September 2, 2014 at 1:33 am
I'm a system admin and I try to configure IBM Qradar (SIEM) with a dozen of SQL servers I have. They are not the same version varying from 2000 to 2012. The Qradar takes information only from ERRORLOG which is produced only by errors from a security level and above.
I wonder If I can configure ERRORLOG to include other actions in db level (like Drop Table, Delete DB, Create Table etc) in order to have this information passed to Qradar. You think this is a good idea or I have to create a new script?
September 9, 2014 at 5:39 am
It seems to me you are trying to use a tool for a purpose it wasn't built for. This would lead to a lot of customization and programming with a lot of possible errors and issues to run into. I would suggest to look for another (freeware?) monitoring tool that meet you needs.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply