Blog | Newsletter | Download | Contact

LOGbinder Blog

Updates, Tips and News   RSS Feed  
Search
Categories
Recent Blogs
Archive

ArcSight Connector for SQL Server Audit and LOGbinder SQL

Tue, 05 Mar 2013 17:31:46 GMT
ArcSight is an excellent tool, and together with ArcSight Connector, you can collect and process data from a variety of sources. 

The following paper looks at how you can significantly improve your experience with ArcSight when processing logs from SQL Server Audit. In this brief comparison, we examine how you will benefit by replacing ArcSight Connector for SQL Server Audit with LOGbinder SQL, our CEF certified product. It also highlights the potential impacts you will avoid by doing so.

email this digg reddit
comments (0) references (0)
Related:
LOGbinder SQL Beta is released! Join beta testers now
December 2014 LOGbinder Newsletter: QRadar fully supports Exchange, SharePoint and SQL Server audit; Tech resources for security analysts
All LOGbinder products updated
The 24-hour Bug in Microsoft Exchange Mailbox Auditing

SIEM Synergy Partner Program

Fri, 21 Sep 2012 13:00:04 GMT

We have a few new partners that have joined our SIEM Synergy Partner Program.  We would like to welcome SolarWinds and Prism Microsystems as certified partners along with our existing partner GFI

How does this program benefit you as the end user?

Here at LOGbinder we have worked closely with these vendors to not only integrate LOGbinder into their SIEM solutions but also package together some prebuilt rules, alerts, and reports.  This allows you to install LOGbinder in your environment and then have our recommended reports and alerts at your fingertips in no time.

Don't see your SIEM solution listed as a partner?

Not a problem.  We currently have a long list of prospective partners who we are working with to get certified as a SIEM Synergy Partner.  Send us an email and let us know who your SIEM solution provider is and we'll let you know if we're already working with them or if we need to reach out to them to get started.  Are you a SIEM provider and want to work along with us to get SP, SQL, or EX logs in to your SIEM; simply email us and we'll get the process started.

email this digg reddit
comments (0) references (0)
Related:
How to Monitor Active Directory Changes for Free: Using Splunk Free, Supercharger Free and the New Splunk App for LOGbinder
All LOGbinder products updated
Latest version of Supercharger brings 50+ updates
Today we revolutionize using Windows Event Collection at scale

Can't connect to SQL database WSS_Content?

Tue, 21 Aug 2012 16:47:44 GMT

From time to time, customers receive the following error in conjunction with LOGbinder, we've even had it in our lab environment. We are trying to get to the bottom of the issue, and we need your help--even if you haven't had the problem yourself.

"Unable to configure SharePoint export. Details: Cannot open database "WSS_Content" requested by the login. The login failed. Login failed for user 'SHAREPOINTSERVER\logbinderaccount'. SQL Database 'WSS_Content' on SQL Server instance 'SHAREPOINTSERVER\OfficeServers' not found. Additional error information from SQL Server is included below. Cannot open database "WSS_Content" requested by the login. The login failed. Login failed for user 'SHAREPOINTSERVER\logbinderaccount'."

Through our research so far, we find it is a common error with SharePoint, occurring most often (a) in conjunction with an upgrade or (b) when SharePoint is accessed via a console application or service. The second scenario applies to LOGbinder SP. And this error occurs even though the account is a SharePoint farm administrator, with all privileges being assigned correctly.

The workaround is to add the account manually as a user to the SQL database WSS_Content, assigning permissions as database owner (db_owner database role). This works most of the time. However, we would like to get some more definitive answers on this issue. To do that, could you answer the following questions?

If you have had the error:

  1. Did it occur in your test or production environment?
  2. What did you do to work around the error?

If you have NOT had the error:

  1. For the account you use to run the LOGbinder agent, what SharePoint groups does it belong to?
  2. Is the account a domain account or a local user account?
  3. To what domain groups does it belong?
  4. What local groups?
  5. If you have a multi-server SharePoint farm, from which server is LOgbinder running? (database, front-end, application, etc.)

You may send your response to support@logbinder.com. Any information you provide will be kept strictly confidential. Thank you.

email this digg reddit
comments (0) references (0)
Related:
LOGbinder SQL Beta is released! Join beta testers now
All LOGbinder products updated
SQL Server Audit Support in Different Editions and Versions
Updated - SQL Server Audit Support in Different Editions and Versions

LOGbinder SQL Released!

