c2 审核模式服务器配置选项c2 audit mode Server Configuration Option

适用对象:是SQL Server 否Azure SQL 数据库 否Azure Synapse Analytics (SQL DW) 否并行数据仓库APPLIES TO: yesSQL Server noAzure SQL Database noAzure Synapse Analytics (SQL DW) noParallel Data Warehouse

可以通过 SQL Server Management StudioSQL Server Management Studio 或使用 sp_configure 中的“c2 审核模式”选项来配置 C2 审核模式。C2 audit mode can be configured through SQL Server Management StudioSQL Server Management Studio or with the c2 audit mode option in sp_configure. 选择此选项将配置服务器,以记录对语句和对象的失败和成功的访问尝试。Selecting this option will configure the server to record both failed and successful attempts to access statements and objects. 这些信息可以帮助您了解系统活动并跟踪可能的安全策略冲突。This information can help you profile system activity and track possible security policy violations.

备注

此功能处于维护模式并且可能会在 Microsoft SQL Server 将来的版本中被删除。This feature is in maintenance mode and may be removed in a future version of Microsoft SQL Server. 请避免在新的开发工作中使用该功能,并着手修改当前还在使用该功能的应用程序。Avoid using this feature in new development work, and plan to modify applications that currently use this feature. C2 安全标准已经由通用准则认证所取代。The C2 security standard has been superseded by Common Criteria Certification. 请参阅 启用了通用准则合规性的服务器配置选项See the common criteria compliance enabled Server Configuration Option.

审核日志文件Audit Log File

C2 审核模式数据保存在实例的默认数据目录中的某个文件内。C2 audit mode data is saved in a file in the default data directory of the instance. 如果审核日志文件达到了 200 MB 的大小限制, SQL ServerSQL Server 将创建新文件、关闭旧文件并将所有新的审核记录写入新文件。If the audit log file reaches its size limit of 200 megabytes (MB), SQL ServerSQL Server will create a new file, close the old file, and write all new audit records to the new file. 此过程将继续下去,直到审核数据目录已满或审核被关闭。This process will continue until the audit data directory fills up or auditing is turned off. 若要确定 C2 跟踪的状态,请查询 sys.traces 目录视图。To determine the status of a C2 trace, query the sys.traces catalog view.

重要

C2 审核模式将大量事件信息保存在日志文件中,可能会导致日志文件迅速增大。C2 audit mode saves a large amount of event information to the log file, which can grow quickly. 如果保存日志的数据目录空间不足, SQL ServerSQL Server 将自行关闭。If the data directory in which logs are being saved runs out of space, SQL ServerSQL Server will shut itself down. 如果将审核设置为自动启动,则必须使用 -f 标志(跳过审核)重新启动该实例或为审核日志释放更多磁盘空间。If auditing is set to start automatically, you must either restart the instance with the -f flag (which bypasses auditing), or free up additional disk space for the audit log.

权限Permissions

要求具有 sysadmin 固定服务器角色的成员身份。Requires membership in the sysadmin fixed server role.

示例Example

下面的示例将启用 C2 审核模式。The following example turns on C2 audit mode.

sp_configure 'show advanced options', 1 ;  
GO  
RECONFIGURE ;  
GO  
  
sp_configure 'c2 audit mode', 1 ;  
GO  
RECONFIGURE ;  
GO  
  

另请参阅See Also

RECONFIGURE (Transact-SQL) RECONFIGURE (Transact-SQL)
服务器配置选项 (SQL Server) Server Configuration Options (SQL Server)
sp_configure (Transact-SQL)sp_configure (Transact-SQL)