ApexSQL Audit – Permissions and requirements

Description
This article provides information about required permissions and software requirements for ApexSQL Audit installation.

Summary
ApexSQL Audit requires Windows administrator permissions for installation in order to properly setup all of its components and its access to the Central Repository Database. To ensure proper installation, it is recommended to initiate it by running the ApexSQLAudit.exe with ‘Run as admin’ command from the context menu

ApexSQL Audit GUI does not require any special permissions on the local machine where the central instance is running, as it communicates with the installed service which has received appropriate permissions during the installation.

The same applies to required permissions for the reporting application; by default only local users (Windows Authentication) have access to the reporting application.

Above described permissions are required by the user during the installation or use. The following actual permissions are set and used by the product:

  • For both central and distributed instances:

    • The log on account for the ApexSQL Audit service must be a member of sysadmin server role on the SQL Server instance audited
    • The Log on as service user rights are required for the account running the service
    • The service requires read and delete access to the SQL Trace folder where traces files are being generated
    • The monitored SQL Server instance requires write access to the SQL Trace folder where traces files are being generated.
  • Remote GUI:

    • Open port to the machine where Central instance is installed
    • Folder Read/write permissions where exported reports are saved
    • Windows account running the remote GUI must be added as ApexSQL Audit user in application options

Software requirements

Depending on the ApexSQL Audit component to be installed, the following software is required to be installed prior to installation:

  • The central ApexSQL Audit instance

    • Microsoft SQL Server 2008 or greater
    • Microsoft .NET Framework 4.7.2
  • A distributed ApexSQL Audit instance

    • Microsoft SQL Server 2005 or greater
    • Microsoft.NET Framework 4.7.2
  • ApexSQL Audit remote GUI requires:

    • Microsoft .NET Framework 4.7.2

Hardware requirements

Both minimum and recommended hardware requirements for ApexSQL Audit are the same as described in the Hardware and Software Requirements for Installing SQL Server. Additionally, we recommend using multi-core processors as ApexSQL Audit heavily relies on parallel job processes to provide fast processing of audited data.

There are additional communication and HDD space requirements:

  • Both central and distributed ApexSQL Audit instances use port 64561 by default. This is user configurable however.Additionally, port 60408 must be opened from central instance towards distributed instance
  • HDD space:

    • ApexSQL Audit central instance requires 1GB of free HDD space for central repository database, while another 3-5GB is a recommended minimum for both central and remote instances int order to store temporary trace files (10MB each) generated by SQL Server or storing packages (10MB each) gathered on the central instance until they are parsed and removed by ApexSQL Audit instance. Note that both traces and stored packages are automatically deleted once processed:

      • Note: required space covers common situations when SQL Server generates a large number of trace files before they are handled or in case there is a delay in package transfer to the central instance. In case the ApexSQL Audit service is stopped by the administrator, SQL Server immediately stops creating trace files which prevents HDD overload.

    • The central ApexSQL Audit instance requires 1GB for central repository alone, and additional 1GB at minimum per connected distributed instance for storing packages into a central instance local folder. These are deleted once the data in them is successfully stored in the central repository database; this operation is immediate and it’s delayed only in rare cases of overload when packages can accumulate until SQL Server is free to store them into the repository. This also covers the situation when quick maintenance of SQL Server which hosts a central repository database is required (e.g. restart)
      • Note that the central repository database will be automatically archived once it reaches 20GB (default setting). Additionally, all disk values above are recommended for regular/small scale auditing jobs, and auditing output should always be considered for each specific environment based on the auditing requirements, SQL Server traffic and more