<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQL Server 2008
»
Security (SS2K8)
»
Login Auditing
13 posts, Page 1 of 2
1
2
»»
Login Auditing
Rate Topic
Display Mode
Topic Options
Author
Message
Brian Brown-204626
Brian Brown-204626
Posted Tuesday, December 04, 2012 9:31 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Wednesday, June 12, 2013 8:27 AM
Points: 137,
Visits: 291
I have been asked to provide documentation on where SQL Server displays messages for login auditing. We set the auditing thru SSMS instance properties and I know that the messages are written to the SQL Server error log and the Windows Application log, however, the security people would like to see official documentation for every version and edition of SQL Server. I have searched the Microsoft support site, but could not find anything that listed or talked about where these messages are written to. Does anyone have any information on this?
Post #1392578
Lowell
Lowell
Posted Tuesday, December 04, 2012 9:48 AM
SSChampion
Group: General Forum Members
Last Login: Today @ 9:24 AM
Points: 11,791,
Visits: 28,073
well, for the SQL log, exactly where the logs go is configurable...when you first install the server, one of the options is to decide on the folders.
it defaults to a certain path, of course if not changed @ setup
where it is right now, you can find out via TSQL like this:
SELECT SERVERPROPERTY('ErrorLogFileName');
you can see the current setup in the facets
See the
ErrorLogPath
this screenshot was from showing how to change the default paths for databases and backups);
to change it after installation, i believe is a registry edit and a stop and start of the server is required.
Lowell
--
There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1392589
arunyadav007
arunyadav007
Posted Tuesday, December 04, 2012 9:48 AM
SSC Rookie
Group: General Forum Members
Last Login: Friday, May 03, 2013 3:06 AM
Points: 42,
Visits: 285
Hello,
Please refer to the below link. The second sentence says "Login auditing can be configured to write to the error log on the following events".
http://msdn.microsoft.com/en-us/library/ms175850(v=sql.105).aspx
Post #1392591
Brian Brown-204626
Brian Brown-204626
Posted Tuesday, December 04, 2012 9:54 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Wednesday, June 12, 2013 8:27 AM
Points: 137,
Visits: 291
I am aware of both these thing, but this does not answer the question I asked.
Post #1392593
Joie Andrew
Joie Andrew
Posted Thursday, December 06, 2012 7:24 AM
Mr or Mrs. 500
Group: General Forum Members
Last Login: Today @ 2:10 AM
Points: 578,
Visits: 1,107
Which question exactly was not answered?
Where are login audits stored?
SQL Error log, if you configure auditing successful/failed logins through the instance properties. This is the same for every version of SQL.
MS documentation stating such:
SQL 2012
http://technet.microsoft.com/en-us/library/ms175850.aspx
SQL 2008 R2
http://technet.microsoft.com/en-us/library/ms175850(v=sql.105).aspx
SQL 2008
http://technet.microsoft.com/en-us/library/ms175850(v=sql.100).aspx
SQL 2005
http://technet.microsoft.com/en-us/library/ms175850(v=sql.90).aspx
Joie Andrew
"Since 1982"
Post #1393521
Brian Brown-204626
Brian Brown-204626
Posted Thursday, December 06, 2012 9:34 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Wednesday, June 12, 2013 8:27 AM
Points: 137,
Visits: 291
I know that, when you are auditing logins, the messages go to the SQL Error log and the Windows Application log. I have been asked to provide documentation that explicitly states that these are the locations where the messages go.
Post #1393609
Lowell
Lowell
Posted Thursday, December 06, 2012 9:40 AM
SSChampion
Group: General Forum Members
Last Login: Today @ 9:24 AM
Points: 11,791,
Visits: 28,073
that documentation here is a little inferred ("the log" means sql error log), but "you mean like this one:
http://msdn.microsoft.com/en-us/library/ms175850(v=sql.90).aspx
How to: Configure Login Auditing (SQL Server Management Studio)
SQL Server 2005 Other Versions 1 out of 5 rated this helpful - Rate this topic
Use login auditing to monitor SQL Server Database Engine login activity.
Login auditing can be configured to write to the error log
on the following events.
Failed logins
Successful logins
Both failed and successful logins
Lowell
--
There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1393616
Hemant.R
Hemant.R
Posted Tuesday, December 11, 2012 12:47 AM
SSC Rookie
Group: General Forum Members
Last Login: Wednesday, June 12, 2013 5:09 AM
Points: 46,
Visits: 184
login auditing can be done easily using below option.
Failed logins
Successful logins
Both failed and successful logins
which write to error log .
but if you select successful logins and Both failed and successful logins
it will create events in huge manner in errorlog,which might affect your performance of server
Hence select only failed login.
Post #1394920
johmga26ssn
johmga26ssn
Posted Wednesday, February 06, 2013 5:24 AM
Forum Newbie
Group: General Forum Members
Last Login: Thursday, February 07, 2013 2:20 PM
Points: 4,
Visits: 7
I have then tried loging into the server with an incorrect password and then checked the security logs again with event viewer and there is no event listed.
bloated stomach
Post #1416432
ssnrobtcok
ssnrobtcok
Posted Wednesday, February 20, 2013 3:16 PM
Forum Newbie
Group: General Forum Members
Last Login: Friday, February 22, 2013 12:29 PM
Points: 4,
Visits: 8
We tried to do the same and couldn't find a solution in audit vault. Be interested to know how to setup this. There is just too much noise from our app and since we trust the ip it comes from - we don't want to audit that but we need to audit if it's not from the trusted ip. we are evaluating a 3rd party tools called core audit by blue core research to do this.
business plans
Post #1422332
« Prev Topic
|
Next Topic »
13 posts, Page 1 of 2
1
2
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
