Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Create a Custom SQL Auditor Trace File (.tdf)

Create a Custom SQL Auditor Trace File (.tdf)

Table of contents
Created by Jason Dee, last modified by MindTouch on Jun 23, 2016

Views: 39 Votes: 1 Revisions: 25

Overview

The MSSQL Auditor is sending SQL events that are too numerous or simply not needed. This can be solved by modifying the SQL Auditor trace file to filter the events that are being sent to the LEM.

Environment

  • All LEM versions
  • All SQL Server versions

Steps

1. Import the trace template into SQL Profiler (double click the tdf.  located in C:\Program Files (x86)\SolarWinds Log and Event Manager MSSQL Auditor\tdfs by default).

2. Edit the template (File > Templates > Edit Template > Select our template) and open Events Selection tab.

3. Click on the Column Filters... button (you should be able to see a dialog similar to what is shown in the attached screenshot), select DBUserName column, and add the LIKE/NOT LIKE condition as applicable.

 

Edit Filter

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4. Save the template, replace the one inside the C:\Program Files (x86)\SolarWinds Log and Event Manager MSSQL Auditor\tdfs folder with the file that is located at C:\Users\<user>\AppData\Roaming\Microsoft\SQL Profiler\12.0\Templates\Microsoft SQL Server\120

5. Restart the MSSQLAuditor service.

Last modified
19:57, 22 Jun 2016

Tags

Classifications

Public