Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
antonisg
Starting Member
4 Posts |
 Posted - 2014-09-02 : 03:28:22
|
| Hi,I'm a system admin and I try to configure IBM Qradar (SIEM) with a dozen of SQL servers I have. They are not the same version varying from 2000 to 2012. The Qradar takes information only from ERRORLOG which is produced only by errors from a security level and above. I wonder If I can configure ERRORLOG to include other actions in db level (like Drop Table, Delete DB, Create Table etc) in order to have this information passed to Qradar. You think this is a good idea or I have to create a new script? |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-09-02 : 14:49:52
|
| You'll need a DDL trigger for that. You can have them log to the Error Log via RAISERROR. DDL triggers were not available in version 2000 though. If you want to implement it there, you've got a much larger task. I'd skip 2000 if I were you...Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
 |
|
|
antonisg
Starting Member
4 Posts |
Posted - 2014-09-03 : 03:53:03
|
| Actually the older versions will be upgraded to newer like 2008. I will search for RAISERROR if this is a solution. You have any other option for newer versions? thank you |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-09-03 : 12:23:35
|
| You need to search for DDL triggers. Instead the DDL trigger is where you'd use RAISERROR to log an event in the Error Log.Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
|
|
|
antonisg
Starting Member
4 Posts |
Posted - 2014-09-09 : 06:31:39
|
| In SQL server 2008 only using powershell I can create triggers? I right click in DB triggers and only Start Powershell option is possible. No "create new trigger" exist. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-09-09 : 12:32:53
|
| I don't know where you are clicking. You just need to open a new query window and write your trigger there. There are some examples here: http://technet.microsoft.com/en-us/library/ms186406(v=sql.105).aspxTara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
|
|
|
antonisg
Starting Member
4 Posts |
Posted - 2014-09-15 : 09:32:56
|
| ok... thx. I managed to create triggers to collect some events in the ERRORLOG. |
|
|
|
|
|
|
SQL server & SIEM