Auditing


dbWatch Control Center includes support for SQL audit logging of all statements executed on monitored database instances via dbWatch operations. This feature is particularly useful for:

Audit logging captures queries initiated both by user actions (e.g., manual operations via the GUI or CCC scripts) and, if configured, automated jobs run by the system.


Enabling Auditing (Manual Configuration)

Currently, auditing must be configured manually by editing the `server_configuration.xml` file on the Control Center Server.

Step-by-Step Instructions

1. Stop the dbWatch Server service before making any changes
2. Navigate to the location of the configuration file (typically: `C:\ProgramData\dbWatchControlCenter\config\server_configuration.xml` or `/var/dbwatch-controlcenter/config/server_configuration.xml`)
3. Make a full backup of the file before editing
4. Insert the following XML block inside the root `<server-configuration>` element:

<audit-settings>
   <audit-setting>
       <audit-catalog>/var/log/dbwatch/audit</audit-catalog>
       <file-switch-interval-minutes>360</file-switch-interval-minutes>
       <audit-level>2</audit-level>
       <file-keep-for-days>7</file-keep-for-days>
   </audit-setting>
</audit-settings>

5. Save the file and restart the dbWatch Server

---

Configuration Tag Descriptions

Tag Description
`<audit-catalog>` Directory where audit logs will be stored. The file will be named `audit.log` and rotated as needed.
`<file-switch-interval-minutes>` How frequently (in minutes) the log file should be rotated. When a switch occurs, the old file is zipped and timestamped.
`<file-keep-for-days>` Number of days to retain archived (zipped) logs. A value of 0 disables deletion.
`<audit-level>` Defines audit granularity:
0 = No logging
1 = Log user-initiated statements only
2 = Log all database statements including background jobs

Log Output Details

Audit logs are stored in plain text and rotated/zipped as configured. Consider encrypting the log directory at the filesystem level or forwarding to a central log collector for improved security.


Best Practices


Related Topics


For further assistance with auditing setup, central log integration (e.g., with ELK/Splunk), or security audits, please contact:
support@dbwatch.com