Hmm. I like the idea of the audit feature, would this be the "C2 audit tracing?" If so, there was a note from a previous DBA that they did not enable this due to performance implications.
There is a trace running, which does capture login failed events (as does the login auditing,) which did not show a DB name. So I'm now wondering if perhaps someone typoed the DB name in a connection string and was trying to connect to a non-existent, never existed DB (rather than DBName they put in dbame)
Nope, its just "Auditing" - look in the "Security" node in SSMS
http://technet.microsoft.com/en-us/library/dd392015%28v=sql.100%29.aspx
I have seen the problem with the Database name not being logged. I found out which one it was by checking recently dropped databases...
Andreas
---------------------------------------------------
MVP SQL Server
Microsoft Certified Master SQL Server 2008
Microsoft Certified Solutions Master Data Platform, SQL Server 2012
www.insidesql.org/blogs/andreaswolter
www.andreas-wolter.com