1, sqlserver2012 can do the audit of the instance, as well as the database audit, basically includes all the operation. can meet our requirements.
2.The audit function requires an instance-level configuration at the metabase level, an "audit" on the instance, and a " Database Audit Specification" on the database, both of which can be audited at the same time . 3.There are only three audit file storage objects, namely "file", "Security Log", "Application Log". Generally we store files on separate servers to ensure security. 4.The Database audit specification can only be enabled on read-write libraries, and can no longer be enabled on library-only libraries. 5, because of the reason of the previous article, in order to resolve the read-only copy on AlwaysOnAudit, we need a roundabout way to do it. Here's how:(1) Establish an instance-level audit on the subject, and then establish an audit of the same audit_guid on the replica. (2) in the maina Database Audit specification is established on the databases , at which time the replicas are synchronized. (3) At this point, since the copy is read-only, it can only bestart auditing on the database. This allows both the subject and the replica to start auditing at the same time. (4) In order for the audit of the main body to fail, you need to disable thedatabase audit, so that the audit of the principal database can not be logged even if it is open, but the replica will continue to audit. (5) To close the audit, it must be closed on the main side. 6, the file of audit log can be opened with SQL Server client, but the size of the file growth is very fast, because the information is very detailed, including the execution of statements and other records.