData\dbWatchControlCenter\config\server_configuration.xml` or `/var/dbwatch-controlcenter/config/server_configuration.xml`)
3. Make a full backup of the file before editing
4. Insert the following XML block inside the root `<server-configuration>` element:
<audit-settings>
<audit-setting>
<audit-catalog>/var/log/dbwatch/audit</audit-catalog>
<file-switch-interval-minutes>360</file-switch-interval-minutes>
<audit-level>2</audit-level>
<file-keep-for-days>7</file-keep-for-days>
</audit-setting>
</audit-settings>
5. Save the file and restart the dbWatch Server
---Configuration Tag Descriptions
| Tag | Description |
|---|---|
| `<audit-catalog>` | Directory where audit logs will be stored. The file will be named `audit.log` and rotated as needed. |
| `<file-switch-interval-minutes>` | How frequently (in minutes) the log file should be rotated. When a switch occurs, the old file is zipped and timestamped. |
| `<file-keep-for-days>` | Number of days to retain archived (zipped) logs. A value of 0 disables deletion. |
| `<audit-level>` | Defines audit granularity: 0 = No logging 1 = Log user-initiated statements only 2 = Log all database statements including background jobs |
Log Output Details
- Logs are written to disk on the Control Center Server
- Each log entry typically includes:
- Timestamp
Audit logs are stored in plain text and rotated/zipped as configured. Consider encrypting the log directory at the filesystem level or forwarding to a central log collector for improved security.
Best Practices
- Always configure auditing in coordination with your data retention and compliance policy
- Use level 1 in production environments for user tracking, and level 2 for detailed audits or troubleshooting
- Combine auditing with dbWatch’s built-in Audit Logging dashboard
- Enable periodic off-host backups or log streaming to secure audit archives
Related Topics
For further assistance with auditing setup, central log integration (e.g., with ELK/Splunk), or security audits, please contact:
support@dbwatch.com