Authors: Ayad Shammout, Denny Lee, Jack Richins
As noted within the Reaching Compliance: SQL Server 2008 Compliance Guide (you can also check the sqlauditcentral codeplex project), an easier way to view and manage all of the audit logs within your SQL Server environment is to place all of the audit logs in one central location. As per the guide, you can then use a SSIS package to import in all of these logs files into a separate SQL database where you can then generate reports to view all of the audits within your entire SQl Server environment.
The problem that we recently discovered is that if SQLAudit loses connectivity to the folder it places the audit files, provided that you did not tell SQL Server to shutdown if it cannot write an audit:
There is a bug assigned to this issue and will be resolved in the future. But for us whom are working with SQL Audit right now, to work around this problem, please go to the sqlauditNetworkConnectivity Codeplex project where you can download the full Centralized Audit Framework project. Within this project is the Restart SQL Audit Policy and Job folder. This folder contains three pieces of source code: