Database Audit Logs

Overview

Database administrative activity can be tracked for Microsoft SQL Server for log search and custom alerts.

Before You Begin

  1. Configure the audit object access setting in Windows using auditpol:
    • Open a command window as administrator
    • Run: auditpol /set /subcategory:"application generated" /success:enable /failure:enable
  2. Grant the generate security audits permission to an account using secpol:
    • Run secpol.msc
    • In the Local Security Policy tool, expand Security Settings, expand Local Policies, and then click User Rights Assignment.
    • In the results pane, double-click Generate security audits.
    • On the Local Security Setting tab, click Add User or Group.
    • In the Select Users, Computers, or Groups dialog box, enter the name of the account SQL Server is running as and click OK.
    • Restart SQL Server to enable this setting.
  3. Create a server audit:
    • Open SQL Server Management Studio.
    • In Object Explorer, expand the Security folder.
    • Right-click the Audits folder and select New Audit...
    • Fill in the fields and choose either Windows Application log or Windows Security log for the audit destination.
    • When you are finished selecting options, click OK.
  4. Create a server audit specification:
    • In Object Explorer, click the plus sign to expand the Security folder.
    • Right-click the Server Audit Specifications folder and select New Server Audit Specification...
    • Enter a name, choose the server audit created above, and configure the audit action types to log.
    • When you are finished, click OK.

How to Configure This Event Source

  1. From your dashboard, select Data Collection on the left hand menu
  2. At the top right of the page, select the dropdown that says "Setup Event Source" and then choose Add Event Source
  3. Select the Database Audit Logs icon from the Raw Logs section
  4. Select your collector, and optionally name your event source
  5. From the list of event source options, choose Microsoft SQL Server
  6. Choose a timezone, or optionally choose a US timezone
  7. Enter the IP address or the machine name of the server in the Server field
  8. Enter the User Domain information, or the domain of your credentials.
  9. Select existing credentials or configure new credentials.
  10. Select Save.