The Knowledge Pack is installed as part of the extended InTrust deployment.
InTrust setup includes the following InTrust objects related to SQL Server:
After installation, the site, the task and the policies do not require modification and are immediately ready for use. However, you can change the default settings to make the workflow fit your environment better. For instance, you may want to automate report creation by adding a reporting job to the “SQL Server logs daily collection” task.
Data sources must be configured for your environment, as described in the next chapter.
After you have completed the InTrust installation wizard, the reports appear in a new “InTrust | InTrust for Servers and Applications | SQL Server" report set in the Knowledge Portal.
The “SQL Server C2 log (events for reporting)” data source, included in the “SQL Server C2 log gathering” policy, is used for collecting the C2 log. This is a lean data source designed strictly for reporting purposes. It helps you save bandwidth, database storage and processing time. This data source is used by default.
The other C2 log data source, “SQL Server C2 log”, lets you gather all events. Use it for purposes other than reporting, for example audit data archiving. This data source is not used by default.
Before you can start gathering, you must edit the data source you are using so that it suits your environment, as follows:
Note: Note the following possible issues:
If you want to collect C2 logs from several SQL servers, your course of action depends on whether they are default instances or named instances.
Specify the “All SQL servers in the domain” site in the gathering job.
In the connection string of the C2 log data source that you are using, insert the variable %COMPUTER_NAME%, as follows:
SERVER = %COMPUTER_NAME%;
This variable is resolved as the name of the SQL server from which data is gathered. The list of SQL servers is obtained from the site.
Note: These actions will be successful only if the same credentials are required by all the relevant SQL servers.