Go Up
You are here: AdministrationAdditional ConfigurationExclude Objects from Monitoring ScopeSQL Server Monitoring Scope

Exclude Data from SQL Server Monitoring Scope

You can fine-tune Netwrix Auditor by specifying data that you want to exclude from the SQL Server monitoring scope.

To exclude data from the SQL Server monitoring scope

  1. Navigate to the %Netwrix Auditor install folder%\SQL Server Auditing folder.
  2. Edit the *.txt files, based on the following guidelines:

    • Each entry must be a separate line.
    • A wildcard (*) is supported.
    • Lines that start with the # sign are treated as comments and are ignored.
File Description Syntax

omitlogonlist.txt

 

Contains a list of logons to be excluded from being monitored.

 

monitoring plan name,SQL Server instance,logon type,account,workstation,application name

NOTE: For the account, workstation, application name fields, you can specify a mixed expression that contains both a value and a wildcard (e.g., Admin*).

The following logon types are supported:

  • NtLogon —Successful logon attempt made through Windows authentication.
  • SqlLogon —Successful logon attempt made through SQL Server authentication.

  • NtFailedLogon —Failed logon attempt made through Windows authentication.

  • SqlFailedLogon —Failed logon attempt made through SQL Server authentication.

For example:

DB_M0,Ent-SQL,SQLFailedLogon,guest,WksSQL,MyInternalApp

omitobjlist.txt

Contains a list of object types to be excluded from Activity Summaries and reports.

NOTE: This .txt file has no effect on SQL logons monitoring. Use the omitlogonlist.txt to exclude SQL logons from being monitored.

object_type_name

For example:

Database

Column

omitpathlist.txt

Contains a list of resource paths to the objects to be excluded from Activity Summaries and reports. In this case data is still being collected and saved to the AuditArchive.

Server_instance:resource_path

where resource_path is shown in the What column in the reports.

For example, to exclude information about databases whose names start with "tmp" on the SQL Server instance "PROD.SQL2012": PROD.SQL2012:Databases\tmp*.

omitproplist.txt

Contains a list of attributes to be excluded from being monitored and stored to the AuditArchive.

object_type_name.property_name.attribute_name

where:

  • object_type_name—Can be found in the found in the Object Type column in change reports.

  • property_name—Can be found in the Details column (property name is bold).

  • attribute_name—Can be found in the Details column (attribute name is not bold).

    If an object does not have an attribute name, use the * character.

For example to exclude information about the Size attribute of the Database File property in all databases: Database.Database File.Size.

omitstorelist.txt

Contains a list of objects you want to exclude from being stored to the AuditArchive.

NOTE: This .txt file has no effect on SQL logons auditing. Use the omitlogonlist.txt to exclude SQL logons from being audited.

server_instance.resource_path

where resource_path is shown in the What column in the reports.

omittracelist.txt

Contains a list of SQL Server instances you do not want to enable SQL tracing on.

In this case the "Who", "Workstation" and "When" values will not be reported correctly (except for content changes).

NOTE: If you enabled monitoring of SQL logons, SQL trace for these logons will be created anyway.

server\instance name

pathtotracelogs.txt

Contains a list of SQL Server instances whose traces must be stored locally.

SQLServer\Instance|UNC path

For example:

server\instance|C:\Program Files\Microsoft SQL Server\MSSQL\LOG\

propnames.txt

Contains a list of human-readable names for object types and properties to be displayed in the change reports.

object_type_name.property_name=friendlyname

For example:

*.Date modified=Modification Time

Go Up