Our current enterprise solution is a ASP.NET MVC application driven by the Entity Framework. There are a couple links on how to hook into the change events for auditing. I'm not really interested in this.
I'm interested in enterprise level auditing architecture. Those of you with the enterprise level battle wounds, what has been your auditing solutions? Do you serialize objects in databases in a framework. Are you setting up database triggers to audit tables? Do you use a separate database all together so your audit growth doesn't affect your app database? I'm interested in the tried and true solutions here. I know there's options in our technology choice (EF) but I'm interested in the foundation first.
Links would be very appreciated.
Once all the necessary Corrective Action has been checked by the Auditor and found to be satisfactory, the Audit can be formally "closed" and this will involve the following activities. Non-compliance Sign-off.
Final ReportReview the report for grammar and accuracy and remove all identifiers depicting the report as a draft. Type a cover letter addressed to your client and submit the final report. Keep a copy on file. At this point, the audit is officially closed.
There are three main types of audits: external audits, internal audits, and Internal Revenue Service (IRS) audits. External audits are commonly performed by Certified Public Accounting (CPA) firms and result in an auditor's opinion which is included in the audit report.
Closing Audit Report means an audit report of the Business Auditors in accordance with Section 2.5(a), in which the Business Auditors certify the Actual Equity and the Actual Working Capital in accordance with this Agreement, which certificate shall (i) be substantially in the form of SCHEDULE 1.1(4)(b) hereto, (ii) be ...
I don't have any links, but in the system that I have the joy of maintaining here at the day job. We have a single audit table, that basically stores the following information.
TableName, PrimaryKeyValue, ModifiedColumn, OldValue, NewValue, ChangeUser, Change Date
Now, this works great for audit speed, in our code, we have a common interface for auto-implementing the audit logging, but from a "review" standpoint, it isn't the "fastest" way to get the information back out. (Granted we have not actually done anything to need to look at the audit log...)
We recently had to solve this same problem in our enterprise. We were required to be able to revert back to prior versions too.
We ended up auditing the business entities rather than the tables in sql. We basically serialize the records in the DB and keep track for the changes that are made from one version to the next. This approach allows us to retreive previous versions into the business entities and then revert back by calling the same save operations. This functionality to revert back will be shifted on the applications responsibility because it must be solved here otherwise our service might need to know about too many details about the participating applications. Serivce Operations to retrieve records by versions, by dates, view history, and of course to audit changes are provided. Its an opt-in approach for different application groups and different entities within (not everything in the DB needs to be auditted so why do that).
We then build a lightweight website that talks to the service and can display all the versions. We built a mechanism to show the additions/updates/deletions to compare between versions (really cool ui representation) this allows users to see who changed what and when. The service can send back a link to the url to view the versions of an entity. This allows our webaps + winform/wpf apps to launch a browser so users can see the changes.
Maybe I can package this up and provide if anyone is interested....
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With