MS SQL Agent facilitates the collection of MSSQL audit records
SNARE for MSSQL allows a security administrator to remotely set up, control and monitor the application through a standard web browser and a self-contained installation package, including Setup Wizard and Silent Install options to allow for easy installation and configuration of all critical components.
It delivers audit information over UDP or TCP to a SYSLOG server that is running on a remote (or local) machine. A configuration utility allows users to set the appropriate syslog target and priority, as well as the target DNS or IP address of the server that should receive the event information.
The SNARE MSSQL service can be configured to monitor a variety of MSSQL installation types. The default objective template will monitor the master database within the default local MSSQL instance. This can be modified on a per objective basis to specify a named MS SQL instance and a database within that instance. It can also be used to monitor SQL instances running on a failover cluster.
The service will automatically start after completing the initial configuration process. Users can configure appropriate access controls on the SnareMSSQL registry entries using the standard Windows regedt32.exe command, to restrict the permission to read or modify the keys and values to Local or Domain Administrators only.