SQL Server event forwarding, if enabled, should be operational.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15176 | DM6030-SQLServer9 | SV-25463r1_rule | DCFA-1 | Medium |
| Description |
|---|
| If SQL Server is configured to forward events to an Alerts Management Server that is not available, then no alerts are issued for the server. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-22792r1_chk ) |
|---|
| From RegEdit, view values: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Sever \ MSSQL.[#] \ SQLServerAgent \ AlertForwardingServer If the value is empty or NULL, this is Not a Finding. If the value is not NULL, verify that the use of alert forwarding is authorized in the System Security Plan. If alert forwarding is in use and not authorized and documented, this is a Finding. |
| Fix Text (F-19714r1_fix) |
|---|
| Enable use of event forwarding only as part of a SQL Server automated management system design where careful consideration and the requirements for its use are carefully considered. The plan should include consideration for network or alert management server failure and subsequent loss of alert data. Include the alert management plan or a reference to it in the System Security Plan that includes the instance of SQL Server under review. Disable event forwarding where not required. From the SQL Server Management Studio GUI: 1. Expand instance 2. Right-click on SQL Server Agent 3. Select Properties 4. Select the Advanced page 5. Click on Forward events to a different server to remove the check from the check box 6. Click the OK button to save and close |