Configure LEM to monitor Microsoft SQL databases for changes to tables and schemas

You can track successful or failed attempts to access your database tables and schemas by installing MSSQL Auditor for Windows on a LEM Agent running SQL Server 2008 or later with Profiler. This configuration allows you to monitor your local or remote SQL Server databases.

MSSQL Auditor runs as a service in conjunction with the LEM Agent service.

Configure your database servers

Download MSSQL Auditor for Windows from the Customer Portal and install the software on your server. When configured and enabled, the software provides your SolarWinds LEM Agent access to details about any database configuration changes to your database server.

To enable the SolarWinds LEM Agent access to details about your database configuration changes, install the following software on your database server:

  • Microsoft SQL Server 2008 or later
  • Microsoft .NET 3.5 and 4.0 Framework
  • SolarWinds LEM Agent for Windows

When completed, install the MSSQL Auditor for Windows on your server.

Install MSSQL Auditor on a LEM Agent

  1. Download the MSSQL Auditor for Windows from the SolarWinds Customer Portal.

  2. To begin the installation, double-click the EXE file.

  3. To start the wizard, click Next.

  4. Accept the End User License Agreement if you agree, and then click Next.

  5. Click Change to specify an installation folder, or accept the default, and then click Next.

  6. Click Install.

  7. When the installation is finished, select Launch SolarWinds MSSQL Auditor, and then click Finish.

Configure MSSQL Auditor on your servers

If you did not select Launch SolarWinds MSSQL Auditor after installing the application, you can launch the application from the SolarWinds Log and Event Manager program group in your Start menu.

  1. Enter the name of the SQL server to monitor in the SQL Server\Instance field, and click Add Server.

    To specify an instance other than the default, enter your server name in the following format:

    Server\Instance

  2. Repeat step 1 for any additional servers you need to monitor.
  3. To use an account other than the Local System Account to run MSSQL Auditor on your database server, select This Account in the Run Service As and provide the appropriate credentials.

    SolarWinds recommends using an account in the sysadmin role on your database. The account only requires Execute permissions for any stored procedures with the xp_trace prefix.

  4. In the Manage Auditor Service section, click Start Auditor Service, and then click OK.

Configure the MSSQL Auditor Connector on a LEM Agent

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator.

  2. On the LEM toolbar, navigate to Manage > Nodes.

  3. Locate the LEM Agent for your database server and verify it is connected to your LEM Manager.

  4. Next to the SolarWinds LEM Agent, click , and then select Connectors.

  5. In the Refine Results search box, enter MSSQL.
  6. Next to the SolarWinds Log and Event Manager MSSQL Auditor connector, click , and then select New.

  7. Create a new alias name for the connector, or accept the default.

  8. Verify that the Log File field value matches the folder name that stores the logs on your database server, and then click Save.

  9. Next to the new connector instance, click , and then click Start.

  10. Repeat step 1 through step 9 for the MSSQL 2000 Application Log connector.

  11. To close the Connector Configuration window, click Close.

Send notifications of Microsoft SQL database change attempts

Clone and enable the MSSQL Database Change Attempt rule to track user attempts to change properties on a monitored Microsoft SQL Server database. The default rule action generates a HostIncident event you can use in conjunction with the Incidents report to notify auditors that you are auditing the critical events in your network.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator.

  2. On the LEM toolbar, navigate to Build > Rules.

  3. In the Refine Results search box, enter MSSQL Database Change Attempt.
  4. Next to the rule, click , and then select Clone.

  5. Select the folder where the cloned rule will be stored, and then click OK.

  6. Select the Enable check box, and then click Save.

  7. In the main Rules screen, click Activate Rules.