Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > What does MSSQL Auditor send to LEM?

What does MSSQL Auditor send to LEM?

Table of contents
Created by Craig O’ Neill, last modified by Abdul.Aziz on Jul 06, 2017

Views: 2,219 Votes: 0 Revisions: 7


This article gives an overview of the level of auditing provided by MSSQL Auditor.


  • All LEM versions
  • LEM Agent not mandatory


The SQL Auditor uses the MSSQL Profiler with trace files that look for specific types of activity. In order to avoid having any visibility into credit card, patient, or other potentially personal information that might pull the LEM appliance under specific regulations (or put sensitive data in a database where it should not belong), it is generally avoided tracing any query activity that would log values being inputted, updated, and deleted.

It is capable to use Profiler/traces to audit anything done against a database, but MSSQL Auditor specifically looks for:

  • Schema changes
  • User/group additions/changes
  • Failures to do any activity - insert, update, delete, etc

These could be made from either the query window, a remote tool, or any application that accesses the database.

SolarWinds have had customers request or provide additional trace auditing, but SolarWinds advised against capturing anything that might have actual query/insert data in it since that could be either stored in a log file (in plain text) on disk on the system and/or in the LEM database.

Note: MSSQL Auditor can be responsible for sending a huge amount of traffic to LEM so it is wise to consult Microsoft documentation on best SQL Auditing practices.

Last modified