2014-10-17 06:34 AM
Hi,
I am facing issue while configuring sql servers for security analytics. In most of my attempts, they work initially and stop working in few days due to issue with fetching trace files.
Is this issue common with everyone or I am the only unlucky one?
Can someone provide me the procedure which are commonly followed for this so that I can confirm if I am on the right track? Please suggest some troubleshooting steps also if anyone have faced similar issues.
Thanks
2014-10-20 11:57 AM
Are you using trace collection?
If so then trace files must be filling up disk space before they can be read by envision.
You need to either increase disk space on drrive or change audit rules. By default everytihng is audited.
2014-10-25 03:55 AM
@rahul130191
if you want to detect MSSQL logs as MSSQL device type then i would suggest you use ODBC collection method and for the auditing of database use sqlserveraduit"version".sql file and enable the logs that you want to generate on database.
just follow the PDF that is provided by huehms.
2014-10-27 04:14 AM
Hello Rahul,
If you want to restart the ODBC collection service, first you need to select the device either log collector or virtual log collector, and then you need to go to System > Collection > and then select the collection type and then do stop or start.
2014-10-29 12:51 PM
2014-10-29 03:40 PM
Through query (gots file), we pass values to stored procedure. By default delete option (3rd value) is set to 1. If its set to 0 then files will not be deleted. If its set to 1 and files are not getting deleted then there is some problem. I suggest contacting customer support for further assistance.
2014-10-30 01:36 AM
@lalitkanteti,
is that .dll file ?
2014-10-30 03:38 PM
gots file is query you select in envision for ODBC collection. You can view it under System Configuration -> Services -> Universal Device Collection -> Manage ODBC Types
dll file is very specific to MSSQL collection. It is also required for deleting trace files.
2014-10-30 04:46 PM
Hi lalitkateti,
I am using RSA security analytics and i am not able to find any delete configuration on log collector side.
Sent from my iPhone
2014-11-02 08:48 PM
can you tell me how to configure the windows device for multi-device collection on envision side?
Also, as you mentioned SQL 2008 onwards do not need to be configured separately and can be collected under windows device itself, does it apply to windows server 2008 or even 2003 as well? because I have a few instances where SQL 2008 is installed over windows 2003 as well...
2014-11-05 01:22 PM
Click on your device under system configuration-managed monitored. Look for Multi-device check box