Security-relevant events for databases are centrally logged, including:
- access or modification of particularly important content
- addition of new users, especially privileged users
- changes to user roles or privileges
- attempts to elevate user privileges
- queries containing comments
- queries containing multiple embedded queries
- database and query alerts or failures
- database structure changes
- database administrator actions
- use of executable commands
- database logons and logoffs.