Database Audit Logs
Overview
Database administrative activity can be tracked for Microsoft SQL Server for log search and custom alerts.
Before You Begin
- Configure the audit object access setting in Windows using auditpol:
- Open a command window as administrator
- Run:
auditpol /set /subcategory:"application generated" /success:enable /failure:enable
- Grant the generate security audits permission to an account using secpol:
- Run
secpol.msc
- In the Local Security Policy tool, expand Security Settings, expand Local Policies, and then click User Rights Assignment.
- In the results pane, double-click Generate security audits.
- On the Local Security Setting tab, click Add User or Group.
- In the Select Users, Computers, or Groups dialog box, enter the name of the account SQL Server is running as and click OK.
- Restart SQL Server to enable this setting.
- Run
- Create a server audit:
- Open SQL Server Management Studio.
- In Object Explorer, expand the Security folder.
- Right-click the Audits folder and select New Audit...
- Fill in the fields and choose either Windows Application log or Windows Security log for the audit destination.
- When you are finished selecting options, click OK.
- Create a server audit specification:
- In Object Explorer, click the plus sign to expand the Security folder.
- Right-click the Server Audit Specifications folder and select New Server Audit Specification...
- Enter a name, choose the server audit created above, and configure the audit action types to log.
- When you are finished, click OK.
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu
- At the top right of the page, select the dropdown that says "Setup Event Source" and then choose Add Event Source
- Select the Database Audit Logs icon from the Raw Logs section
- Select your collector, and optionally name your event source
- From the list of event source options, choose Microsoft SQL Server
- Choose a timezone, or optionally choose a US timezone
- Enter the IP address or the machine name of the server in the Server field
- Enter the User Domain information, or the domain of your credentials.
- Select existing credentials or configure new credentials.
- Select Save.
Did this page help you?