Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Trace Rollover should be enabled for audit traces that have a maximum trace file size.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2500 | DM5267-SQLServer9 | SV-23886r1_rule | ECRR-1 | Medium |
| Description |
|---|
| The majority of Microsoft SQL Server security auditing is provided by the trace facility. Traces may be created using system stored procedures or with Microsoft SQL Profiler. The trace must be running in order for security event data to be collected for analysis. Traces can specify a maximum size for the trace file. An action may also be specified when a maximum file size is reached. The trace file rollover option for a defined trace causes the current trace file to close and a new one to be opened with no loss of data. If a maximum file size has been set and the rollover option is not set, the trace stops writing when the maximum file size is reached. If the trace file writes function stops, then auditing is disabled. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-19685r1_fix) |
|---|
| Re-create the trace and specify TRACE_FILE_ROLLOVER (option = 2) added to SHUTDOWN_ON_ERROR (option > 4). From the query prompt: EXEC SP_TRACE_CREATE [ @traceid = ] trace_id OUTPUT , [ @options = ] option_value , [ @tracefile = ] 'trace_file' [ , [ @maxfilesize = ] max_file_size ] [ , [ @stoptime = ] 'stop_time' ] [ , [ @filecount = ] 'max_rollover_files' ] |