September 8, 2017 at 7:04 am
Dear SQL Server Security Colleagues,
My SQL Server Security Configuration:
Login Auditing: Both failed and successful logins
This configuration produces a lot of events in Event Viewer Application Log, almost impossible to find another SQL Server event in case of needed troubleshooting, we need to find a way to better handle thi records, that we could not lose events.
Fix #1:
Write SQL Server Audit Events to the Security Log
https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/write-sql-server-audit-events-to-the-security-log
Following the article does not stop writing logon events in the Event Viewer Application Log instead of Security Event Viewer.
What could be wrong ?
Fix #2:
Configuring Audits to write SQL Server Audit Events to Windows Security log
https://www.tecklyfe.com/how-to-write-sql-server-audit-events-to-windows-security-log/
The article works as it says, redirecting SQL Server Logon events to the security event viewer log successfully.
Could It have a Performance impact on other SQL Server aspects ??, due to the fact that I am adding some objects to the SQL Server that before does not exist and is a new configuration for me.
What do you think about this configuration ?
Have anyone used some of this fixes before??
Should I insist with the Fix #1 or Not ?
What implications do you think will bring to me Fix #2 ?
Thanks a lot
Viewing 0 posts
You must be logged in to reply to this topic. Login to reply