MSSQL helpfully logs useful information to the Application event log in Windows, so in a way, OSSEC already supports MSSQL. You can customize various out-of-the-box OSSEC rules to generate email alerts on things such as logon failures, backup success/failure, or job failures (for jobs to write to the event log, you need to make sure the "Write to the Windows Application event log" option is checked under the Notifications tab of your job configuration).
If you're talking about text log files in the MSSQL installation directory, then you're talking about custom decoders. I'd also be interested in decoders for these, if anyone has tackled the project. Unfortunately, compared to other things on my plate, this hasn't risen to the level of importance for me to devote resources to it yet. From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of DGeebs Sent: Tuesday, May 14, 2013 9:19 AM To: ossec-list@googlegroups.com Subject: [ossec-list] MSSQL support? I know Ossec's page says that MSSQL support was coming soon, but its been a while since they have said this and I was wondering if anyone was already ahead of the curve and had made some decoders and/or rules already. Anything to get a head start would be nice, don't want to reinvent the wheel if I don't have to! Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
