SQL Server
Netwrix Auditor relies on native logs for collecting audit data. Therefore, successful change and access auditing requires a certain configuration of native audit settings in the audited environment and on the Auditor console computer. Configuring your IT infrastructure may also include enabling certain built-in Windows services, etc. Proper audit configuration is required to ensure audit data integrity, otherwise your change reports may contain warnings, errors or incomplete audit data.
CAUTION: Folder associated with Netwrix Auditor must be excluded from antivirus scanning. See the Antivirus Exclusions for Netwrix Auditor knowledge base article for additional information.
The IT Infrastructure for monitoring is configured automatically. Your current audit settings will be checked on each data collection and adjusted if necessary.
Checking for Primary Key
If you plan to audit an SQL Server for data changes and browse the results using 'Before' and 'After' filter values, make sure that the audited SQL database tables have a primary key (or a unique column). Otherwise, 'Before' and 'After' values will not be reported.
SQL Server Objects
Review a full list of all object and data types Netwrix Auditor can collect on SQL Server.
Monitored Object Types
The table below contains the full list of object types that Netwrix Auditor monitors on SQL Servers. The product reports on adding and removing of object types below (Application Roles, Database, Jobs, etc.) and modifying attributes of these objects (listed in the "Attributes" column).
As for logons, the product collects successful and failed logon attempts for Windows and SQL logons:
| Logon Type | Action |
|---|---|
| SQL logon | - Successful logon - Failed logon |
| Windows logon | - Successful logon - Failed logon |
Review the full list of monitored object types and their attributes:
The attributes marked with asterisk (*) are reported only for the SQL Server item, not for availability groups.
| Object type | Attributes |
|---|---|
| SQL Objects | |
| Application Role | - Date Created - Date Modified - Default Schema - Extended Properties - Id - Name - Owned Schemas |
| Backup | - Backup name - Description - Device name - logical_device_name - Size - Type |
| Column | - Allow nulls - ANSI Padding Status - Collation - Computed Text - Default Constraint - Full Text - ID - Identity - Identity increment - Identity seed - Is Computed - Length - Name - Not for replication - Numeric precision - Numeric scale - Primary Key - Rule - Rule Schema - System Type - XML Schema Namespace |
| Constraints | - Date Created - Date Modified - Definition - ID - Is system named - MS shipped - Name - Published - Schema published |
| Credentials* | - Id - Identity - Date Created - Date Modified - Name |
| Database | - Compatibility - Database Size - Database Space Available - Date Created - Date Modified - Extended Properties - File Id - File Group - File Name - Growth - Id - Name - Options - Owner - Permissions - Size - Usage |
| Database Role | - Date Created - Date Modified - Extended Properties - Id - Name - Owner - Owned Schemas - Role Members |
| Functions | - Date Created - Date Modified - Id - Name - Permissions - Type |
| Jobs* | - Automatically delete job - Category - Date Created - Date Modified - Description - Email notification - Email operator - Enabled - ID - Name - Net send notification - Net send operator - Owner - Page notification - Page operator - Schedules - Write to the Windows Application event log |
| Job Steps* | - ID - Name - On Failure - On Success - Output file - Process exit code of a successful command - Retry attempts - Retry interval (minutes) - Step - Type |
| Jobs Schedules* | - Date Created - Date Modified - Enabled - ID - Name - Owner - Schedule Type - Settings |
| Indexes | - Allow page locks - Name - Primary key - Ignore duplicate values - Unique constraint - Allow row locks - Type - Disabled - Included Columns - Fill factor - Data Space ID - Index Key Columns - Padded - Hypothetical - Unique |
