Support
 
Support Get Quote
 
 
 
 

Other Resources

Home » White Papers

    How to enable MS SQL Audit Logs

    For analyzing MS SQL audit logs by EventLog Analyzer, you need to initially enable auditing in MS SQL server.

    To enable auditing in MS SQL server you need to,

    1. Create a SQL Server Audit Object that can be used for auditing
    2. Create a Server audit specification
    3. Enabling the Audit Object

    Once the SQL Server Audit Object and Server audit specification is created an configured, EventLog Analyzer will start collecting and analyzing the MS SQL audit application logs.

    MS SQL Audit Logging is supported for MS SQL Enterprise and Datacenter Editions alone
    Note: Ensure that you have added MS SQL Server as a host to EventLog Analyzer server. If not, add MS SQL Server as a host

    Create a SQL Server Audit Object

    To create a SQL Server Audit Object, go to Object Explorer in MS SQL Server Management Studio

    Object Explorer in MSSQL Server

    • In the object explorer, recursively expand the 'Security' node  to 'Audits'

    • Right click on the 'Audit' and select 'New Audit'. This opens 'Create New Audit' page

    Create Audit Page

    1. In the 'Audit Name' field, specify the name for the Audit Object

    2. In the 'Audit destination' field, select 'Application Log' type

    Click on OK to accept the other default settings and save the new audit specification.

    Creating Server Level Audit Specification

    In the object explorer, right click on 'Server Audit Specification' and click on 'New Server Audit Specification'. This opens Create New Server Audit Specification window

    Server Audit specification

    1. In the Name field, specify the name for the Server audit

    2. Select the your Audit object from the 'Audit' field drop down menu

    3. In the Actions table, select the following Audit Action type from the list

    • FAILED_LOGIN_GROUP
    • SUCCESSFUL_LOGIN_GROUP
    • DATABASE_OBJECT_CHANGE_GROUP
    • DATABASE_PRINCIPAL_CHANGE_GROUP
    • SCHEMA_OBJECT_CHANGE_GROUP
    • SERVER_PRINCIPAL_CHANGE_GROUP
    • LOGIN_CHANGE_PASSWORD_GROUP
    • SERVER_STATE_CHANGE_GROUP
    • SCHEMA_OBJECT_ACCESS_GROUP
    • SERVER_ROLE_MEMBER_CHANGE_GROUP
    • DATABASE_ROLE_MEMBER_CHANGE_GROUP
    • DATABASE_CHANGE_GROUP

    Click on OK to save the server audit specification.

    Enabling Audit Object

    Now you need to enable the audit object created. Click on Audits node in Object Explorer and right click on the audit object created, and then click on Enable Audit. This will start the audit. EventLog Analyzer will now collect these audit logs from the MS SQL server that is added as a host to the EventLog Analyzer Server.

    EventLog Analyzer Trusted By

    Los Alamos National Bank Michigan State University
    Panasonic Comcast
    Oklahoma State University IBM
    Accenture Bank of America
    Infosys
    Ernst Young

    Customer Speaks

    • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
      Benjamin Shumaker
      Vice President of IT / ISO
      Credit Union of Denver
    • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
      Joseph Graziano, MCSE CCA VCP
      Senior Network Engineer
      Citadel
    • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
      Joseph E. Veretto
      Operations Review Specialist
      Office of Information System
      Florida Department of Transportation
    • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
      Jim Lloyd
      Information Systems Manager
      First Mountain Bank
    TestimonialsCase Studies

    Awards and Recognitions

    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    A Single Pane of Glass for Comprehensive Log Management
    Log ManagementLog AnalysisIT ComplianceSIEMQuick LinksRelated Products

    A Single Pane of Glass for Comprehensive Threat Management

    Free Trial Get Quote
    Email Download Link