Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Microsoft SQL Server Log Source Configuration Options

 

Use the reference information to configure the WinCollect plug-in for Microsoft SQL Server.

Microsoft SQL Server Error Logs

The error log is a standard text file that contains Microsoft SQL Server information and error messages. WinCollect monitors the error log for new events and forwards the event to JSA. The error log provides meaningful information to assist you in troubleshooting issues or alerting you to potential or existing problems. The error log output includes the time and date the message was logged, the source of the message, and the description of the message. If an error occurs, the log contains the error message number and a description. Microsoft SQL Servers retain backups of the last six error log files.

WinCollect can collect Microsoft SQL server error log events. To collect Microsoft SQL Server audit and authentication events, you configure the Microsoft SQL Server DSM. For more information, see the Juniper Secure Analytics Configuring DSMs Guide.

WinCollect agents support local collection and remote polling for Microsoft SQL Server installations. To remotely poll for Microsoft SQL Server events, you must provide administrator credentials or domain administrator credentials. If your network policy restricts the use of administrator credentials, you can install a WinCollect agent on the same host as your Microsoft SQL Server. Local installations of WinCollect do not require special credentials to forward events to JSA.

The Microsoft SQL Server event logs that are monitored by WinCollect are defined by the directory path that you specify in your WinCollect SQL log source. The following table lists the default directory paths for the Root Log Directory field in your log source.

Table 1: Default Root Log Directory Paths Microsoft SQL Events

Microsoft SQL version

Collection type

Root log directory

2008

Local

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log\

2008

Remote

\\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log\

2008R2

Local

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log

2008R2

Remote

\\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log

2012

Local

C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\LOG 2012 Remote \\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\LOG

2012

Remote

\\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\LOG

2014

Local

Local C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\LOG 2014 Remote \\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\LOG

2014

Remote

\\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\LOG

2016

Local

C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\LOG 2016 Remote \\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\LOG

2016

Remote

\\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\LOG

2017

Local

C:\PROGRAM FILES\MICROSOFT SQL SERVER \MSSQL14.MSSQLSERVER\MSSQL\LOG

Remote

\\HOSTNAME\C$\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL14.MSSQLSERVER\MSSQL\LOG

Log files that do not match the SQL event log format are not parsed or forwarded to JSA.

Supported Versions Of Microsoft SQL Server

The WinCollect plug-in for Microsoft SQL server supports the following Microsoft SQL software versions:

  • Microsoft SQL Server 2008

  • Microsoft SQL Server 2008R2

  • Microsoft SQL Server 2012

  • Microsoft SQL Server 2014

  • Microsoft SQL Server 2016

  • Microsoft SQL Server 2017

The following table describes the Microsoft SQL server protocol parameters.

Table 2: Microsoft SQL Server Protocol Parameters

Parameter

Description

Log Source Type

Microsoft SQL

Protocol Configuration

WinCollect Microsoft SQL

Root Directory

Microsoft SQL 2008

  • For a local directory path, use C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log\

  • For a remote directory path, use \\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log\

Microsoft SQL 2008R2

  • For a local directory path, use C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log

  • For a remote directory path, use \\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log

Microsoft SQL 2012

  • For a local directory path, use C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log

  • For a remote directory path, use \\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log

Microsoft SQL 2014

  • For a local directory path, use C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Log

  • For a remote directory path, use \\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Log

Microsoft SQL 2016

  • For a local directory path, use C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\LOG

  • For a remote directory path, use \\SQL IP address\c$\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Log

Microsoft SQL 2017

  • For a local directory path, use C:\PROGRAM FILES\MICROSOFT SQL SERVER \MSSQL14.MSSQLSERVER\MSSQL\LOG

  • For a remote directory path, use \\HOSTNAME\C$ \PROGRAM FILES\MICROSOFT SQL SERVER \MSSQL14.MSSQLSERVER\MSSQL\LOG

File Monitor Policy

The Notification-based (local) option uses the Windows file system notifications to detect changes to your event log.

The Polling-based (remote) option monitors changes to remote files and directories. The agent polls the remote event log and compares the file to the last polling interval. If the event log contains new events, the event log is retrieved.