Objective
This article focuses on how to add SQL servers in EventLog Analyzer and receive the reports of SQL instances.
Prerequisites
Have access to the EventLog Analyzer console as an administrator
Have access to the SQL server for manual configuration
Have a SA account or a similar Windows authentication user account or a service account with control server permission to enabled advance auditing
PORTS | INBOUND | OUTBOUND | Additional Rights and Permissions |
UDP/1434 | MSSql Server | EventLog Analyzer Server | User Permissions: |
TCP/1433 | MSSql Server | EventLog Analyzer Server |
Steps to follow
Step 1: Login to EventLog Analyzer console.
Step 2: Navigate to Settings >> Database Audit >> SQL server.
Step 3: Select + Add Instance.
Step 4: Select the Instance Name from the auto discovery or choose + Add Manually.
Step 5: Under Windows Server Configuration, add the server name manually or choose the SQL server if you need to add it to the Windows log collection.
Step 6: Enter the credentials to perform log collection from the Event Viewer of the Windows machine.
Refer to the Service Account Permission to know about permission. You can also enable the Use Default Credential check box if the user account provided in the Domains and Account page has sufficient permission. Step 7: Under SQL Server Instance Configuration, add the Instance Name and Port number used by SQL server. Refer to How to find port number to learn more. Step 8: Set the Instance Authentication type and enter the credentials.
Note 1: The credentials mentioned above are the same as the user logon credentials for the SQL instance.
Note 2: Enabling advanced auditing will create an audit policy, and disabling advanced auditing will remove the audit policy on this SQL Server instance. Click here to know more. Step 9: Choose Add to include the SQL instance.
Tips
In the SQL Server Configuration Manager console, click SQL Server Network Configuration.
Select Protocols for <instance name>. In the center pane, under the Protocol Name column, ensure TCP/IP is Enabled.
If TCP/IP is Disabled, double-click TCP/IP, toggle the Enabled status from No to Yes and click OK.
Restart the SQL Server instance.
In the SQL Server Configuration Manager console, click SQL Server Network Configuration.
Select Protocols for <instance name> In the center pane, under the Protocol Name column, double-click TCP/IP.
In the TCP/IP Properties pop-up, click the IP Addresses menu, and go to the IPAll section at the bottom.
Ensure that the TCP Dynamic Ports field is empty.