SQL SERVER BEST PRACTICE LOG COLLECT
I'm trying to configure sql servers to send logs into RSA. Please can anyone share the experience which is the best recommanded way to do it ? The documents are just a bit confusing to me: File (ERRORLOG), Windows Eventing (MS SQL Ser-vice Logs and SQL Auditing) or ODBC (SQL Auditing) ? Based on some resources SQL Server Audit Logging they suggest to do the File mode.
Also I'm having problems doing the configuration for File mode. What is File Directory ?
- Community Thread
- Forum Thread
- microsoft sql
- RSA NetWitness Endpoint
- RSA NetWitness Platform
Typically I use ODBC as a collection method. When using ODBC it is important to pare down the collection script to reflect only what you need for events from the SQL server.
Thank You Dave. I'm trying to do ODBC or File with Error Log. Is there any difference ? ODBC mode i found too complicated with all the scripts to execute etc