You can use Status Alerts to identify issues and potential disruptions in your SQL compliance manager deployment. By enabling Status Alerts, you can:

  • Confirm that your SQL Server instances are available to be audited.
  • Ensure the SQLcompliance Agent and Collection Server are operating as expected.
  • Proactively know when the event databases are growing too large so you can archive or groom your audit data before too much disk space has been consumed.

Status Alerts best practices

AlertWhat it meansWhat is the riskWhat might be wrong

Agent cannot connect to audited instance

The SQLcompliance Agent was unable to connect to the audited SQL Server instance. This alert is sent immediately after the failed connection occurs.

You are in danger of filling the trace directory and losing important audit data.
Updated audit settings will not be applied to the SQL trace that is collecting events, and you will fail to collect the events you want.
SQL Server will continue to write trace files to the SQLcompliance Agent trace directory, but the agent will not be able to send these files to the Collection Server. When the trace directory is full, auditing will cease, and the SQL Server performance will be impacted.
If the database id changes, the agent will not be able to detect this update, causing the SQL trace to stop.
If communications between the agent and the instance are "down" for more than 7 days, the SQL trace will automatically stop.

  • The audited SQL Server instance may be offline or unable to respond.
  • The SQLcompliance Agent service account does not have the required permissions to access the target SQL Server instance.

Agent heartbeat was not received

The Collection Server has not received a heartbeat from the SQLcompliance Agent within the specified heartbeat interval.

Auditing is not immediately affected by this issue; however, you cannot apply updated audit settings.
Trace files will continue to queue in the trace file directory until the SQLcompliance Agent Service is able to send these trace files to the Collection Server.

  • The computer hosting the SQLcompliance Agent may be offline.
  • Network firewall settings may be blocking communication between the SQLcompliance Agent and the Collection Server.
  • The SQLcompliance Agent may have been stopped.

Agent trace directory reached size limit

The trace directory folder on the SQL Server computer where the SQLcompliance Agent is deployed has exceeded the disk space percentage allocated in the alert rule.

You are in danger of filling the trace directory and losing important audit data.
When the trace directory reaches its specified maximum size, the SQLcompliance Agent will cease auditing the target instances. The SQL traces are stopped, and no subsequent events are collected.
The size of the trace directory could also impact the performance of the SQL Server instances on this computer.

  • The Collection Server may be offline, preventing the SQLcompliance Agent from sending the trace files.
  • Network firewall settings may be blocking communication between the SQLcompliance Agent and the Collection Server.
  • Your audit settings may be collecting more SQL Server events than you expected.
  • SQL Server traffic may have unexpectedly increased, causing more events to be collected and resulting in larger trace files.

Collection Server trace directory reached size limit

The trace directory folder on the computer where the Collection Server is installed has exceeded the disk space limit specified in the alert rule.

You are in danger of filling the trace directory, which can impact the performance of the Collection Server, such as delaying alerts.
In turn, a full trace directory on the Collection Server can cause the SQLcompliance Agent trace directory to fill as the trace files queue up to be sent. When the SQLcompliance Agent trace directory reaches its specified maximum size, the agent will cease auditing the target instances. The SQL traces are stopped, and no subsequent events are collected.

  • The Collection Service may have been manually stopped, preventing the trace files from being processed.
  • The Collection Service may not be able to access the Repository, due to inadequate permissions or the Repository database being offline.
  • Your audit settings may be collecting more SQL Server events than you expected.
  • A third-party application, such as an anti-virus scanner, may be preventing the Collection Service from accessing the trace directory.

Event database is too large

The event database for an audited SQL Server instance is larger than the size limit specified in the alert rule.

Large event databases can significantly impact the performance of the Repository, and the SQL Server instance hosting the Repository.

  • Your audit settings may be collecting more SQL Server events than you expected.
  • SQL Server traffic may have unexpectedly increased, causing more events to be collected and resulting in larger trace files.
  • You may need to archive or groom events.

 

SQL Compliance Manager audits all activity on your server. Learn more > >
  • No labels