Audit captures events to flat file, but not to Application log. Why?

  • The title pretty much says it all. I have an Audit Specification set up to capture 13 event types. When I configure the Audit to write to a file, everything works as expected. When I configure it to write to the Application Log, nothing is captured. Any ideas?

  • TheGreenShepherd - Wednesday, August 22, 2018 3:17 PM

    The title pretty much says it all. I have an Audit Specification set up to capture 13 event types. When I configure the Audit to write to a file, everything works as expected. When I configure it to write to the Application Log, nothing is captured. Any ideas?

    I was just testing some and they all worked fine as long as the audit and audit specification were both enabled and the application (not security) log was specified.
    One thing I can think of is if you have any group policies in place related to the event logs. The permissions to write/read/clear can be configured with local or group policies.

    Sue

  • Thanks. Would such permissions pertain to the SQL Server Service Account?

  • This implies that the Application log is for any authenticated user: https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-database-engine?view=sql-server-2017

    Can you script your server audit and post it?

  • TheGreenShepherd - Wednesday, August 22, 2018 5:33 PM

    Thanks. Would such permissions pertain to the SQL Server Service Account?

    I believe that is correct. Here is how you set it up if you want to try tracking it down -
    How to set event log security locally or by using Group Policy

    Sue

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply