HOW TO: Send Logs To A Separate MSSQL DB

Applies To:

Veanfi Trust Protection Platform 16.2 -17.4



Some customers may wish to send Venafi logs to a separate SQL instance, whether it be for compliance, auditing, or troubleshooting.

Important: Please keep in mind that this DB will also need to be upgraded like your main Venafi DB needs to be. Please contact Venafi Support before an upgrade for further information on the process.


More Info:

1. Create a new DB



2. Run the "mssql_log_structure_SP.sql" found with the version of Venafi you are currently running. It can be found in the software package (eg \Venafi Trust Protection Platform 17.2.0\Database Scripts\MSSQL\Updates\Optional)


3. If the script ran successfully, you should see 2 stored procedures under "Programmability\Stored Procedures\"  



3. Now, run the following statement against your new DB for logs, this will create the necessary tables and stored procedures for your new DB.



4. Check that there are now tables in your DB (note: tables are different from version to version the following is from 17.2)


5. Log into WebAdmin, go to the Logging Tree, and create a new MSSQL Channel


6. Fill out the "Database" portion of the channel. Note that if you use "Windows Authentication" this will use the same account that the log services are running as. Under the "Table Prefix" enter "logs". Please ensure that the account connecting to the new DB is a DB owner, if you are unable to do that please contact support for the necessary grants for your version.



7. Click Save, you should not receive any errors. If you do, something in the configuration is off. (permissions, DB information, script process)


8. Create a notification rule for the logs you wish to send to the new DB. For example, if you want to send all the logs to the new DB. Use this rule:



9. Restart your logging service(s).


10. Check the general tab of your new MSSQL channel to see if new logs are starting to populate.




Was this article helpful?
0 out of 0 found this helpful