Microsoft SQL Server

The IBM® QRadar® DSM for Microsoft SQL Server collect SQL events by using the syslog, WinCollect Microsoft SQL, or JDBC protocol.

The following table identifies the specifications for the Microsoft SQL Server DSM:
Table 1. Microsoft SQL Server DSM
Specification Value
Manufacturer Microsoft
DSM name SQL Server
RPM file name DSM-MicrosoftSQL-QRadar-version-Build_number.noarch.rpm
Supported versions 2012, 2014 (Enterprise editions only), 2016, 2017, and 2019
Event format Syslog, JDBC, WinCollect
QRadar recorded event types SQL error log events
Automatically discovered? Yes
Includes identity? Yes
More information Microsoft website (http://www.microsoft.com/en-us/server-cloud/products/sql-server/)
You can integrate Microsoft SQL Server with QRadar by using one of the following methods:
Syslog
The IBM QRadar DSM for Microsoft SQL Server can collect LOGbinder SQL events. For information about configuring LOGbinder SQL to collect events from your Microsoft SQL Server, go to the IBM Knowledge Center (https://www.ibm.com/support/knowledgecenter/en/SS42VS_DSM/c_dsm_guide_logbinderex_ms_sql_overview.html)
JDBC
Microsoft SQL Server Enterprise can capture audit events by using the JDBC protocol. The audit events are stored in a table view. Audit events are only available in Microsoft SQL Server 2012, 2014 Enterprise, and 2016.
WinCollect
You can integrate Microsoft SQL Server 2012, 2014, 2016, 2017, and 2019 with QRadar by using WinCollect to collect ERRORLOG messages from the databases that are managed by your Microsoft SQL Server. For more information about WinCollect, go to the IBM Knowledge Center (https://www.ibm.com/support/knowledgecenter/en/SS42VS_SHR/com.ibm.wincollect.doc/c_wincollect_overview_new.html ).
To integrate the Microsoft SQL Server DSM with QRadar, use the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the Microsoft SQL Server RPM from the IBM Support Website onto your QRadar Console.
  2. For each instance of Microsoft SQL Server, configure your Microsoft SQL Server appliance to enable communication with QRadar.
  3. If QRadar does not automatically discover the Microsoft SQL Server log source, create a log source for each instance of Microsoft SQL Server on your network.