V-271343
Microsoft SQL Server 2022 Instance Security Technical Implementation Guide
Title
SQL Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
Description
<VulnDiscussion>Organizations are required to use a central log management system, so, under normal conditions, the audit space allocated to SQL Server on its own server will not be an issue. However, space will still be required on the server for SQL Server Audit records in transit, and, under abnormal conditions, this could fill up. Since a requirement exists to halt processing upon audit failure, a service outage would result. If support personnel are not notified immediately upon storage ...
Fix Text (Documentation Requirement)
Review the SQL Audit file location; ensure the destination has enough space available to accommodate the maximum total size of all files that could be written. Configure the maximum number of audit log files that are to be generated, staying within the number of logs the system was sized to support. Update the "max_files" or "max_rollover_files" parameter of the audits to ensure the correct number of files is defined. If writing to application event logs or security logs, space considerations are covered in the Windows Server STIGs. Be sure to reference these depending on the OS in use.