Splunk Enterprise Security

How to get SQL server logs into Splunk for Enterprise Security?

MinaMina
New Member

Hello,

I need to put sql server logs into Splunk for Enterprise Security. Is there any add-on available? I found an Add-on for Oracle, but not for Sqlserver.

Thx in advance

0 Karma
1 Solution

rpille_splunk
Splunk Employee
Splunk Employee

Hi MinaMina,

Thanks for your question. We just published a Splunk Add-on for Microsoft SQL Server: https://apps.splunk.com/app/2648/. I hope this helps.

View solution in original post

rpille_splunk
Splunk Employee
Splunk Employee

Hi MinaMina,

Thanks for your question. We just published a Splunk Add-on for Microsoft SQL Server: https://apps.splunk.com/app/2648/. I hope this helps.

saurabh_tek
Communicator

@rpille the addon "Splunk Add-on for Microsoft SQL Server" collects basic data about performance of SQL server

what i am interested to look at is -
- who has accessed the database recently
- what change has been made on the database recently
- which new user has been created on the DB recently
- etc...

could u plz suggest what has to be done for to get this logs.

i saw SQL management suite has some logs there, how can we get that forwarded to SPlunk ?

0 Karma

saraelamr
New Member

Did you find a way how to do it please?

0 Karma

sumitkathpal292
New Member

@saurabh_tek r u able to find the solution ?

0 Karma

LukeMurphey
Champion

Do you have your logs already in Splunk? I'm trying to figure out if the issue is getting the logs themselves in Splunk or getting them tagged and extracted such that they work with ES. I'm just trying to understand so that the I provide the right guidance.

0 Karma

MinaMina
New Member

Not yet, i'm in a planification step. yes, it's about the second one (getting them tagged and extracted such that they work with ES)
I found this one https://apps.splunk.com/app/742/
I'm not sure it will work because it wasn't developped for a use with ES.

0 Karma

pmdba
Builder

I haven't used SQLServer in a long time, but as I recall a lot of what it records goes into the Windows system logs. The Splunk App for Windows Infrastructure or the Universal Forwarder should be able to pick up those records. For anything getting written to an actual log file it should just be a matter of creating a custom file input and directing the data to an index, as described here.

0 Karma

MinaMina
New Member

Thank you for your answer,

But it's not about getting sqlserver logs into Splunk Enterprise, it's about loading it into the Splunk App for Enterprise Security 3.0.1.
So i'm looking for an add-on "Security and Compliance" that i can use with ES.

Have you any idea ?

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...