If you are an application developer working with auditing, you provide the application context audit code and make the architectural and storage decisions. You also make the following additional decisions related to auditing:
Whether to include in your application-defined audit events those operations that do not result in physical database updates (for example, running a business task or pushing a button).
How to divide or consolidate the audit policy that drives the run-time collection of audit data. You can choose a one-size-fits-all approach or a mix-and-match strategy.
The storage locations of the application audit data.
The application run-time (execution) context to apply to database record audits.
The logical grouping of auditable application and database events that span multiple databases.
How your application user authentication is designed to be able to record the correct application user ID in auditing.
Whether to ship preconfigured audit policies as samples.
Whether a customized audit policy maintenance tool should be made available to provide context to policy administrators who do not know the applications detailed schema.
Whether to make available custom reporting tools that provide standard reports on common application data auditing.
What tools, if any, to provide for automating audit data archiving and management.
The particular auditing challenges you face, which are dependent upon:
The vertical market the application is running in. This affects the type of auditing to provide.
The individual production site security policies that drive auditing.
The specific network and hardware configurations at the production sites that control the long-term storage and handling of the audit data.
The perception of the amount of application context required to define database record events, which relates to how much forensic evidence is available for finding and fixing problems.
Regulatory compliance, regarding what data is captured and how long it is kept.
Whether to include in your application-defined audit events those operations that do not result in physical database updates (for example, running a business task or pushing a button).