Configure SEM to monitor Microsoft SQL databases for changes to tables and schemas
You can track successful or failed attempts to access your database tables and schemas by installing MSSQL Auditor for Windows on a SEM Agent running SQL Server 2008 or later with Profiler. This configuration allows you to monitor your local or remote SQL Server databases.
MSSQL Auditor runs as a service in conjunction with the SEM Agent service.
You can now configure SQL audit events and use our new SQL Audit Events connector to parse those events. Learn more here.
Configure your database servers
Download MSSQL Auditor for Windows from the Customer Portal and install the software on your server. When configured and enabled, the software provides your SolarWinds SEM Agent access to details about any database configuration changes to your database server.
To enable the SolarWinds SEM Agent access to details about your database configuration changes, install the following software on your database server:
- Microsoft SQL Server 2008 or later
- Microsoft .NET 3.5 and 4.0 Framework
- SolarWinds SEM Agent for Windows
When completed, install the MSSQL Auditor for Windows on your server.
Install MSSQL Auditor on a SEM Agent
Download the MSSQL Auditor for Windows from the SolarWinds Customer Portal.
To begin the installation, double-click the EXE file.
To start the wizard, click Next.
Accept the End User License Agreement if you agree, and then click Next.
Click Change to specify an installation folder, or accept the default, and then click Next.
When the installation is finished, select Launch SolarWinds MSSQL Auditor, and then click Finish.
Configure MSSQL Auditor on your servers
If you did not select Launch SolarWinds MSSQL Auditor after installing the application, you can launch the application from the SolarWinds Security Event Manager program group in your Start menu.
- Enter the name of the SQL server to monitor in the SQL Server\Instance field, and then click Add Server.
To specify an instance other than the default, enter your server name in the following format:
- Repeat step 1 for any additional servers you need to monitor.
- To use an account other than the Local System Account to run MSSQL Auditor on your database server, select This Account in the Run Service As and provide the appropriate credentials.
SolarWinds recommends using an account in the sysadmin role on your database. The account only requires Execute permissions for any stored procedures with the xp_trace prefix.
- In the Manage Auditor Service section, click Start Auditor Service, and then click OK.
Configure the MSSQL Auditor Connector on a SEM Agent
- On the SEM Console, navigate to Configure > Nodes.
- Under Refine Results, expand the Type group, and then select the Agent check box.
- Select an agent, and then click Manage node connectors.
- In the search box, type MSSQL.
- Select the SolarWinds Security Event Manager MSSQL Auditor connector, and then click Add Connector.
- In the Name field, enter a new name, or keep the existing name.
- Click Add.
- Under Configured connectors, select your connector, and then click Start.
Repeat the steps for the MSSQL 2000 Application Log connector.