Menu

Search

LOGbinder Support


1. Installing LOGbinder for SQL Server


Support
Getting Started

Installing LOGbinder for SQL Server

LOGbinder for SQL Server runs as a Windows service on a Windows server. It translates audit log entries from Microsoft SQL Server, and outputs them to the LOGbinder SQL event log, the Windows Security Log, a Syslog server or Syslog files.

For more information, please visit our web site https://www.logbinder.com. There you will find a rich set of resources to guide you in setting audit policy, setting up audit log reporting and archiving, and so forth.

To open a case with our support staff, please submit a ticket at https://support.logbinder.com/.

Installing LOGbinder for SQL Server involves 3 simple steps:

Subsequent sections cover:

Step 1 – Select Server and Check Requirements

Select Server

LOGbinder for SQL Server can be installed on any Windows workstation that is capable of running Microsoft SQL 2008 or later Express Edition, but a Windows server is recommended. It does not have to be installed on your Microsoft SQL Enterprise Edition server. LOGbinder for SQL Server can consume logs from multiple numbers of SQL servers remotely. The version of the server processing the audit events has to be equal or higher than the server that is generating the events. (For example, is the server generating the events is SQL Server 2014, you can process those with SQL Server 2014, SQL Server 2014 Express, SQL Server 2016, SQL Server 2016 Express, but not with SQL Server 2012.)

Software Requirements

  • Microsoft Windows Server 2003 or later
  • Microsoft .NET Framework 4.0
  • Microsoft SQL Server Express 2008 or later for processing events

SQL Server Auditing Requirements

For LOGbinder for SQL Server to be able to process audit events, SQL Server Audit has to be configured, together with a Server Audit Specification and/or Database Audit Specifications. The audit destinations should be a file.

For an easy, few-step configuration of both SQL Server Audit and Server Audit Specification, you can use our completely free tool, the SQL Audit Policy Wizard.

Step 2 – Check User Accounts and Authority

Three user accounts are involved with LOGbinder for SQL Server.

  1. Your account
    • The account you are logged on as when you install and configure LOGbinder for SQL Server.
    • Authority Required:
      • Read-only access to Audit File Location
      • Member of the local Administrators group (recommended)
        • Windows UAC sometimes interferes with this setting. It is recommended that you use the “Run as Administrator” option when running LOGbinder. You may also need to your account as well as the service account modify permissions to the C:\ProgramData folder as described in the third bullet point below.
  2. Service account
    • The account that the LOGbinder for SQL Server (LOGbinder SQL) service will run as. This domain account must be created before installing LOGbinder for SQL Server.
    • Authority Required: (See Appendix A: Assigning Permissions for details on granting these permissions)
      • Control Server permission on the SQL Server being used to process events
      • Privilege “log on as a service” (The installer will set this prerequisite.)
      • Permission to create, read, modify files in C:\ProgramData\LOGbinder SQL (The installer will set this prerequisite.)
        • Please note that the ProgramData folder is a hidden folder, and it is not the same as the Program Files folder.
        • This LOGbinder SQL folder will be created while LOGbinder is installed.
      • If outputting to Windows Security log

        • Privilege "Generate Security Audit" (SeAuditPrivilege)
        • Setting audit policy
          • Windows Server 2003:
            • Enable “Audit object access” for Success and Failure
          • Windows Server 2008 or later:
            • Enable “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” security option
            • Enable “Audit Application Generated” audit subcategory for Success and Failure
  3. SQL Server service account
    • The account running the SQL Server that is set in the LOGbinder input to process the events
    • Authority Required:
      • Read access to Audit File Location (see section Configure Input for more details on this)

Step 3 – Run the Installer

Download and run the installer. On the page "Specify Service Account," enter the user account name, including both domain name and user name (i.e. domain\username) of the service account (the user account that will run the LOGbinder for SQL Server (LOGbinder SQL) service). The rights outlined above must be granted to the account before running the installer, or else LOGbinder for SQL Server will not install properly.

On the page "Select Installation Folder," it is recommended that you use the default setting, C:\Program Files\LOGbndSQ.

If a dialog box "Set Service Login" appears, then the user account information entered previously was not valid. Confirm the account name and password, and re-enter the information.

Transferring settings to a new server

If LOGbinder was running in your environment before, but it now has to be installed on a different server, the following steps can be followed to transfer the settings to the new server. (Please note that LOGbinder is not recommended to be run on two servers at the same time in the same environment.) This not only saves setup time and reduces setup problems, but this will ensure audit log collection to be continued where LOGbinder left off so as to preserve a complete audit trail:

  1. Make sure that on both the source (where LOGbinder was run before) and target (the new LOGbinder server) servers, the LOGbinder service is not running and the LOGbinder control panel is not open.
  2. Go to the C:\ProgramData\LOGbinder SQL folder on the source server.
    • Please note that the ProgramData folder is a hidden folder, and it is not the same as the Program Files folder.
  3. Copy all *.stg and *.xml files to the same folder on the target server.

On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Still have questions - Submit a new ticket