SQL Server Monitoring Credentials

Question

Hi!&nbsp; My name is Jesse, and am hoping you can help with an issue I am encountering with configuration of SQL Monitoring credentials in LogicMonitor.I am attempting to configure SQL Server monitoring in our production environment following the "Microsoft SQL Server Monitoring" document (https://www.logicmonitor.com/support/monitoring/applications-databases/microsoft-sql-server) and am encountering an issue regarding the credential used to authenticate to SQL Server. &nbsp;As outlined in the document you can use either Integrated Security (Windows) or JDBC Credentials which seems fairly straight forward. &nbsp;The issue I am encountering has to do with adhering to the Service Account standards enforced by our Security Team. &nbsp;According to the documentation if you are using Integrated Security (Windows), you must use the Windows credentials associated with the user on the Data Collectors. From the documentation:"LogicMonitor uses the Windows credentials that are associated with the user on the Collector; therefore, the user on the Collector must have the minimum SQL Server permissions mentioned previously. There is no way to update the user associated with the Collector to an alternate user with Integrated Security."The issue is that based on our published security standard, I need to use an alternate set of Active Directory credentials for this purpose. &nbsp;I have proposed instead using JDBC Credentials for this however that configuration is not desired as it would prevent our Security Monitoring software (Crowdstrike) from being able to monitor usage of the account.I have attempted to find a way of leveraging a secondary account for Integrated Security but am unable to find anything that seems to help. Before I go through the process of asking for an exception to our Security Policy, I figured I'd enquire here to see if anyone else has run into this issue, and if there is a way of achieving my goal of using a dedicated account for this function. &nbsp;I suspect I could establish a dedicated Data Collector for this purpose, but we would like to avoid deployment of another Data Collector if possible.It could well be that there is a way of doing this that I'm just not seeing, I am far from being an expert with LogicMonitor. &nbsp;Any assistance you could give would be much appreciated.

dave_lee · Answer

Hi JesseWe have had the same issue so we opted to use SQL authentication - so JDBC as you mentioned.&nbsp; It's been OK in the majority of cases, but we would ideally like to be able to move over to integrated auth.We've been asked the same of our users/customers - can we do integrated auth but with a separate account to that we use to monitor Windows Server.&nbsp;&nbsp;I'd be interested to hear from someone that LM if there is a method of working around this, but I don't think it's possible given the nature of integration authentication.Dave

Forum Discussion

SQL Server Monitoring Credentials

1 Reply

Recent Discussions

Inconsistent Behavior in Script Token Replacements for "Missing" Properties

Configure Netscan to ignore powered off VM's

JMX / MBeans / JDA

Groovy HTTP DELETE requires a payload.

Issues with Switching Non-Admin Domain Account on a Windows Collector