Documentation forSecurity Event Manager

Monitor Microsoft SQL databases for changes to tables and schemas

You can track successful or failed attempts to access your database tables and schemas by installing MSSQL Auditor for Windows on a SEM agent running SQL Server 2008 or later with Profiler. This configuration allows you to monitor your local or remote SQL Server databases.

MSSQL Auditor runs as a service in conjunction with the SEM Agent service.

You can also configure the Microsoft SQL audit events connector to process SQL events in SEM.

Configure your database servers

Download MSSQL Auditor for Windows from the Customer Portal and install the software on your server. When configured and enabled, the software provides your SolarWinds SEM Agent access to details about any database configuration changes to your database server.

To enable the SolarWinds SEM Agent access to details about your database configuration changes, install the following software on your database server:

  • Microsoft SQL Server 2008 or later
  • Microsoft .NET 3.5 and 4.0 Framework
  • SolarWinds SEM Agent for Windows

When completed, install the MSSQL Auditor for Windows on your server.

Install MSSQL Auditor on a SEM Agent

  1. Download the MSSQL Auditor for Windows from the SolarWinds Customer Portal.

  2. Double-click the EXE file to start the installation.

  3. When prompted, click Next.

  4. If you agree with the End User License Agreement, accept the license and then click Next.

  5. Click Change to specify an installation folder, or accept the default, and then click Next.

  6. Click Install.

  7. When the installation is completed, select Launch SolarWinds MSSQL Auditor, and then click Finish.

Configure MSSQL Auditor on your servers

If you did not select Launch SolarWinds MSSQL Auditor after installing the application, you can launch the application from the SolarWinds Security Event Manager program group in your Start menu.

  1. Enter the name of the SQL server to monitor in the SQL Server\Instance field, and then click Add Server.

    To specify an instance other than the default, enter your server name in the following format:

    Server\Instance

  2. Repeat step 1 for any additional servers you need to monitor.
  3. To use an account other than the Local System Account to run MSSQL Auditor on your database server, select This Account in the Run Service As and provide the appropriate credentials.

    SolarWinds recommends using an account in the sysadmin role on your database. The account only requires Execute permissions for any stored procedures with the xp_trace prefix.

  4. In the Manage Auditor Service section, click Start Auditor Service, and then click OK.

Configure the MSSQL Auditor Connector on a SEM Agent

  1. Log in to the SEM Console.

  2. On the toolbar, click Configure > Nodes.
  3. In the Refine Results column, expand Type and select the Agent check box.
  4. Select an agent, and then click Manage node connectors.
  5. In the search box, type:

    MSSQL

  6. Select the SolarWinds Security Event Manager MSSQL Auditor connector, and then click Add Connector.
  7. In the Name field, enter a new name, or keep the existing name.
  8. Click Add.
  9. Under Configured connectors, select your connector, and then click Start.
  10. Repeat these steps for the MSSQL 2000 Application Log connector.