I need to monitor the logs of SQL DB Cluster. Which security events IDs do I need to monitor using the ntevl probe? 

• Release: 20.4
• ntevl probe
• Windows events

• Guidance

Broadcom generally doesnt make recommendations on what to monitor for Windows security/security events as this is normally vendor/customer specific, and determined by a customer's Security team or inn this case with input from the DBAs/DBA Group as well.

That stated, you can search for and find recommendations/guidance for events to monitor, including security events starting at this Microsoft url->

Appendix L: Events to Monitor
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor 

You can use ntevl for event monitoring OR logmon to monitor any log.

Failover Clustering system log events
https://learn.microsoft.com/en-us/windows-server/failover-clustering/system-events 

List of Failover Cluster Events in Windows 2016/2019
https://techcommunity.microsoft.com/t5/failover-clustering/list-of-failover-cluster-events-in-windows-2016-2019/ba-p/447150

There are approximately 376 Failover clustering event IDs to choose from.

It's probably best to ask the customer's DBA/DBA Group which event IDs are the most important to be monitored, from their perspective.

Please refer to the attached spreadsheet for the list.