Thank you for the salute Jason and Thanks for identifying the fix, Chris;
Something that might escape some folks is did you know that C2 auditing is just another version of a trace?
a lot of people think it's one of those black box/magical complex things only super dba's know, and it's all requirement for SOX compliance.
fortunately, a trace is a trace...it's just 1100 lines of events it is going to capture, compared to ~770 for the default trace.
As an example, here are a couple of traces I ran off of my SLQ2008 server; one is the trace created by C2 Auditing, and the other is one created from the default trace.
I just love looking at the details i guess.
To do it yourself, it really easy to enable the C2 Auditing to test this: it's in the SSMS, you simply right click on your server, select properties, and there is a check box on the security tab.
The C2 Audit requires a start and stop of the SQL Server to get it in place, and it becomes traceid 1, with the default trace = traceid 2; I had really grown accustomed to the default trace being traceid = 1, so it was another thing to learn on this one that it could move around.
here is a link to download the version whitht he correction that Chris identified:
--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!