| Keys | - Name - ID - Date Created - Date Modified - MS shipped - Published - Schema published - Disabled - Not for replication - Not trusted - Delete referential action - Update referential action - Is system named |
| Login* | - Date Created - Date Modified - Default Database - Default Language - Disabled - Enforce Password Expiration - Enforce Password Policy - Id - Name - Password Hash - Server Roles |
| Restore | - Type |
| Schema | - Date Created - Date Modified - Extended Properties - Id - Name - Owner - Permissions |
| Server Instance* | - Ad Hoc Distributed Queries - Affinity I/O Mask - Affinity Mask - Agent XPs - Allow Updates - Awe Enabled - Blocked Process Threshold - C2 Audit Mode - Clr Enabled - Collation - Cost Threshold For Parallelism - Cross Db Ownership Chaining - Cursor Threshold - Database Mail XPs - Date Modified - Default Full-text Language - Default Language - Default Trace Enabled - Disallow Results From Triggers - Fill Factor (%) - Ft Crawl Bandwidth (max) - Ft Crawl Bandwidth (min) - Ft Notify Bandwidth (max) - Ft Notify Bandwidth (min) - Id - In-doubt Xact Resolution - Index Create Memory (K) - Lightweight Pooling - Locks - Max Degree Of Parallelism - Max Full-text Crawl Range - Max Server Memory (M) - Max Text Repl Size (B) - Max Worker Threads - Media Retention - Min Memory Per Query (K) - Min Server Memory (M) - Name - Nested Triggers - Network Packet Size (B) - Ole Automation Procedures - Open Objects - Permissions - PH Timeout (s) - Precompute Rank - Priority Boost - Query Wait (s) - Query Governor Cost Limit - Recovery Interval (min) - Remote Admin Connections - Remote Login Timeout (s) - Remote Proc Trans - Remote Query Timeout (s) - Remote Access - Replication XPs - Scan For Startup Procs - Server Trigger Recursion - Set Working Set Size - Show Advanced Options - SMO And DMO XPs - SQL Mail XPs - Status - Transform Noise Words - Two Digit Year Cutoff - User Connections - User Instances Enabled - User Instance Timeout - User Options - Web Assistant Procedures - Xp_cmdshell |
| Server Role* | - Date Created - Date Modified - Id - Name - Role Members |
| Stored Procedure | - ANSI NULLs - Date Created - Date Modified - Encrypted - Execute as - FOR replication - Id - Name - Permissions - Quoted Identifier - Recompile - Schema |
| Table | - ANSI NULLs - Date Created - Date Modified - Filegroup - Id - Name - Partition scheme - Permissions - Schema - Table is partitioned - Table is replicated - Text filegroup |
| Triggers | Only DML table triggers are supported. - Date Created - Date Modified - Disabled - ID - Instead of trigger - MS shipped - Name - Not for replication |
| User | - Date Created - Date Modified - Default Schema - Extended Properties - Id - Name - Owned Schemas - Roles |
| View | - ANSI NULLs - Date Created - Date Modified - Encrypted - Id - Name - Permissions - Quoted Identifier - Schema - Schema bound |
| View Column | - Allow nulls - ANSI Padding Status - Collation - Computed Text - Default Constraint - Full Text - ID - Identity - Identity increment - Identity seed - Is Computed - Length - Name - Not for replication - Numeric precision - Numeric scale - Rule - Rule Schema - System Type - XML Schema Namespace - XML Schema Namespace schema |
| View Index | - Allow Page Locks - Allow Row Locks - ID - Data Space ID - Disabled - Fill Factor - Hypothetical - Ignore Dup Key - Name - Padindex - Primary Key - Schema Name - Type - Unique - Unique Constraint - View Name |
| View Index Column | - Column ID - ID - Included Column - Index ID - Key Ordinal - Name - Partition Ordinal - Schema Name - Sort Order - View Name |
Monitored Data Types
The following list contains the names of all data types monitored by Netwrix Auditor:
| bigint bit char cursor date datetime2 datetime datetimeoffset decimal | hierarchyid int float money nchar nvarchar numeric real smalldatetime | smallint smallmoney table time timestamp tinyint uniqueidentifier varchar xml |
Next Steps
Also remember to do the following:
- Configure Data Collecting Account as described in Permissions for SQL Server Auditing section.
- Configure ports as described in the SQL Server Ports section.