I have a Windows server with MsSQL + filebeat. I want to see in ELK all requests that are sent to all databases. Please tell me how best to do this. I have activated the mssql module in filebeat, but I still only get the windows system logs and not mssql. Thanks
Welcome to our community! 
From the docs of that module;
The mssql module parses error logs created by MSSQL.
I don't know any other way to do what you want though sorry.
There are ways through mssql to get requests such as DMVs and Extended Events.
For example, you can use Logstash with the JDBC input plugin to query the MSSQL DMVs to get query history and many other statistics which you can then ingest into Elastic.
Much of this answer will depend on your version and what details your after regarding the queries.
Generally though, trying to capture ALL requests is not something you want to do in a production environment due to the overhead of the capture.
Going after the DMVs on a schedule will be much less overhead than something like profiler.
Another option is to put something in the middle such as HAProxy to forward the TCP requests to mssql. HAProxy will log all requests and there are many ways to pull them out into Beats or Logstash in order to ingest them.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.