August 22, 2018 at 3:17 pm
The title pretty much says it all. I have an Audit Specification set up to capture 13 event types. When I configure the Audit to write to a file, everything works as expected. When I configure it to write to the Application Log, nothing is captured. Any ideas?
August 22, 2018 at 4:03 pm
TheGreenShepherd - Wednesday, August 22, 2018 3:17 PMThe title pretty much says it all. I have an Audit Specification set up to capture 13 event types. When I configure the Audit to write to a file, everything works as expected. When I configure it to write to the Application Log, nothing is captured. Any ideas?
I was just testing some and they all worked fine as long as the audit and audit specification were both enabled and the application (not security) log was specified.
One thing I can think of is if you have any group policies in place related to the event logs. The permissions to write/read/clear can be configured with local or group policies.
Sue
August 22, 2018 at 5:33 pm
Thanks. Would such permissions pertain to the SQL Server Service Account?
August 22, 2018 at 6:43 pm
This implies that the Application log is for any authenticated user: https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-database-engine?view=sql-server-2017
Can you script your server audit and post it?
August 22, 2018 at 6:57 pm
TheGreenShepherd - Wednesday, August 22, 2018 5:33 PMThanks. Would such permissions pertain to the SQL Server Service Account?
I believe that is correct. Here is how you set it up if you want to try tracking it down -
How to set event log security locally or by using Group Policy
Sue
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply