How to enable MS SQL Audit Logs


For analyzing MS SQL audit logs by EventLog Analyzer, you need to enable auditing in MS SQL server.

To enable auditing in MS SQL server you need to:

  1. Create an SQL Server Audit Object that can be used for auditing.

  2. Create a Server Audit Specification.

  3. Enable the Audit Object.

Once the SQL Server Audit Object and Server Audit Specification are created and configured, EventLog Analyzer will start collecting and analyzing the MS SQL audit application logs.

 

Supported editions:

For SQL Server prior to 2012, Enterprise and Datacenter editions are supported.

For SQL Server 2012 and later, Enterprise, Datacenter and Standard editions are supported.                          

 

Note: Ensure that you have added MS SQL Server as a device in the EventLog Analyzer server.

 

Create an SQL Server Audit Object

Object Explorer in MSSQL Server

Create Audit Page

  1. In the Audit Name field, specify the name for the Audit Object.

  2. In the Audit Destination field, select Application Log.

Create a Server Level Audit Specification

Server Audit specification

  1. In the Name field, specify the name for the Server Audit Specification.

  2. Select your Audit object from the Audit drop down menu.

  3. In the Actions table, select the following Audit Action Types from the list:

 

Enable the Audit Object

Now you need to enable the audit object created. Expand Audits in the Object Explorer and right click on the audit object created, and then click on Enable Audit. This will start the audit. EventLog Analyzer will now collect these audit logs from the MS SQL server.