Go Up
You are here: AdministrationMonitoring PlansManage Data SourcesSQL Server

SQL Server

Complete the following fields:

Option Description

Monitor this data source and collect activity data

Enable monitoring of the selected data source and configure Netwrix Auditor to collect and store audit data.

Audit SQL Server configuration changes

SQL Server configuration changes are always audited.

Monitor SQL Server logon activity

Specify what types of logon events you want to monitor: successful or failed, performed through Windows and SQL authentication.

  • Failed SQL and Windows logons
  • Successful SQL logons
  • Successful Windows logons

Specify users to track their activity

Specify restriction filters to narrow your SQL Server monitoring scope (search results, reports and Activity Summaries). You can create either inclusion or exclusion lists. For example, include information on actions performed by administrative accounts or exclude activity initiated by ordinary applications. All filters are applied using AND logic. Complete the following fields:

  • User – provide the user name as shown in the "Who" column of reports and Activity Summaries. Example: mydomain\user1.

    TIP: You can provide the "System" value for events containing the “System” instead of an account name in the “Who” column.

  • Workstation where activity was initiated – provide the workstation name as shown in the "Workstation" column of reports and Activity Summaries. Example: StationWin2016.
  • Application that initiated the activity – provide the application name as shown next to "Application name" in details of reports and Activity Summaries.

NOTE: You can use a wildcard (*) to replace any number of characters in filters.

TIP: In addition to the restrictions for a monitoring plan, you can use the *.txt files to collect more granular audit data. Note that the new monitoring scope restrictions apply together with previous exclusion settings configured in the *.txt files. Review the following for more information: Exclude Objects from Monitoring Scope

Monitor changes to data in the database tables Enable monitoring of changes to data stored in the database tables hosted on the SQL Server.
Changes (per transaction) to collect and report:

Specify how many changes per a database transaction you want to be collected. For example, you can limit this number to 10 changes per transaction, or collect all changes.

NOTE: It is recommended to adjust this setting carefully, as collecting large number of changes from a highly-transactional server may affect its performance.

Monitoring rules

Create rules for the data to be audited and therefore to receive change reports on the selected data only. Set the number of data changes per SQL transaction to be included in reports. In this case Netwrix Auditor-specific data will be written to the audited tables. Click Add Rule to create columns auditing rules and configure the following:

  • Type—Select rule type: inclusive or exclusive.
  • Server—Specify a name of the SQL Server instance where the database resides.
  • Database—Specify database name.
  • Table—Specify table name.
  • Column—Specify column name.

    NOTE: The following column types are currently not supported: text, ntext, image, binary, varbinary, timestamp, sql_variant.

NOTE: Wildcard (*) is supported.

Review your data source settings and click Add to go back to your plan. The newly created data source will appear in the Data source list. As a next step, click Add item to specify an object for monitoring. See Add Items for Monitoring for more information.

Go Up