Dear Team,
Has anyone at any of the customer environment has integrated Microsoft SQL Database to monitor the logs from the database.
If yes, kindly share the necessary steps to perform the same.
Best Regards-
Praveen K
If you ask a more specific and concrete question you'll have a better chance at getting useful answers.
Hi,
What i meant to ask was is as follows:
ELK stack is a analytics tool and additionally we can use it as SIEM (Security Information and Event Management) tool as well.
We are adding/enabling some log sources (Firewall, IPS) etc in the environment to monitor the logs and prepare some useful reports.
Sameway i asked is "How do we enable the MSSQL and make it to send the logs to ELK" to monitor the logs of SQL.
How it is done and what is the step by step procedure for the same.
Do you need more clarification on the same.
Best Regards-
Praveen K
Are these logs text files? If so, use Filebeat or Logstash's file input to continuously read the files and send them to Elasticsearch. You'll probably want to filter them in Logstash to extract fields and possibly join multiline events.
There are many examples of how to read text-based log files available and most of that will apply in your case too. I don't know what SQL Server log files look like so I can't offer any help there.
Hey
easiest way is to turn the MSSQL logs into syslog messages and send it to the Logstash worker to process it as per the other logs.
http://nxlog.org/ would be able to do this for you as they have a connector already for the Wintel service and the MSSQL logs and relay these to a Central Syslog server or Logstash worker.