Skip to main content

SQL Server

Netwrix Auditor relies on native logs for collecting audit data. Therefore, successful change and access auditing requires a certain configuration of native audit settings in the audited environment and on the Auditor console computer. Configuring your IT infrastructure may also include enabling certain built-in Windows services, etc. Proper audit configuration is required to ensure audit data integrity, otherwise your change reports may contain warnings, errors or incomplete audit data.

CAUTION: Folder associated with Netwrix Auditor must be excluded from antivirus scanning. See the Antivirus Exclusions for Netwrix Auditor knowledge base article for additional information.

The IT Infrastructure for monitoring is configured automatically. Your current audit settings will be checked on each data collection and adjusted if necessary.

Checking for Primary Key

If you plan to audit an SQL Server for data changes and browse the results using 'Before' and 'After' filter values, make sure that the audited SQL database tables have a primary key (or a unique column). Otherwise, 'Before' and 'After' values will not be reported.

SQL Server Objects

Review a full list of all object and data types Netwrix Auditor can collect on SQL Server.

Monitored Object Types

The table below contains the full list of object types that Netwrix Auditor monitors on SQL Servers. The product reports on adding and removing of object types below (Application Roles, Database, Jobs, etc.) and modifying attributes of these objects (listed in the "Attributes" column).

As for logons, the product collects successful and failed logon attempts for Windows and SQL logons:

Logon TypeAction
SQL logon- Successful logon - Failed logon
Windows logon- Successful logon - Failed logon

Review the full list of monitored object types and their attributes:

The attributes marked with asterisk (*) are reported only for the SQL Server item, not for availability groups.

Object typeAttributes
SQL Objects
Application Role- Date Created - Date Modified - Default Schema - Extended Properties - Id - Name - Owned Schemas
Backup- Backup name - Description - Device name - logical_device_name - Size - Type
Column- Allow nulls - ANSI Padding Status - Collation - Computed Text - Default Constraint - Full Text - ID - Identity - Identity increment - Identity seed - Is Computed - Length - Name - Not for replication - Numeric precision - Numeric scale - Primary Key - Rule - Rule Schema - System Type - XML Schema Namespace
Constraints- Date Created - Date Modified - Definition - ID - Is system named - MS shipped - Name - Published - Schema published
Credentials*- Id - Identity - Date Created - Date Modified - Name
Database- Compatibility - Database Size - Database Space Available - Date Created - Date Modified - Extended Properties - File Id - File Group - File Name - Growth - Id - Name - Options - Owner - Permissions - Size - Usage
Database Role- Date Created - Date Modified - Extended Properties - Id - Name - Owner - Owned Schemas - Role Members
Functions- Date Created - Date Modified - Id - Name - Permissions - Type
Jobs*- Automatically delete job - Category - Date Created - Date Modified - Description - Email notification - Email operator - Enabled - ID - Name - Net send notification - Net send operator - Owner - Page notification - Page operator - Schedules - Write to the Windows Application event log
Job Steps*- ID - Name - On Failure - On Success - Output file - Process exit code of a successful command - Retry attempts - Retry interval (minutes) - Step - Type
Jobs Schedules*- Date Created - Date Modified - Enabled - ID - Name - Owner - Schedule Type - Settings
Indexes- Allow page locks - Name - Primary key - Ignore duplicate values - Unique constraint - Allow row locks - Type - Disabled - Included Columns - Fill factor - Data Space ID - Index Key Columns - Padded - Hypothetical - Unique
Keys- Name - ID - Date Created - Date Modified - MS shipped - Published - Schema published - Disabled - Not for replication - Not trusted - Delete referential action - Update referential action - Is system named
Login*- Date Created - Date Modified - Default Database - Default Language - Disabled - Enforce Password Expiration - Enforce Password Policy - Id - Name - Password Hash - Server Roles
Restore- Type
Schema- Date Created - Date Modified - Extended Properties - Id - Name - Owner - Permissions
Server Instance*- Ad Hoc Distributed Queries - Affinity I/O Mask - Affinity Mask - Agent XPs - Allow Updates - Awe Enabled - Blocked Process Threshold - C2 Audit Mode - Clr Enabled - Collation - Cost Threshold For Parallelism - Cross Db Ownership Chaining - Cursor Threshold - Database Mail XPs - Date Modified - Default Full-text Language - Default Language - Default Trace Enabled - Disallow Results From Triggers - Fill Factor (%) - Ft Crawl Bandwidth (max) - Ft Crawl Bandwidth (min) - Ft Notify Bandwidth (max) - Ft Notify Bandwidth (min) - Id - In-doubt Xact Resolution - Index Create Memory (K) - Lightweight Pooling - Locks - Max Degree Of Parallelism - Max Full-text Crawl Range - Max Server Memory (M) - Max Text Repl Size (B) - Max Worker Threads - Media Retention - Min Memory Per Query (K) - Min Server Memory (M) - Name - Nested Triggers - Network Packet Size (B) - Ole Automation Procedures - Open Objects - Permissions - PH Timeout (s) - Precompute Rank - Priority Boost - Query Wait (s) - Query Governor Cost Limit - Recovery Interval (min) - Remote Admin Connections - Remote Login Timeout (s) - Remote Proc Trans - Remote Query Timeout (s) - Remote Access - Replication XPs - Scan For Startup Procs - Server Trigger Recursion - Set Working Set Size - Show Advanced Options - SMO And DMO XPs - SQL Mail XPs - Status - Transform Noise Words - Two Digit Year Cutoff - User Connections - User Instances Enabled - User Instance Timeout - User Options - Web Assistant Procedures - Xp_cmdshell
Server Role*- Date Created - Date Modified - Id - Name - Role Members
Stored Procedure- ANSI NULLs - Date Created - Date Modified - Encrypted - Execute as - FOR replication - Id - Name - Permissions - Quoted Identifier - Recompile - Schema
Table- ANSI NULLs - Date Created - Date Modified - Filegroup - Id - Name - Partition scheme - Permissions - Schema - Table is partitioned - Table is replicated - Text filegroup
TriggersOnly DML table triggers are supported. - Date Created - Date Modified - Disabled - ID - Instead of trigger - MS shipped - Name - Not for replication
User- Date Created - Date Modified - Default Schema - Extended Properties - Id - Name - Owned Schemas - Roles
View- ANSI NULLs - Date Created - Date Modified - Encrypted - Id - Name - Permissions - Quoted Identifier - Schema - Schema bound
View Column- Allow nulls - ANSI Padding Status - Collation - Computed Text - Default Constraint - Full Text - ID - Identity - Identity increment - Identity seed - Is Computed - Length - Name - Not for replication - Numeric precision - Numeric scale - Rule - Rule Schema - System Type - XML Schema Namespace - XML Schema Namespace schema
View Index- Allow Page Locks - Allow Row Locks - ID - Data Space ID - Disabled - Fill Factor - Hypothetical - Ignore Dup Key - Name - Padindex - Primary Key - Schema Name - Type - Unique - Unique Constraint - View Name
View Index Column- Column ID - ID - Included Column - Index ID - Key Ordinal - Name - Partition Ordinal - Schema Name - Sort Order - View Name

Monitored Data Types

The following list contains the names of all data types monitored by Netwrix Auditor:

bigint bit char cursor date datetime2 datetime datetimeoffset decimalhierarchyid int float money nchar nvarchar numeric real smalldatetimesmallint smallmoney table time timestamp tinyint uniqueidentifier varchar xml

Next Steps

Also remember to do the following: