August 5, 2008 at 6:00 pm
Hi,
I am trying to use SQL tokens to provide information to our network team when someone tries to brute force attack our SQL servers. So far, the $(ESCAPE_NONE(A-MSG)) token isn't returning any information. We are using an alert to track brute force attacks and it executes a job that sends us an email. While the email helps, it would be nice to have that actual message in the email (i.e. Login failed for user 'sa'. [CLIENT: xxx.xxx.xxx.xxx])
Here is part of the code within the SQL job:
PRINT ' High number of failed login alerts detected'
DECLARE @msg nvarchar(4000)
Set @msg = REPLACE("Error: $(ESCAPE_NONE(A-ERR))
Severity: $(ESCAPE_NONE(A-SEV))
Date: $(ESCAPE_NONE(STRTDT))
Time: $(ESCAPE_NONE(STRTTM))
Database: $(ESCAPE_NONE(A-DBN))
Message: $(ESCAPE_NONE(A-MSG)) ", "'", "") --'
When I print the MSG token, directly there isn't any information reported. Any idea how to resolve this using SQL tokens? If not, any other ideas on how I can pull that information and send it via a SQL job?
By the way, the server is running W2k8 Web Edition with SQL 2005 Standard Edition in this particular case.
--
Regards,
Desirée
August 6, 2008 at 7:08 am
Hi,
I was able to figure this out. The problem is the process is using two SQL jobs. The information in the token is getting lost when the alert triggers the first SQL job which detects the login failure, not the job that actually sends the notification. Duh!
Thanks,
Desirée
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply