If your av sever version and av agent version is 10.2.3.1, and your sql server is sql server 2005/2000 then you can configure mssql collector by giving the name of trace files this way - correct path\auditrace*.trc
When a new trace file is generated collector is intelligent enough to jump to the new trace file. Also in case of sql server 2005 collector can collect audit data from current trace file.
However in case of sql server 2000, collector cannot collect audit data from current trace file, so please dont get scared if audit data is not coming to the report from the current trace file.
Only when sql server 2000 switches to the next trace file, the audit data will be collected from the last old trace file, just released. So if you cannot wait till sql server 2000 switches to the next trace, make sure that you bounce the sql server 2000, in which case sql server 2000 jumps to a new trace file and the last old trace file that is released becomes available for the mssql collector, which collects information from it and dumps in the avsys.av$rads_flat table.
So it is always easy to work with sql server 2005 and av server,agent 10.2.3.1.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment