Best way of auditing actions 1

[scorpio66]

Can anyone recommend a way of securely auditing certain actions that an application does?

The application is multi-user and database driven, but I don't really want the audit log on the same database as in the event of a compromised system, the audit log will be untrustworthy.

Not looking for code, really, just suggestions.

 

[MichaelRed]

Well, for 'just suggestions', create a different db. Use "bound forms" for all data transactions. On each event which changes data in the database tables, in the after update event, check the dirty flag of each data bound control. If it is set, log the used info, the date/time stamp old value, new value and primary key of hte record to the audit table. Loook at faq181-291 (Ms. Access) for one example of this (although the table is in the same db, that should be just a minor change to the overall concept).

MichaelRed
mred@att.net

There is never time to do it right but there is always time to do it over

 

[strongm]

I'm not certain that this will be of use. However, MS have an unsupported OCX which - technically - is designed to support running services under NT. It includes easy-to-use routines for writing to the Event Log, and is available for download here:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnolectrl/html/msdn_ntsrvocx.asp

Obviously, it isn't much use under W9x/ME