IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Collection of SQL event such as queries and connections to the database

  • 1.  Collection of SQL event such as queries and connections to the database

    Posted Mon August 26, 2024 03:56 PM

    Hi,

    I want to collect SQL events, such as queries and connections to the database. I am trying with WinCollect 10, but it's not working.

    The logs are stored in a folder on the server.

    Is there a way to collect them, and how?

    Thanks



    ------------------------------
    Benjamin Yabre
    ------------------------------


  • 2.  RE: Collection of SQL event such as queries and connections to the database

    Posted Tue August 27, 2024 04:22 AM

    If I'm not mistaken Wincollect can be used to pick up the content from the SQL ERRORLOG file, and you will not find there the audit events of such a type. Out of the box QRadar uses JDBC to get the audit events from a purpose-prepared view using JDBC. It could be possible to implement reading these from the log file, but AFAIK it would be a custom integration. 



    ------------------------------
    Dusan VIDOVIC
    ------------------------------

    Original Message


  • 3.  RE: Collection of SQL event such as queries and connections to the database

    Posted Tue August 27, 2024 08:36 AM

    Hi Vidovic,

    Thank you for your response. However, I had understood that Wincollect 10 would allow me to obtain this result.

    I had indeed tried with JDBC, but I encountered issues with the database connection. That is why I wanted to explore another approach.

    Best regards,



    ------------------------------
    Benjamin Yabre
    ------------------------------

    Original Message


Related Content