MSSQL Monitoring Experiences
Who is using RSA enVision to monitor SQL databases, We have started down this path and solved a couple of problems but would like to share experiences with others so that we can avoid some obvious problems and get the most out of RSA EnVision.
The first step is to get an Idea on how many people are monitoring MSSQL.
I've tried sevral times to configure enVision to monitor SQL 2005 servers and it always fails with errors in kind of tracker monitoring or another problem is that i have to reduce all the auditing on the sql to 2 events otherwise it's creating infinte files on the server until it crush.
i have an issue open on this problem for soooo long that i've just given up.
We are soon to embark on the monitoring of SQL 2005 servers, however we are going to attempt to do it in a slightly non-traditional way. We have a number of SQL servers with logging enabled (15-20). We have them all writing their events in a single database. We plan to pull all events from that single SQL server.
Has anyone ever tried this approach before?
You have to be careful. The way RSA has you configure the database will mean that you can get overloaded with events. We had some SQL databases that were sending us millions of events a day. We ended up using 2 Sql Queries, one for monitoring DBAs which gathered more data and one for "normal users" which gathered much less data.
We are trying to use RSA for auditing a MSSQL 2005 system but have run into what you mentioned in your post, we are getting SQL log data, but really what we are seeing is of little value. Would you be able to share generic versions of the SQL queries that you found to be of value?