DataSunrise Achieves AWS Data & Analytics Competency. Learn more →

MS SQL Server Agent Audit Support

MS SQL Server Agent Audit Support

DataSunrise 12.1 adds Agent mode support for real-time audit of Microsoft SQL Server 2016 and later. The new MS SQL Server Agent gives organizations another way to monitor database activity: directly from the SQL Server host, without requiring client applications to connect through a DataSunrise proxy.

For teams that need strong audit visibility but cannot easily change application connection paths, this opens a more flexible deployment option for SQL Server activity monitoring.

Why Agent Mode Matters for SQL Server

In many production SQL Server environments, placing a proxy between applications and the database is not always the easiest path. Critical systems may have strict connection requirements, complex routing, limited maintenance windows, or operational policies that make traffic redirection difficult.

MS SQL Server Agent mode helps address this by keeping the application connection flow intact. Applications continue connecting directly to SQL Server, while DataSunrise receives activity from the Agent running on the database host.

This is especially useful when the goal is real-time audit visibility and the environment is better suited to host-based monitoring than proxy-based routing.

How It Works

The DataSunrise MS SQL Server Agent runs on the SQL Server host and captures request and response packets inside the SQL Server process. Captured activity is sent to DataSunrise for analysis and audit logging.

Because packets are captured inside the DBMS process, SQL Server encrypted connection negotiation is completed before the Agent receives the traffic. DataSunrise can audit already-decrypted SQL Server activity while the original client-to-database connection path remains unchanged.

DataSunrise then applies audit rules to the captured activity and writes the resulting events to Transactional Trails, where security and compliance teams can review SQL Server operations.

What You Get

In DataSunrise 12.1, MS SQL Server Agent mode is focused on real-time audit.

  • Real-time audit for Microsoft SQL Server 2016 and later
  • Host-based traffic capture through Agent mode
  • Audit visibility without rerouting applications through a proxy
  • Support for self-managed SQL Server deployments where host access is available
  • Agent-to-DataSunrise communication through the DataSunrise AgentServer listener
  • SSL key group support for secure Agent communication

Security Rules and Dynamic Masking are not included for MS SQL Server Agent mode in this release. For those controls, use a supported DataSunrise deployment mode according to your environment and feature requirements.

Deployment Scope

MS SQL Server Agent mode requires operating-system-level access to the SQL Server host, because the Agent must be installed and loaded on the database server. Self-managed SQL Server deployments, including SQL Server running on customer-managed servers or cloud virtual machines such as Amazon EC2, are the natural fit for this mode.

Managed SQL Server services where the database host operating system is not accessible are generally not suitable for Agent mode.

The first Agent injection requires a SQL Server service restart. Plan installation during a maintenance window and verify connectivity between the SQL Server host and the DataSunrise AgentServer listener before enabling production audit rules.

Setup Overview

At a high level, configuration has two parts:

  1. Install and configure the DataSunrise Agent on the SQL Server host.
  2. Create or update the Microsoft SQL Server instance in DataSunrise and set the capture mode to Agent.

After configuration, create a Data Audit rule, connect directly to SQL Server with a client application, and execute test queries. Audit events should appear in Audit -> Transactional Trails.

More Flexibility for SQL Server Auditing

MS SQL Server Agent support gives DataSunrise users another deployment path for database activity monitoring. Proxy and Sniffer modes remain available for environments where those topologies fit best, while Agent mode now provides a host-based option for real-time SQL Server audit in DataSunrise 12.1.

See the updated DataSunrise documentation for detailed MS SQL Server Agent configuration steps and current limitations.

Protect Your Data with DataSunrise

Secure your data across every layer with DataSunrise. Detect threats in real time with Activity Monitoring, Data Masking, and Database Firewall. Enforce Data Compliance, discover sensitive data, and protect workloads across 50+ supported cloud, on-prem, and AI system data source integrations.

Start protecting your critical data today

Request a Demo Download Now

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquiries:
[email protected]