Audit trail for web application

Hello,
I have been assigned the task to design the audit trail for the ASP.NET web application. I don't know what the best practices for such audit trails are. Our application one dedicated user name and password to perform the database operations. I need to capture all the operations which are performed on the database. Also I need to able to capture the operations which directly
performed on the backend directly using the tools like enterprise manager,
query analyzer, etc. And also the data for the action should be captured in some set of tables, but not in the form of BLOB, so that if the admin want
to know what are the various things the user did during the particular
session then that should be reproduced in the form of report. Does any
anybody have any idea of how to do such task? Any tips will be helpful.

I am trying one approach with the help of triggers. But the problem with
this approach is that I am not able to store all the information need to
reproduce the same output if I try to generate report for the particular
session.

Thanks and Regards,
Parag Kulkarni,
India
Email pa************@persistent.co.in

This is more of a SQL Server question than an ASP.NET question. The
problem
with implenting auditing at the application level or using table triggers
is
that it is very programming intensive and difficult to cover every point
of
database entry. Every time the data model changes, you would need to go
back
and revise the audit programming. Go to MSDN and read up on SQL Server
Profiler. It can trap various events and output the log to a SQL Server
table. There are also 3rd party database auditing tools that should do
exactly what you need.

"Parag" <pa************@persistent.co.in> wrote in message
news:OR**************@TK2MSFTNGP15.phx.gbl...

Hello,
I have been assigned the task to design the audit trail for the ASP.NET

web

application. I don't know what the best practices for such audit trails

are.

Our application one dedicated user name and password to perform the

database

operations. I need to capture all the operations which are performed on

the

database. Also I need to able to capture the operations which directly
performed on the backend directly using the tools like enterprise
manager,
query analyzer, etc. And also the data for the action should be captured

in

some set of tables, but not in the form of BLOB, so that if the admin
want
to know what are the various things the user did during the particular
session then that should be reproduced in the form of report. Does any
anybody have any idea of how to do such task? Any tips will be helpful.

I am trying one approach with the help of triggers. But the problem with
this approach is that I am not able to store all the information need to
reproduce the same output if I try to generate report for the particular
session.

Thanks and Regards,
Parag Kulkarni,
India
Email pa************@persistent.co.in

Hi,
Thanks for the reply. Can you please tell me what are the best practices that are followed in web application in .NET to implement the Audit trail ? Is there any other way to implement it? It will be of greate help to me if
you could just point out what are the best practices to implement audit
trails for web applications.

Regards,
Parag

"bradley" <so*****@microsoft.com> wrote in message
news:uK**************@TK2MSFTNGP15.phx.gbl...

This is more of a SQL Server question than an ASP.NET question. The
problem
with implenting auditing at the application level or using table triggers is
that it is very programming intensive and difficult to cover every point
of
database entry. Every time the data model changes, you would need to go
back
and revise the audit programming. Go to MSDN and read up on SQL Server
Profiler. It can trap various events and output the log to a SQL Server
table. There are also 3rd party database auditing tools that should do
exactly what you need.

"Parag" <pa************@persistent.co.in> wrote in message
news:OR**************@TK2MSFTNGP15.phx.gbl...

Hello,
I have been assigned the task to design the audit trail for the ASP.NET

web

application. I don't know what the best practices for such audit trails

are.

Our application one dedicated user name and password to perform the

database

operations. I need to capture all the operations which are performed on

the

database. Also I need to able to capture the operations which directly
performed on the backend directly using the tools like enterprise
manager,
query analyzer, etc. And also the data for the action should be captured

in

some set of tables, but not in the form of BLOB, so that if the admin
want
to know what are the various things the user did during the particular
session then that should be reproduced in the form of report. Does any
anybody have any idea of how to do such task? Any tips will be helpful.

I am trying one approach with the help of triggers. But the problem

with this approach is that I am not able to store all the information need to reproduce the same output if I try to generate report for the particular session.

Thanks and Regards,
Parag Kulkarni,
India
Email pa************@persistent.co.in

Hi,
Thanks for the reply. Can you please tell me what are the best practices
that are followed in web application in .NET to implement the Audit trail ?
Is there any other way to implement it? It will be of greate help to me if
you could just point out what are the best practices to implement audit
trails for web applications.

Regards,
Parag

I am trying one approach with the help of triggers. But the problem with
this approach is that I am not able to store all the information need to
reproduce the same output if I try to generate report for the particular
session.

Auditing SQL Server Activity:
http://msdn.microsoft.com/library/de...urity_2ard.asp

Monitoring with SQL Profiler:
http://msdn.microsoft.com/library/de..._perf_86ib.asp
"Parag" <pa************@persistent.co.in> wrote in message
news:OQ**************@TK2MSFTNGP14.phx.gbl...

Hi,
Thanks for the reply. Can you please tell me what are the best

practices

that are followed in web application in .NET to implement the Audit trail

?

Is there any other way to implement it? It will be of greate help to me
if
you could just point out what are the best practices to implement audit
trails for web applications.

Regards,
Parag

"bradley" <so*****@microsoft.com> wrote in message
news:uK**************@TK2MSFTNGP15.phx.gbl...

> This is more of a SQL Server question than an ASP.NET question. The
> problem
> with implenting auditing at the application level or using table triggers > is
> that it is very programming intensive and difficult to cover every
> point
> of
> database entry. Every time the data model changes, you would need to go
> back
> and revise the audit programming. Go to MSDN and read up on SQL Server
> Profiler. It can trap various events and output the log to a SQL Server
> table. There are also 3rd party database auditing tools that should do
> exactly what you need.
>
> "Parag" <pa************@persistent.co.in> wrote in message
> news:OR**************@TK2MSFTNGP15.phx.gbl...
>> Hello,
>> I have been assigned the task to design the audit trail for the
>> ASP.NET
> web
>> application. I don't know what the best practices for such audit
>> trails
> are.
>> Our application one dedicated user name and password to perform the
> database
>> operations. I need to capture all the operations which are performed
>> on
> the
>> database. Also I need to able to capture the operations which directly
>> performed on the backend directly using the tools like enterprise
>> manager,
>> query analyzer, etc. And also the data for the action should be captured > in
>> some set of tables, but not in the form of BLOB, so that if the admin
>> want
>> to know what are the various things the user did during the particular
>> session then that should be reproduced in the form of report. Does any
>> anybody have any idea of how to do such task? Any tips will be
>> helpful.
>>
>> I am trying one approach with the help of triggers. But the problem with >> this approach is that I am not able to store all the information need to >> reproduce the same output if I try to generate report for the particular >> session.
>>
>>
>>
>> Thanks and Regards,
>> Parag Kulkarni,
>> India
>> Email pa************@persistent.co.in
>>
>>
>>
>
>