Highlighted
mvadm Super Contributor.
Super Contributor.
362 views

MicrosoftSQLServerAuditWinEvtLogUnifiedConfig, MSSQLSERVER, eventlogtypes=application, eventID=32205

The document "MicrosoftSQLServerAuditWinEvtLogUnifiedConfig.pdf" describes how to log SQL Audit events that are written to the Win application log on the monitored server.

In the connector, the parameter

eventlogtype=application

should beset in agent.properties.

Question:

Does this settings captures all the application logs on the SQL Server or only those with the event ID = 32205 ?

My goal is to prevent the connector from capturing ALL the application logs of a certain server but only those with the ID 32205

Or does the entry

Application, MSSQLSERVER.*, MSSQLSERVER

in customeventsource.map.csv tell the connector only to gather MSSQLSERVER events from the application log ?

I don't want to gather other applic. logs but those with the event ID = 32205.

Thanks for sharing your ideas,

Miloš

Labels (1)
0 Likes
Reply
2 Replies
mvadm Super Contributor.
Super Contributor.

Re: MicrosoftSQLServerAuditWinEvtLogUnifiedConfig, MSSQLSERVER, eventlogtypes=application, eventID=32205

32205 is the external event ID = Windows event ID in the Windows appl. log

0 Likes
Reply
rcasper Contributor.
Contributor.

Re: MicrosoftSQLServerAuditWinEvtLogUnifiedConfig, MSSQLSERVER, eventlogtypes=application, eventID=32205

You should  be able to restrict the eventId's processed by using a Connector filter. 

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.