I want to establish a centralized log for many SQL Servers, similar to the products Graylog or elk stack.
What is the best and performant way to send these kind of logs to a log collector?
I searched for a native way for logstash, filebeat, winbeat, nxlog, … to send the logs to these kind of log collectors, But I can’t find a reliable native way.
I know Extended Events is a right tool for gathering logs. I want to know how can I send these logs to a data collector.
Is there a raw log file from extended events? Or is there any way to send logs automatically through the network with some kind of standard protocol like syslog(rsyslog) in Linux? Or any other standard way?
You’re asking a few different questions:
- Where can I find errors? Deadlocks? Slow queries? Each of these is its own question, each with separate answers. SQL Server doesn’t store those three separate things in the same place, and honestly, you’re only starting your journey into SQL Server’s logs.
- Which log collector should I use? Because each of these is its own kind of data, you may want to gather it with different tools.
- How should I store the data? Again, the way you store error log data might be completely different from how you store query plans. They’ll probably have different granularity levels, for example.
Try breaking your project down into smaller, more answerable individual questions rather than “how do I write a monitoring tool?” That question is just way too broad.