Log Types: MSSQLLog
- Leigh Purdie (Unlicensed)
Overview
Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications - which may run either on the same computer or on another computer across a network.
Collection
The Snare MSSQL agent is capable of collecting and forwarding MSSQL log data to Snare Central
Sample Events
2009-06-24 11:29:57.623 09.00.1399 110 1 63 Dave_test1 David Mohr RoleName,db_datareader TargetUserName,INTERSECT\snare2 DBUserName,dbo TargetLoginName,INTERSECT\snare2 TransID,6812932017-12-12 14:55:00.307 10.50.6220 114 0 53 TREND/dsm ObjectName,webreputationevents RoleName, TargetUserName, DBUserName,dbo TargetUserName, TextData,SELECT MAX(webreputationevents.WebReputationEventID) FROM webreputationevents WHERE WebReputationEventID >= @P0 Permissions,1 Success,1 ObjectName,webreputationevents SessionLoginName,trend DBUserName,dbo HostName,SNARETEST03 ApplicationName,Trend Micro Inc. TransID,21624792-2017-12-12 14:55:00.307 10.50.6220 114 0 53 TREND/dsm Criticality,42017-12-13 14:27:33.707 12.00.5556 40 0 55 BKUPEXEC/BEDB ObjectName, RoleName, TargetUserName, DBUserName, TargetUserName, TextData,SELECT COALESCE([t0].[ChangerGuid],'00000000-0000-0000-0000-000000000000') AS [ID], [t0].[ChangerName] AS [Name], COALESCE([t0].[MediaCount],0) AS[MediaCount], COALESCE( [t0].[OverwritableMediaCount],0) AS [OverwritableMediaCount], COALESCE([t0].[AppendableMediaCount],0) AS [AppendableMediaCount], COALESCE([t0].[ProtectedMediaCount],0) AS [ProtectedMediaCount], CONVERT(BigInt,COALESCE([t0].[UnavailableFreeCapacityBytes],0)) AS [UnavailableFreeSpace], CONVERT(BigInt,COALESCE([t0].[DataWritt enBytes],0)) AS [DataBytesWritten], CONVERT(BigInt,COALESCE([t0].[UsedCapacityBytes],0)) AS [UsedCapacityBytes], CONVERT(BigInt,COALESCE([t0].[FreeCapacityBytes], 0)) AS [FreeCapacityBytes], CONVERT(BigInt,COALESCE([t0].[TotalCapacityBytes],0)) AS [TotalCapacityBytes], CONVERT(BigInt,COALESCE([t0].[TotalCapacityBytes],0)) A S [TotalBackupStorage], CONVERT(BigInt,COALESCE([t0].[DataWrittenBytes],0)) AS [bytesWritten], CONVERT(BigInt,COALESCE([t0].[UsedCapacityBytes],0)) AS [bytesUsed] FROM [dbo].[ChangerSummary_View] AS [t0] Success,0 SessionLoginName,SNARETEST03\backupNTUserName,backup HostName,SNARETEST03 ApplicationName,PVL MgmtSvc 2017-1 2-13 14:27:33.7072018-02-19 14:11:25.190 12.00.5571 15 2 55 MSSQLSERVER/ReportServer ObjectName, RoleName, -TargetUserName, DBUserName, TargetUserName, TextData, Success,1 SessionLoginName,SNARE\VMWIN2012R2SQL2$ NTUserName,ReportServer HostName,VMWIN2012R2SQL2 ApplicationName,Report Server 2018-02-19 14:11:25.190 12.00.5571 15 2 55 MSSQLSERVER/ReportServer Criticality,4
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | MSSQLLog |
EVENTID | Numeric event ID (eg: 110, 114) |
CLASS | Numeric class |
SPID | Â |
DBNAME | Database Name (eg: TREND/dsm, or MSSQLSERVER/ReportServer) |
USERNAME | User name |
OBJECTNAME | Object name - for example, webreputationevents |
ROLENAME | Role name |
TARGETUSERNAME | Target user name |
DBUSERNAME | Database user name |
TARGETLOGINNAME | Target login name |
STRINGS | Content that does not fit into any other field |
Notes
-