Deployment Architecture

DB Connect to MS SQL from Linux Server

richard_g_curry
Explorer

Is this possible, to connect DB Connect to a MS SQL database using Windows Authentication when the DB Connect tailing server is running Linux? The article "DB Connect to MSSQL DB as Windows Authentication" states how to do this but is not clear if this is all on a Windows centric environment. I suspect that is assumed. Can Windows Authentication be used between a Linux DB Connect client to a MS SQL database or do we need to use a SQL Server account for this?

Thank you for your time on this inquiry.
Rick

0 Karma

shafqat571
Explorer

In this case you need the bridging authentication solution. .
A python script can do the job. what kind of password vault is it.

Work around for this, where everyone in risk,db and access management team is happy is to use one time password, connect the database and let "dbmon-tai"l monitor the database.Once connection is established it does not need authentication again for long time. "dbmon-tail" normally queries database every 100 miliseconds.
Furthermore $SPLUNK_HOME/etc/apps/dbx/bin/status.py can provide the information on schedules query and help troubleshoot.
Additionally you need to setup an alert for internal database connectivity error, incase of reconnect and authentication failure.

0 Karma

shafqat571
Explorer

windows authentication is not required.
You need sql account with appropriate right on database.

some time user is locked out due repeated password failures.
Normally it is problem with firewall, user password and privilege etc
First test the database connectivity with a free tool from squirrelsql.org
one connectiviy is established, splunk configuration is straight forward.

When index the database for first time, watch out for traffic bottleneck and maxing out disk I/O on DB servers.

Please post error messages from db

0 Karma

richard_g_curry
Explorer

Thank you for this.

I've been asked to use Windows Authentication if at all possible. Security around and access to this database is strongly controlled. There is resistence to using a SQL User Account for this. But, if that is all that will work in this environment, then we need to see if how that is supported and if it will work with DB Connect. I do not have the details on this side of the options but it appears that using a SQL User Account requires getting a dynamic password from a password vault with each access. That won't be easy to use with DB Connect, at least I see it that way.

0 Karma

bwang_splunk
Splunk Employee
Splunk Employee

No. DB Connect and Splunk is on linux separately from windows.

0 Karma

bwang_splunk
Splunk Employee
Splunk Employee

inputs.conf is the the same as dbmon would be added by going through ui.

on database.conf,

[mssql]
arguments = useCursors=true
database = master
host = ***
password =***
port = ***
readonly = 0
type = mssql
username = HOSTNAME\username
validate = 1

0 Karma

richard_g_curry
Explorer

Interesting.
Would you mind sharing your database and inputs conf files that make this work? Naturally edit out "proprietary" stuff and leave the Splunk related info.

0 Karma

bwang_splunk
Splunk Employee
Splunk Employee

I have tried using window authentication only on sql server and DB connect can establish connection without issue.

0 Karma

richard_g_curry
Explorer

You are saying that DB Connect was on your MS SQL Server, right?

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.