NXLog and ODBC
pbechard
Hi ,
Trying to create an ODBC connect for NXLog to connect to. NXLog is installed on the same Windows 2012 server as the SQL Server 2008R2 instance.
Scenario 1:
32-bit ODBC is setup as a System DSN with a SQL Server account that has DBO access to the desired database
NXLog service is setup to run under the System account.
- I've tried both drivers available on the system ("SQL Server Native Client 10.0" and "SQL Server")
- get the same result in the error log for each:
- ERROR im_odbc couldn't connect to the database, 28000:2:18456:[Microsoft][SQL Server Native Client 10.0][SQL Server]Login failed for user ''. (odbc error code: -1)and
- ERROR im_odbc couldn't connect to the database, 28000:2:18456:[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user ''. (odbc error code: -1)
Scenario 2:
Same ODBC, but with a Windows account that has full Admin access to the desired databases, and is the same account logged into Windows
NXLog service is setup to run under this same account.
Goal is to have the same user account accessing everything, in the hope of getting it to connect.
Same error messages as above. Login failed for user ' '.
Since the error messages don't show the user that is failing to login, I'm having trouble narrowing down where the failure is at.
NXLOG.conf file:
<Input call_logs>
Module im_odbc
ConnectionString DSN=SIEM_NXLog;database=recorder;
Module im_odbc
ConnectionString DSN=SIEM_NXLog;database=recorder;
SQL SELECT ident as id ,at.audit_time as EventTime ,am.audit_module_name as Message FROM mytables... WHERE at.ident>?
SavePos TRUE
</Input>
There's one line in the documentation that has me scratching my head:
SECTION 6.2.18 (ODBC)
The data source must be accessible by the user which nxlog is running under.
I'm not sure if this means that the NTService account needs database access?
Or, if the service must be under a Windows account user that has database access?
Or, by using a ODBC->System DSN , shouldn't the ODBC already be accessible to all users on the system?
Any thoughts or insight would be helpful. Thanks in advance.
Cheers,
Peter