SSIM SQL Collector
Created: 27 Sep 2010 | 11 comments
We want to monitor the logs of our SQL Server 2005 with MS Visual Studion 2005 installed. What is the recommended setup when it comes to SQL collector? Do we need to install the collector on SQL server itself or is it possible to use an off-box server.
Discussion Filed Under:
Comments
I suppose, you're going to
I suppose, you're going to use MS SQL 2005 Event collector, right? It's logfile sensor based collector, so it needs to have access to MS SQL Server logs. So, you can either install the collector on MS SQL Server machine and read events directly or install the collector to another Windows machine and read events remotely. Using the second way you have to share the folder logs on source machine and run agent with special account.
Please, see this KB for more information:
http://www.symantec.com/business/support/index?page=content&id=TECH91138&locale=en_US
Thanks,
Tatyana
How I collect milions of SQL events per hour for 100s of SQL Svr
FYI- I'm currently collecting millions of SQL events per hour for hundreds of SQL servers. I'm using off box collectors and, the Event Agent service is running as a domain admin account. Doing it this way allows me to bypass having to create a share for the SQL logs folder. I simply point to "\\server\c$\Program files\MS SQL\Logs\" and grab the logs that way. It also ensures that I can always collect the logs regardless of anyone else's manipulations of the server(s).
Another tip is to have a SQL collector in every one of your data centers. That way, each collector can normalize, optimize, and compress the data stream before sending it back to your appliance [this should make your network teams a lot happier].
Also, don't forget that the SQL DBAs needs to set the logging level in SQL to output the data you want to see. For example, my team was simply recording login failures but, I needed to see login successes also in order to perform proper forensics on those databases.
Hope this helps.
Hi Tatyana, if I were to ask
Hi Tatyana, if I were to ask you what will you recommend? is it to install the collector on SQL server or to install it on a different machine? if I install it on the SQL server, will there be any performance issue? what if I install it on another computer, will it really work automatically after sharing the folder logs? no need to dump the logs? have you tried both option..ty
;-)
Yes, we tried both ways, and
Yes, we tried both ways, and both are supported; but you need to correctly run your agent in second case, as is described in KB I mentioned.
It all depends on your network configuration and you needs... In general, the collector is supposed to be run on the SQL Server Machine. If for some reasons customer cannot install the collector on server machine we suggest to use remote installation. But in this case you need to take into consideration your network connection issues and so on. If your SQL server machine is working properly and not overloaded I would suggest to use on-server installation.
-Tatyana
What Logs can be monitored ?
Hi Tatyana , Does the SQL Coller only read Errolog files OR it can also read SQL Trace files .
This collector, yes, it only
This collector, yes, it only reads errorlog files. For SQL Trace files there is another collector which is in final QA stage.It will go beta shortly when doc is finalized and collector build is approved by QA.
Thanks,
Alexey.
SQL Cluster
Tatyana,
Are there any special instructions for installing a SQL Collector in a clustered environment?
Do I still need to create SQL
Do I still need to create SQL authentication account for this? However, SQL collector pdf do not mention anything about it.
;-)
If you're trying to access
If you're trying to access logfiles over the network - no, SQL account is not needed for this. But what you will need is a Windows account that has read permission over the share with SQL server logs.
Thanks,
Alexey.
Am I correct "we will need to
Am I correct "we will need to map the location of the shared log files to the offbox server once the Implementation has started since collector will not be install in the SQL Server itself."
;-)
yes
yes, this is one way.
another way is to have a script which will upload logfiles on schedule to a machine where collector is installed.
Thanks,
Alexey.
Would you like to reply?
Login or Register to post your comment.