Collecting MSSQL Audit Logs via EventViewer with WMI Integration

We can get MSSQL Audit logs under EventViewer - Windows Logs - Application directory. In this document, printing sql audit logs under the application will be explained.

First, enter Mssql Management Studio. The audit file is created under the Security - Audit directory, first Disabled and then entered in the properties.

Screen_Shot_2022-05-24_at_20.37.31.png

You should do the configuration as above. Then close the window by saying OK and activate the audit file, we can open EventViewer when we see that we have received Success in the notification window.

Screen_Shot_2022-05-24_at_20.37.38.png

You will see all the logs written under Logsign Audit under Application. ( Select, Delete, Create , Login auth etc.).

Then you can continue with WMI Integration to get Application file logs from the EventViewer.

For WMI Integration and user authorization, please follow the document below;

WMI Authorization Document

After integration has been done with WMI , you'll see the MSSQL Logs in the search screen.

Note: Instead of Wmi Integration, Nxlog can also be used as an alternative integration method.

Screen_Shot_2022-05-24_at_20.37.45.png

Screen_Shot_2022-05-24_at_20.38.01.png

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.