Databases Reference
In-Depth Information
exec master..sp_trace_setfilter @TraceID, 10, 0, 7,
N'SQLAgent%'
-- Set the trace status to start
exec master..sp_trace_setstatus @TraceID, 1
9.6.2
Implementation options: Monitor event/trace
creation and/or audit all event monitors and traces
There are two approaches you can take to combat a possible vulnerability
based on event monitors and traces. The first option is to continuously
monitor and alert upon each command that creates or modifies these data-
base objects, event traces, or monitors. This is similar to other monitors you
have seen in this chapter and in previous chapters. The second option is to
periodically extract all event monitor and trace definitions and review the
list. You can do this manually or invest a little more time and generate an
automated process.
For a manual review, the simplest approach is to use the database admin-
istration tools. For example, continuing with the DB2 example, open up
the Control Center and use the left tree pane to navigate to the database
you want to review. Open the database as shown in Figure 9.10. One of the
Figure 9.10
Reviewing event
monitors defined in
a DB2 UDB
database.
Search WWH ::
Custom Search