MSSQL Logs not being Collected | Online help - EventLog Analyzer

What to do if the MSSQL logs are not being collected?

  1. Open the EventLog Analyzer UI, go to the Settings tab ⇾ Configuration ⇾ Manage Application Sources ⇾ SQL Servers tab ⇾ click on "Update" next to the Instance Name ⇾ check the Server details and verify the Instance Authentication.

  2. Only if the "Advanced Auditing" check box is enabled, the DDL/DML auditing will be enabled and the corresponding logs will be collected. Please note that doing this will push a set of 11 Audit Specifications to the SQL instance:

    1. FAILED_LOGIN_GROUP

    2. SUCCESSFUL_LOGIN_GROUP

    3. DATABASE_OBJECT_CHANGE_GROUP

    4. DATABASE_PRINCIPAL_CHANGE_GROUP

    5. SCHEMA_OBJECT_CHANGE_GROUP

    6. SERVER_PRINCIPAL_CHANGE_GROUP

    7. LOGIN_CHANGE_PASSWORD_GROUP

    8. SERVER_STATE_CHANGE_GROUP

    9. SERVER_ROLE_MEMBER_CHANGE_GROUP

    10. DATABASE_ROLE_MEMBER_CHANGE_GROUP

    11. DATABASE_CHANGE_GROUP

  3. Remote login to the SQL Server and check whether the SQL logs are logged in the Event Viewer ⇾ Application logs with the event ID 33205.

  4. Make sure that the Event Viewer retains logs for at least 20 minutes for all the events to be collected properly.

  5. To increase the log storage size, open Event Viewer ⇾ Windows logs ⇾ right-click on "Application logs" ⇾ increase the value set in "Maximum log size ( KB )".

  6. Column Integrity Monitoring collects only future changes (Post updating/enabling the option in the UI).

  7. Click here to learn more about adding and auditing an MSSQL DB with step-by-step instructions along with the screenshots. 

Oracle: Learn more about adding and auditing an Oracle DB via EventLog Analyzer here.

Note: Post enabling the audit trial, the Oracle DB must be restarted for the auditing to take effect.

                  New to ADSelfService Plus?

                    • Related Articles

                    • No data or logs collected from syslog device

                      Issue description During the initial setup or while using EventLog Analyzer, you might notice that logs are not being collected from a syslog device or that syslog device reports do not show any recent data. EventLog Analyzer uses device status ...
                    • Partial log collection or no logs are collected due to flooding of events in Event Viewer | EventLog Analyzer troubleshooting

                      Issue description When high log flow is observed, Event Viewer may flood out, leading to partial or no logs being collected. Possible cause A high number of events being generated in a production environment server might exhaust or exceed the Event ...
                    • Why are SQL Server audit logs not collected?

                      Case 1: Is Advanced Auditing enabled? Open EventLog Analyzer and go to Settings > Database Audit > SQL Servers. The DDL/DML Monitoring column should show Manage for the required instance. If it says Not configured, then edit the required instance, ...
                    • How does EventLog Analyzer store the collected data

                      Objective This document provides details on how EventLog Analyzer stores the collected event logs or data. Prerequisites Understanding of the duration of log management needed by the organization. Understanding of the duration of logs searched by ...
                    • Windows Agent runs fine but not collecting the logs

                      Remote login to the Agent-installed machine ⇾ open "Services.msc" ⇾ ensure that the "ManageEngine EventLog Analyzer agent" service is running. Remote login to the Agent-installed machine ⇾ open a web browser ⇾ ensure that the EventLog Analyzer Web UI ...