'How to get CREATE SERVER AUDIT to create an ASCII audit files

I am using the SQL Server STIG instructions to create Audit files:

USE [master]
GO

/****** Object:  Audit [STIG_Audit_Permissions_Queries]    Script Date: 2/2/2022 1:32:17 AM ******/
CREATE SERVER AUDIT [STIG_Audit_Permissions_Queries]
TO FILE 
(   FILEPATH = N'L:\Audits\'
    ,MAXSIZE = 200 MB
    ,MAX_ROLLOVER_FILES = 50
    ,RESERVE_DISK_SPACE = OFF
)
WITH
(   QUEUE_DELAY = 1000
    ,ON_FAILURE = SHUTDOWN
    ,AUDIT_GUID = '3b3950fd-ade8-42c1-bd22-e36e071ee53d'
)
WHERE ([Schema_Name]='sys' AND [Object_Name]='all_objects' OR [Schema_Name]='sys' AND [Object_Name]='database_permissions' OR [Schema_Name]='sys' AND [Object_Name]='database_principals' OR [Schema_Name]='sys' AND [Object_Name]='database_role_members' OR [Schema_Name]='sys' AND [Object_Name]='dm_column_store_object_pool' OR [Schema_Name]='sys' AND [Object_Name]='dm_db_xtp_object_stats' OR [Schema_Name]='sys' AND [Object_Name]='dm_os_memory_objects' OR [Schema_Name]='sys' AND [Object_Name]='dm_xe_object_columns' OR [Schema_Name]='sys' AND [Object_Name]='dm_xe_objects' OR [Schema_Name]='sys' AND [Object_Name]='dm_xe_session_object_columns' OR [Schema_Name]='sys' AND [Object_Name]='filetable_system_defined_objects' OR [Schema_Name]='sys' AND [Object_Name]='linked_logins' OR [Schema_Name]='sys' AND [Object_Name]='login_token' OR [Schema_Name]='sys' AND [Object_Name]='objects' OR [Schema_Name]='sys' AND [Object_Name]='remote_logins' OR [Schema_Name]='sys' AND [Object_Name]='server_permissions' OR [Schema_Name]='sys' AND [Object_Name]='server_principal_credentials' OR [Schema_Name]='sys' AND [Object_Name]='server_principals' OR [Schema_Name]='sys' AND [Object_Name]='server_role_members' OR [Schema_Name]='sys' AND [Object_Name]='sql_logins' OR [Schema_Name]='sys' AND [Object_Name]='syscacheobjects' OR [Schema_Name]='sys' AND [Object_Name]='syslogins' OR [Schema_Name]='sys' AND [Object_Name]='sysobjects' OR [Schema_Name]='sys' AND [Object_Name]='sysoledbusers' OR [Schema_Name]='sys' AND [Object_Name]='syspermissions' OR [Schema_Name]='sys' AND [Object_Name]='sysremotelogins' OR [Schema_Name]='sys' AND [Object_Name]='system_objects' OR [Schema_Name]='sys' AND [Object_Name]='sysusers' OR [Schema_Name]='sys' AND [Object_Name]='user_token')
ALTER SERVER AUDIT [STIG_Audit_Permissions_Queries] WITH (STATE = ON)
GO

This works and the audit files are being created and are readable using SQL Server Management Studio. We have a LARGE number of SQL Servers in our environment. We want to capture the logs into a tool like WAZUH so they can be read in a central location and perhaps some action taken if the entries are suspect. We are already capturing files like the error.log.# files.

Unfortunately, the file created is a binary. How can I configure the audit to be an ASCII based file?

sql-serversql-server-administration


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions