• Skip to main content
  • Skip to primary sidebar

DBA Diaries

Thoughts and experiences of a DBA working with SQL Server and MySQL

Auditing SQL Server Logins

June 30, 2012 by Andy Hayes 1 Comment

Auditing SQL Server logins is done by way of writing audit information to the SQL Server Logs found under “Management->SQL Server Logs” in Management Studio.

In order to enable auditing of SQL Server logins, a simple operation needs to be performed by changing settings in the properties of the SQL Server.

Auditing levels vary. It’s possible to audit just failed logins, both failed and successful logins or just successful logins.

To enable auditing, in Management Studio right mouse click your SQL Server and choose “Properties”. Under “Select a page”, choose “Security” and the following options will be displayed.

auditing sql server logins

A restart of the SQL Server service is needed for any changes to the SQL Server login auditing to take effect.

After the restart, the server will being auditing all login activity based on the setting chosen.

Please be aware that this can create very large log files in your log directory should you have a busy server with lots of connection activity and if you have enabled logging to log successful logins. Logging will also be recorded in your Windows application event log.

I wrote this post recently on how you can quickly reclaim space consumed by your sql server error logs using sp_cycle_errorlog

The resulting output found in the SQL Server logs will look similar to this

2012-06-30 10:18:19.44 Logon Login succeeded for user ‘NT ServiceMSSQL$SQLSERVER2012’. Connection made using Windows authentication. [CLIENT: ]
2012-06-30 10:18:19.57 Logon Login succeeded for user ‘NT ServiceMSSQL$SQLSERVER2012’. Connection made using Windows authentication. [CLIENT: ]
2012-06-30 10:28:14.29 Logon Error: 18456, Severity: 14, State: 8.
2012-06-30 10:28:14.29 Logon Login failed for user ‘andy’. Reason: Password did not match that for the login provided. [CLIENT:]
2012-06-30 10:43:18.98 Logon       Login failed for user ‘test’. Reason: Could not find a login matching the name provided. [CLIENT: <local machine>]

Why would I audit SQL Server logins?

I typically use it to help figure out why connections to the database server are failing. If your application is having trouble connecting to your database server then this login information is great to have because it helps to tell you how far along in the authentication process the connection is.

If no entry for the user connecting is recorded then the application is not even getting as far as the database server. If output similar to the last two entries is seen then the error is detailed enough to help you easily figure out why there is a connection issue.

You may also be having some other security problem so these logs are very useful tool to the DBA to help troubleshoot problems with SQL Server security.

 

Related Posts:

  • How to fix "conversion failed when converting date and/or time from character string"
    How to fix "conversion failed when converting date…
  • sql grouping sets
    Using SQL GROUPING SETS for Multiple GROUP BY…

Filed Under: All Articles, SQL Server Security Tagged With: security, sql server

About Andy Hayes

Andy Hayes is a DBA working with SQL Server since version 7.0. He has a wonderful wife and two beautiful children. He loves database technology, playing cricket, and blogging. He is passionate about sharing his experiences as a DBA and learning more to further his understanding and knowledge. You can follow me on Twitter, check out my Facebook page or follow me on Google+

Reader Interactions

Comments

  1. Wesley Mota says

    July 19, 2018 at 6:09 am

    Excellent job, post how to read the log files using T-SQL if I want to filter a specific user and put the information in the table.

    Thanks!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • All Articles (84)
  • Career Development (8)
  • MySQL Administration (18)
  • MySQL Performance (2)
  • SQL Server Administration (24)
  • SQL Server News (3)
  • SQL Server Performance (14)
  • SQL Server Security (3)
  • SQL Tips and Tricks (21)

Top 10 Popular Posts

  • Using sp_change_users_login to fix SQL Server orphaned users
  • MySQL SHOW USERS? – How to List All MySQL Users and Privileges
  • How to shrink tempdb
  • How to Transfer Logins to Another SQL Server or Instance
  • How to Delete Millions of Rows using T-SQL with Reduced Impact
  • T-SQL – How to Select Top N Rows for Each Group Using ROW_NUMBER()
  • New T-SQL features in SQL Server 2012 – OFFSET and FETCH
  • How to Kill All MySQL Processes For a Specific User
  • Using exec sp_who2 to help with SQL Server troubleshooting
  • How to fix “conversion failed when converting date and/or time from character string”

Recent Posts

  • How to fix “conversion failed when converting date and/or time from character string”
  • Using SQL GROUPING SETS for Multiple GROUP BY Queries in a Single Query
  • How to Setup MySQL Master Master Replication
  • How To Use SQL to Convert a STRING to an INT
  • How to set up MySQL Replication Tutorial

Search

Connect

  • Twitter
  • Facebook
  • RSS

About

  • Cookie Policy
  • Disclaimer
  • About
Copyright ©