Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Archive > 2017October30 - LEM Deletes > Monitor Microsoft SQL databases for changes to tables and schema

Monitor Microsoft SQL databases for changes to tables and schema

You can track successful or failed attempts to access your database tables and schemas by installing MSSQL Auditor for Windows on a SolarWinds LEM Agent running SQL Server 2008 or later with Profiler. This configuration allows you to monitor your local or remote SQL Server databases.

MSSQL Auditor runs as a service in conjunction with the LEM Agent service.

Configure your database servers

Download MSSQL Auditor for Windows from the Customer Portal and install the software on your server. When configured and enabled, the software provides your SolarWinds LEM Agent access to details about any database configuration changes to your database server.

To enable the SolarWinds LEM Agent access to details about your database configuration changes, install the following software on your database server: 

  • Microsoft SQL Server 2008 or later
  • Microsoft .NET 3.5 and 4.0 Framework
  • SolarWinds LEM Agent for Windows

When completed, install the MSSQL Auditor for Windows on your server.

Install MSSQL Auditor on a SolarWinds LEM Agent

  1. Download the MSSQL Auditor for Windows from the SolarWinds Customer Portal.
  2. Double-click the EXE file to begin the installation.
  3. Click Next to start the wizard.
  4. Accept the End User License Agreement if you agree, and click Next.
  5. Click Change to specify an installation folder, or accept the default and click Next.
  6. Click Install.
  7. When the installation is finished, select Launch SolarWinds MSSQL Auditor, and click Finish.

Configure MSSQL Auditor on your servers

If you did not select Launch SolarWinds MSSQL Auditor after installing the application, you can launch the application from the SolarWinds Log and Event Manager program group in your Start menu.

  1. Enter the name of the SQL server to monitor in the SQL Server\Instance field, and click Add Server.

    To specify an instance other than the default, enter your server name in the following format: 

    Server\Instance

  2. Repeat step 1 for any additional servers you need to monitor.
  3. To use an account other than the Local System Account to run MSSQL Auditor on your database server, select This Account in the Run Service As and provide the appropriate credentials.

    SolarWinds recommends using an account in the sysadmin role on your database. The account only requires Execute permissions for any stored procedures with the xp_trace prefix.

  4. In the Manage Auditor Service section, click Start Auditor Service.
  5. Click OK.

Configure the MSSQL Auditor Connector on a SolarWinds LEM Agent

  1. Open the SolarWinds LEM Console and log into the SolarWinds LEM Manager as an administrator.
  2. Click the Manage tab and select Nodes.
  3. Locate the SolarWinds LEM Agent for your database server and verify it is connected to your LEM Manager.
  4. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0A0/050/Button-Gear(Gray)_17x14.png next to the SolarWinds LEM Agent and select Connectors.
  5. In the Refine Results search box, enter:

    MSSQL 

  6. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0A0/050/Button-Gear(Gray)_17x14.png next to the SolarWinds Log and Event Manager MSSQL Auditor connector and select New.
  7. Create a new alias name for the connector or accept the default.
  8. Verify that the Log File field value matches the folder name that stores the logs on your database server, and then click Save.
  9. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0A0/050/Button-Gear(Gray)_18x14.png next to the new connector instance, and click Start.
  10. Repeat step 1 through step 9 for the MSSQL 2000 Application Log connector.
  11. Click Close to close the Connector Configuration window.

Send notifications of Microsoft SQL database change attempts

Clone and enable the MSSQL Database Change Attempt rule to track user attempts to change properties on a monitored Microsoft SQL Server database. The default rule action generates a HostIncident event you can use in conjunction with the Incidents report to notify auditors that you are auditing the critical events in your network.

  1. Open the SolarWinds LEM Console and log into the SolarWinds LEM Manager as an administrator.
  2. Click the Build tab, and select Rules.
  3. In the Refine Results search box, enter:

    MSSQL Database Change Attempt

  4. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0A0/050/Button-Gear(Gray)_18x15.png next to the rule, and select Clone.
  5. Select the folder where the cloned rule will be stored, and click OK.
  6. Select the Enable check box.
  7. Click Save.
  8. In the main Rules screen, click Activate Rules.

 

 
Last modified

Tags

Classifications

Public