Microsoft SQL Server Log Source Configuration Options
Use the reference information to configure the WinCollect plug-in for Microsoft SQL Server.
Microsoft SQL Server Error Logs
The error log is a standard text file that contains Microsoft SQL Server information and error messages. WinCollect monitors the error log for new events and forwards the event to JSA. The error log provides meaningful information to assist you in troubleshooting issues or alerting you to potential or existing problems. The error log output includes the time and date the message was logged, the source of the message, and the description of the message. If an error occurs, the log contains the error message number and a description. Microsoft SQL Servers retain backups of the last six error log files.
WinCollect can collect Microsoft SQL server error log events. To collect Microsoft SQL Server audit and authentication events, you configure the Microsoft SQL Server DSM. For more information, see the Juniper Secure Analytics Configuring DSMs Guide.
WinCollect agents support local collection and remote polling for Microsoft SQL Server installations. To remotely poll for Microsoft SQL Server events, you must provide administrator credentials or domain administrator credentials. If your network policy restricts the use of administrator credentials, you can install a WinCollect agent on the same host as your Microsoft SQL Server. Local installations of WinCollect do not require special credentials to forward events to JSA.
The Microsoft SQL Server event logs that are monitored by WinCollect are defined by the directory path that you specify in your WinCollect SQL log source. The following table lists the default directory paths for the Root Log Directory field in your log source.
Table 1: Default Root Log Directory Paths Microsoft SQL Events
Microsoft SQL version
Root log directory
Log files that do not match the SQL event log format are not parsed or forwarded to JSA.
Supported Versions Of Microsoft SQL Server
The WinCollect plug-in for Microsoft SQL server supports the following Microsoft SQL software versions:
Microsoft SQL Server 2008
Microsoft SQL Server 2008R2
Microsoft SQL Server 2012
Microsoft SQL Server 2014
Microsoft SQL Server 2016
The following table describes the Microsoft SQL server protocol parameters.
Table 2: Microsoft SQL Server Protocol Parameters
Log Source Type
WinCollect Microsoft SQL
Microsoft SQL 2008
Microsoft SQL 2008R2
Microsoft SQL 2012
Microsoft SQL 2014
Microsoft SQL 2016
File Monitor Policy
The Notification-based (local) option uses the Windows file system notifications to detect changes to your event log.
The Polling-based (remote) option monitors changes to remote files and directories. The agent polls the remote event log and compares the file to the last polling interval. If the event log contains new events, the event log is retrieved.