How to add an SQL server in EventLog Analyzer

How to add an SQL server in EventLog Analyzer

Objective  

This article focuses on how to add SQL servers in EventLog Analyzer and receive the reports of SQL instances.

Prerequisites  

  • Have access to the EventLog Analyzer console as an administrator
  • Have access to the SQL server for manual configuration
  • Have a SA account or a similar Windows authentication user account or a service account with control server permission to enabled advance auditing
 
PORTS
INBOUND
OUTBOUND
Additional Rights and Permissions
UDP/1434
MSSql Server
EventLog Analyzer Server
User Permissions:
  • Can be configured to use dynamic TCP ports for communication.
TCP/1433
MSSql Server
EventLog Analyzer Server

Steps to follow  

Step 1: Login to EventLog Analyzer console.
Step 2: Navigate to Settings >> Database Audit >> SQL server.
Step 3: Select + Add Instance.
Step 4: Select the Instance Name from the auto discovery or choose + Add Manually. 
Step 5: Under Windows Server Configuration, add the server name manually or choose the SQL server if you need to add it to the Windows log collection.
Step 6: Enter the credentials to perform log collection from the Event Viewer of the Windows machine.
Refer to the Service Account Permission to know about permission. You can also enable the Use Default Credential check box if the user account provided in the Domains and Account page has sufficient permission.
Step 7: Under SQL Server Instance Configuration, add the Instance Name and Port number used by SQL server. Refer to How to find port number to learn more.
Step 8: Set the Instance Authentication type and enter the credentials.
Note 1: The credentials mentioned above are the same as the user logon credentials for the SQL instance.
Note 2: Enabling advanced auditing will create an audit policy, and disabling advanced auditing will remove the audit policy on this SQL Server instance. Click here to know more.
Step 9: Choose Add to include the SQL instance.
 
 Tips  
  • EventLog Analyzer connects to SQL Server using TCP/IP, so ensure that TCP/IP is enabled for the instance.
  • In the SQL Server Configuration Manager console, click SQL Server Network Configuration.
  • Select Protocols for <instance name>. In the center pane, under the Protocol Name column, ensure TCP/IP is Enabled.
  • If TCP/IP is Disabled, double-click TCP/IP, toggle the Enabled status from No to Yes and click OK.
  • Restart the SQL Server instance.
  •  The SQL Server instance should not use a dynamic port.  
  • In the SQL Server Configuration Manager console, click SQL Server Network Configuration.
  • Select Protocols for <instance name> In the center pane, under the Protocol Name column, double-click TCP/IP.
  • In the TCP/IP Properties pop-up, click the IP Addresses menu, and go to the IPAll section at the bottom.
  • Ensure that the TCP Dynamic Ports field is empty.
 

 
 

                  New to ADSelfService Plus?

                    • Related Articles

                    • How to add a print server in EventLog Analyzer

                      Objective This document outlines the procedure for integrating a print server with ManageEngine EventLog Analyzer. Monitoring print servers is essential for maintaining operational efficiency and safeguarding against unauthorized data access. By ...
                    • Unable to start EventLog Analyzer

                      Issue description This issue occurs when the EventLog Analyzer service fails to start, or when users are unable to access the web client through the browser (typically on ports 8400 or 8445). Users may experience one or more of the following ...
                    • Windows agent not communicating with EventLog Analyzer server

                      Issue description When the agent fails to communicate with the EventLog Analyzer server, the log transfer between devices is disrupted. As a result, logs accumulate on the agent machine until connectivity is restored. This delay in log transmission ...
                    • Unable to configure Mail Server in Eventlog Analyzer

                      Issue description This issue occurs when EventLog Analyzer is unable to send notification emails or one-time password (OTP) emails. This may happen due to several reasons, such as incorrect email server configurations, network issues, or ...
                    • Enabling historic log collection in EventLog Analyzer

                      EventLog Analyzer collects all the logs present in the Windows Event Viewer (i.e., Windows Logs > Application, Security, System) when the historic log collection option is enabled. To enable historic log collection, follow the steps below: Navigate ...