Tue, 01 May 2012 15:29:14 GMT

I am excited to announce that LOGbinder SQL is now released…

Introducing LOGbinder SQL

Our LOGbinder SQL agent enriches SQL Server’s cryptic and generic audit messages to produce easy-to-understand audit log events. Similar to LOGbinder SP, these events can be output to the Security log a custom Windows event log, where any log management or SIEM solution can collect, alert, report, and analyze.

SQL Server Audit Log Processing

SQL Server 2008 introduced a totally new audit logging facility which is critical to enterprises storing sensitive information and/or processing important transactions in today’s demanding compliance environment.

SQL Server Audit is flexible in terms of audit policy and comprehensive in relation to the breadth and depth of objects and actions that can be audited. However, the audit data generated by SQL Server needs additional refinement and processing before it can be relied upon as a usable audit trail and managed by your existing log management/SIEM solution.

Refines the cryptic SQL audit log

The audit records generated by SQL Server audit are cryptic and difficult to understand. Basically, one log record format is used for documenting everything from an insertion on a table to a modification of a stored procedure. And while SQL Server can write events to the security log, it uses the same event ID for all events, and the IDs and keywords are not resolved. Thus, it requires in-depth knowledge of the SQL audit model in order to decipher events.

  

Frees SQL audit logs from their proprietary format

The preferred and highest performance option for audit log output results in a proprietary file format that cannot be parsed by log management/SIEM solutions using typical text log file-based parsing engines.

Our new LOGbinder SQL agent processes the proprietary formatted SQL Server audit log and enriches SQL Server’s cryptic and generic audit messages to produce an easy-to-understand audit log event which then outputs to the Windows event log, where any log management or SIEM solution can collect, alert, report, and analyze.

Enriches SQL audit logs without impacting SQL Server performance

LOGbinder SQL can be installed either on the SQL server itself or, to eliminate any impact on business database functions, you can deploy a separate server with the LOGbinder SQL agent, processing audit logs from multiple SQL Servers via share folders.

Connects SQL Audit to Your SIEM

LOGbinder SQL fills a critical gap between enterprise database servers and audit log management solutions, allowing you to obtain a clearly-written and easy-to-understand audit log that is accessible to your existing log management solution. Similar to our efforts with LOGbinder SP, we will be working with log management and SIEM solution providers to build recommended alerts and reports into their systems for SQL server audit logs processed by LOGbinder SQL.

 

Download LOGbinder SQL Now!

Or if you want further information on this new solution, please contact sales.

email this digg reddit
comments (0) references (0)
Related:
December 2014 LOGbinder Newsletter: QRadar fully supports Exchange, SharePoint and SQL Server audit; Tech resources for security analysts
All LOGbinder products updated
Release of LOGbinder SP 2.1
LOGbinder SQL Beta is released! Join beta testers now

Need help configuring SQL Server 2008 Audit Policy?

Tue, 15 Nov 2011 15:40:46 GMT

Introducing:  LOGbinder SQL - SQL Audit Policy Wizard

Our totally free SQL Audit Policy Wizard steps you through the process of implementing SQL Server 2008 auditing. You can use our recommended baseline audit policy or customize it to fit your requirements.

After selecting your SQL Server and fine tune your desired audit policy, SQL Audit Policy Wizard automatically creates the necessary Server Audit and Server Audit Specification objects on your SQL server and optionally enables them so that auditing begins automatically.

You can also see the actual Transact-SQL generated by the wizard for learning purposes or for further customization. SQL Server 2008 Audit Policy Wizard even allows you to modify existing audit objects.

Get the wizard now, for free - no trialware expiration, etc.

email this digg reddit
comments (0) references (0)
Related:
LOGbinder SQL Beta is released! Join beta testers now
Updated - SQL Server Audit Support in Different Editions and Versions
SQL Server Audit Support in Different Editions and Versions
December 2014 LOGbinder Newsletter: QRadar fully supports Exchange, SharePoint and SQL Server audit; Tech resources for security analysts

previous | next

powered by Bloget™
Login | Terms of Use | Privacy
LOGbinder is a division of Monterey Technology Group, Inc. ©2006-2024 All rights reserved.
For complaints please contact abuse@logbinder.com.