cancel
Showing results for 
Search instead for 
Did you mean: 
Zanga
Level 8
Report Inappropriate Content
Message 1 of 10

SIEM Integration with MSSQL

Hello Expert,

 

Please Help.

 

I am tryinng to collect logs from SQL server.

1- Siem collector

2- ODBC driver 11

Now I am trying to configure but I am get attached error.

 

Please help.

 

Regards,

ZangaCapture.PNG111.PNG

9 Replies
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 10

Re: SIEM Integration with MSSQL

The SIEM Collector software is installed on the SQL server itself or remotely?

Zanga
Level 8
Report Inappropriate Content
Message 3 of 10

Re: SIEM Integration with MSSQL

Hello,

SIEM Collector software is installed on the SQL server itself .

Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 4 of 10

Re: SIEM Integration with MSSQL

I'm not 100% sure this is your problem, but did you happen to add the ODBC data sources to the 64-bit or the 32-bit version.

I believe for the SIEM Collector to see the ODBC data source you will need to add it to the 32-bit driver located at C:\Windows\SysWOW64\odbcad32.exe.

If you open this, and don't see your previously added ODBC source, it was likely added to the 64-bit driver.

Brent
Zanga
Level 8
Report Inappropriate Content
Message 5 of 10

Re: SIEM Integration with MSSQL

Hello,

Thanks for the reply.

I am using a 64-bits system. so i installed ODBC 11 64-bit. I was not able to install ODBC 32bit.
But Is it possible to get MSSQL log from WMI?
Regards,
Zanga.
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 6 of 10

Re: SIEM Integration with MSSQL

Technically, you can execute scripts and whatnot via WMI, and those scripts could get data from SQL.

But the SIEM won't beable to use it's WMI interface to do that. The SIEMs WMI interface is mainly for Windows Event Log collection.

Brent
Zanga
Level 8
Report Inappropriate Content
Message 7 of 10

Re: SIEM Integration with MSSQL

So what is the best way to collect events from SQL data ?

Zanga
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 8 of 10

Re: SIEM Integration with MSSQL

You are on the right track with the McAfee SIEM Collector.

It just seems you are having connection difficulties, since I don't know how your specific SQL server was installed or what might be causing the problems, other than the 32-bit / 64-bit issue I previously mentioned.

If you continue to have issues with the SIEM collector, you can try the thrid party collector nxlog. I've also had success with it in the past.

Brent
Zanga
Level 8
Report Inappropriate Content
Message 9 of 10

Re: SIEM Integration with MSSQL

Thanks,

Okay, I realy do not know how to troubleshoot that but.
1) what the configuration steps needed on the MSSQL side to get logs to the siem ?
can you please share guidlines ?
2) What Is it good to go with custom SQL, or SQL Server C2 Audit Logs ?

Many thanks for your Help.

Zanga
Highlighted
Malath
Level 7
Report Inappropriate Content
Message 10 of 10

Re: SIEM Integration with MSSQL

Hi

For SQL (Express) you need to make the TCP/IP enabled and change to TCP port to 1433 under the SQL Server Configuration Manager:

https://knowledgebase.apexsql.com/configure-remote-access-connect-remote-sql-server-instance-apexsql...

Best Regards

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community