Knowledge Center

How to configure Microsoft SQL Server as a data source
Technical Articles ID:   KB74712
Last Modified:  2/6/2019


McAfee SIEM Enterprise Security Manager (ESM) 10.x


To function properly, the data source for the Microsoft SQL Server must have the following:

  • A domain administrator assigned.
  • Proper permissions set on the remote servers to be monitored.
  • The Windows Application Log configured to log events.

Assign the Domain Administrator for the McAfee Event Receiver Data Source:

  1. Stop the data source for Microsoft SQL Server, if it is running. 
  2. On the data source, navigate to the Control Panel, System Administration Tools, Computer Management
  3. Go to Services and Applications and select Services.
  4. In the Services window, right-click McAfee Receiver data source for Microsoft SQL Server Data, and then choose Properties.
  5. In the Data Properties dialog, click the Log On tab and select This account.
  6. Type the name and password of a user with Domain Administrator rights.
  7. Click Enable, then click OK.

Set permissions on remote servers to be monitored:

You must set permissions on every remote server monitored by the data source for Microsoft SQL Server. On each monitored server you must change the Windows Management Instrumentation (WMI) security settings, and then restart that service using the Computer Management Console in the Control Panel on the remote server.

Set security permissions on a remote server:

  1. On the remote server click Control Panel, System Administration Tools, Computer Management.
  2. Under Services and Applications, select and right-click WMI Control, then choose Properties.
  3. In the WMI Control Properties dialog, click the Security tab, open the root folder, and select the remote node.
  4. Click Security. The Security for dialog opens.
  5. In the Permissions section, set the appropriate permissions for each user name that accesses the node, then click OK.
  6. In the Computer Management window, select Services and Applications, Services in the tree.
  7. Right-click Windows Management Instrumentation in the Name list and select Restart.

Event logging to Windows Application Log:

Use these steps to configure Microsoft SQL Server to log events to the Windows Application Log:

  1. On the system running Microsoft SQL Server, insert the MSSQL Installation CD Media for the data source for Microsoft SQL Server.
  2. Navigate to the resources folder on the CD.
  3. Using Microsoft Query Analyzer or another similar program, run LogEvents_SQLServer2000.sql in the Master database instance.

NOTE: Microsoft SQL Server 2005 does not support any changes to the default logging behavior. Some events are not available under MSSQL Server 2005.

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.