MSSQL Logs not being Collected | Online help - EventLog Analyzer

What to do if the MSSQL logs are not being collected?

  1. Open the EventLog Analyzer UI, go to the Settings tab ⇾ Configuration ⇾ Manage Application Sources ⇾ SQL Servers tab ⇾ click on "Update" next to the Instance Name ⇾ check the Server details and verify the Instance Authentication.

  2. Only if the "Advanced Auditing" check box is enabled, the DDL/DML auditing will be enabled and the corresponding logs will be collected. Please note that doing this will push a set of 11 Audit Specifications to the SQL instance:

    1. FAILED_LOGIN_GROUP

    2. SUCCESSFUL_LOGIN_GROUP

    3. DATABASE_OBJECT_CHANGE_GROUP

    4. DATABASE_PRINCIPAL_CHANGE_GROUP

    5. SCHEMA_OBJECT_CHANGE_GROUP

    6. SERVER_PRINCIPAL_CHANGE_GROUP

    7. LOGIN_CHANGE_PASSWORD_GROUP

    8. SERVER_STATE_CHANGE_GROUP

    9. SERVER_ROLE_MEMBER_CHANGE_GROUP

    10. DATABASE_ROLE_MEMBER_CHANGE_GROUP

    11. DATABASE_CHANGE_GROUP

  3. Remote login to the SQL Server and check whether the SQL logs are logged in the Event Viewer ⇾ Application logs with the event ID 33205.

  4. Make sure that the Event Viewer retains logs for at least 20 minutes for all the events to be collected properly.

  5. To increase the log storage size, open Event Viewer ⇾ Windows logs ⇾ right-click on "Application logs" ⇾ increase the value set in "Maximum log size ( KB )".

  6. Column Integrity Monitoring collects only future changes (Post updating/enabling the option in the UI).

  7. Click here to learn more about adding and auditing an MSSQL DB with step-by-step instructions along with the screenshots. 

Oracle: Learn more about adding and auditing an Oracle DB via EventLog Analyzer here.

Note: Post enabling the audit trial, the Oracle DB must be restarted for the auditing to take effect.

                  New to ADSelfService Plus?

                    • Related Articles

                    • Why are SQL Server audit logs not collected?

                      Case 1: Is Advanced Auditing enabled? Open EventLog Analyzer and go to Settings > Database Audit > SQL Servers. The DDL/DML Monitoring column should show Manage for the required instance. If it says Not configured, then edit the required instance, ...
                    • Windows Agent runs fine but not collecting the logs

                      Remote login to the Agent-installed machine ⇾ open "Services.msc" ⇾ ensure that the "ManageEngine EventLog Analyzer agent" service is running. Remote login to the Agent-installed machine ⇾ open a web browser ⇾ ensure that the EventLog Analyzer Web UI ...
                    • Windows agent is running properly but is not collecting logs

                      Establish a remote connection with the machine running the agent. Open services.msc and verify if the ManageEngine EventLog Analyzer agent service is running. On the remote machine: Open a web browser and ensure that the EventLog Analyzer web console ...
                    • What to do if the IIS Configuration logs are not collected?

                      Ensure that the configuration log status column is success. If not, click on "Configure" and configure it. Check whether the configured device is enabled. If not, enable the device. Check whether "Microsoft-IIS-Configuration/Operational" is enabled ...
                    • Offline Logs Management

                      How to: change the Archive (Offline Logs) Location - Applicable for Builds <= 12203 Log on to the EventLog Analyzer UI. Go to Settings Tab ⇾ Admin settings ⇾ Manage Archives ⇾ Settings (right-top corner) Update the new Archive location ⇾ click on ...