- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I need to put sql server logs into Splunk for Enterprise Security. Is there any add-on available? I found an Add-on for Oracle, but not for Sqlserver.
Thx in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi MinaMina,
Thanks for your question. We just published a Splunk Add-on for Microsoft SQL Server: https://apps.splunk.com/app/2648/. I hope this helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi MinaMina,
Thanks for your question. We just published a Splunk Add-on for Microsoft SQL Server: https://apps.splunk.com/app/2648/. I hope this helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rpille the addon "Splunk Add-on for Microsoft SQL Server" collects basic data about performance of SQL server
what i am interested to look at is -
- who has accessed the database recently
- what change has been made on the database recently
- which new user has been created on the DB recently
- etc...
could u plz suggest what has to be done for to get this logs.
i saw SQL management suite has some logs there, how can we get that forwarded to SPlunk ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i wanted to get below logs from sql server.
who has accessed the database recently
- what change has been made on the database recently
- which new user has been created on the DB recently
Splunk Add-on for Microsoft SQL Server : do not give above logs. Please suggest
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you find a way how to do it please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@saurabh_tek r u able to find the solution ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have your logs already in Splunk? I'm trying to figure out if the issue is getting the logs themselves in Splunk or getting them tagged and extracted such that they work with ES. I'm just trying to understand so that the I provide the right guidance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not yet, i'm in a planification step. yes, it's about the second one (getting them tagged and extracted such that they work with ES)
I found this one https://apps.splunk.com/app/742/
I'm not sure it will work because it wasn't developped for a use with ES.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I haven't used SQLServer in a long time, but as I recall a lot of what it records goes into the Windows system logs. The Splunk App for Windows Infrastructure or the Universal Forwarder should be able to pick up those records. For anything getting written to an actual log file it should just be a matter of creating a custom file input and directing the data to an index, as described here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your answer,
But it's not about getting sqlserver logs into Splunk Enterprise, it's about loading it into the Splunk App for Enterprise Security 3.0.1.
So i'm looking for an add-on "Security and Compliance" that i can use with ES.
Have you any idea ?
