LOGbinder SQL

LOGbinder SQL logo


SQL Server logo

LOGbinder SQL

• Application security intelligence for SQL Server.
• Fill the audit gap in your compliance efforts.
• Catch APTs that have penetrated upstream defenses.
• Less push back from database admins.
• Zero Impact:
    — Use SQL Server’s fastest, most efficient audit log output method and thereby offload all subsequent log
      processing from busy database servers to a server of your choice.
    — No agent required. LOGbinder SQL does not require an agent to be installed on your SQL Servers. In fact,
      LOGbinder SQL doesn’t even need to send a single packet to your database servers.
• Know what’s happening inside of SQL Server including:
    — Security operations involving logins, roles and permissions.
    — Maintenance of tables, stored procedures and any other object.
    — Database operations like backup and restore.
    — Transact SQL table commands like insert, delete, update and select.
• Correlate SQL Server security activity with related events from the rest of your environment.
• No data silos or additional consoles to monitor.

Translate cryptic data into easy to understand audit messages

The audit records generated by SQL Server audit are cryptic and difficult to understand. Basically, one log record format is used for documenting everything from an insertion on a table to a modification of a stored procedure. And while SQL Server can write events to the security log, it uses the same event ID for all events, and the IDs and keywords are not resolved. Thus, it requires in-depth knowledge of the SQL audit model in order to decipher events. LOGbinder SQL translates the one, generic SQL audit event into almost 300 different event IDs, each with its own specific wording and format.

Free SQL audit logs from their proprietary format

Using the preferred and highest performance option for audit log output results in a proprietary file format that cannot be parsed by log management/SIEM solutions using typical text log file-based parsing engines. LOGbinder SQL processes the proprietary formatted SQL Server audit log and enriches SQL Server’s cryptic and generic audit messages to produce an easy-to-understand audit log event and then outputs that message to your SIEM solution for analysis and archival.

Leverage the centralized alerting, reporting and secure archival of your log management/SIEM

LOGbinder SQL fills a critical gap between enterprise database servers and audit log management solutions, allowing you to obtain a clearly-written and easy-to-understand audit log that is accessible to your existing log management solution.

LOGbinder SQL is a small, efficient Windows service that runs on any Windows server on your network. On instance of LOGbinder SQL can process logs from many SQL Servers. LOGbinder SQL can coexist with other LOGbinder products like LOGbinder EX for Exchange and LOGbinder SP for SharePoint.

Simply configure each SQL Server to write its audit events to a specified folder and then provide those folders to LOGbinder SQL. LOGbinder SQL processes events as they appear in SQL Server binary audit log files, and then translates them into easy-to-read events which it then forwards to your SIEM solution.

On instance of LOGbinder SQL can process logs from many SQL Servers. LOGbinder SQL can coexist with other LOGbinder products like LOGbinder EX for Exchange and LOGbinder SP for SharePoint.

• Windows Server 2012, 2008 or 2003, 64 or 32 bit.
• Microsoft SQL Server Express (Free) 2008 or later for processing events. LOGbinder SQL needs at least the free SQL Server Express edition for processing SQL Server audit logs generated by other SQL Server instances. Generation of audit events is only available certain editions of SQL Server.
• Microsoft .NET Framework 3.5 SP1 or later
• Disk space: LOGbinder itself is tiny — not even 1MB. But with associated DLLs the total installation size is about 12MB. Storage for logs and/or reporting databases is dependent on settings defined by the customer.
• Memory: LOGbinder averages 150mb memory usage.