Microsoft SQL Server
The IBM® QRadar® DSM for Microsoft SQL Server collect SQL events by using the syslog, WinCollect Microsoft SQL, or JDBC protocol.
The following table identifies the specifications for the Microsoft SQL Server DSM:
Specification | Value |
---|---|
Manufacturer | Microsoft |
DSM name | SQL Server |
RPM file name | DSM-MicrosoftSQL-QRadar-version-Build_number.noarch.rpm |
Supported versions | 2012, 2014 (Enterprise editions only), 2016, 2017, and 2019 |
Event format | Syslog, JDBC, WinCollect |
QRadar recorded event types | SQL error log events |
Automatically discovered? | Yes |
Includes identity? | Yes |
More information | Microsoft website (http://www.microsoft.com/en-us/server-cloud/products/sql-server/) |
You can integrate Microsoft SQL Server with QRadar by using one of the
following methods:
- Syslog
- The IBM QRadar DSM for Microsoft SQL Server can collect LOGbinder SQL events. For information about configuring LOGbinder SQL to collect events from your Microsoft SQL Server, see LOGbinder SQL event collection from Microsoft SQL Server
- JDBC
- Microsoft SQL Server Enterprise can capture audit events by using the JDBC protocol. The audit events are stored in a table view. Audit events are only available in Microsoft SQL Server 2012, 2014 Enterprise, and 2016.
- WinCollect
- You can integrate Microsoft SQL Server 2012, 2014, 2016, 2017, and 2019 with QRadar by using WinCollect to collect ERRORLOG messages from the databases that are managed by your Microsoft SQL Server. For more information about WinCollect, go to the WinCollect documentation (https://www.ibm.com/docs/en/qsip/7.5?topic=7-wincollect-overview).
To integrate the Microsoft SQL
Server DSM with QRadar,
use the following steps:
- If automatic updates are not enabled, download and install the most recent version of the Microsoft SQL Server RPM from the IBM Support Website onto your QRadar Console.
- For each instance of Microsoft SQL Server, configure your Microsoft SQL Server appliance to enable communication with QRadar.
- If QRadar does not automatically discover the Microsoft SQL Server log source, create a log source for each instance of Microsoft SQL Server on your network.