What security event IDs to monitor for Microsoft SQL Server Database clusters?
search cancel

What security event IDs to monitor for Microsoft SQL Server Database clusters?


Article ID: 273312


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)


I need to monitor the logs of SQL DB Cluster. Which security events IDs do I need to monitor using the ntevl probe? 


  • Release: 20.4
  • ntevl probe
  • Windows events


  • Guidance


Broadcom generally doesnt make recommendations on what to monitor for Windows security/security events as this is normally vendor/customer specific, and determined by a customer's Security team or inn this case with input from the DBAs/DBA Group as well.

That stated, you can search for and find recommendations/guidance for events to monitor, including security events starting at this Microsoft url->

Appendix L: Events to Monitor

You can use ntevl for event monitoring OR logmon to monitor any log.

Failover Clustering system log events

List of Failover Cluster Events in Windows 2016/2019

There are approximately 376 Failover clustering event IDs to choose from.

It's probably best to ask the customer's DBA/DBA Group which event IDs are the most important to be monitored, from their perspective.

Please refer to the attached spreadsheet for the list.


Failover-Clustering-Events_1694438048805.xlsx get_app