SQL Server auditing for user logins
Posted on 2011-03-16
We are using SQL 2008 R2, and the requirement is rather simple, it is to have auditing for successful user logins and failed user logins to our database server.
Management wants to see: a] user name, b] time and c] application name (example: sql server management studio) used for logging-in or connect to SQL server.
We have a couple of options before us that I know of:
1. Enable ‘enable both failed and successful logins’ from server properties window.
2. Configure Audits and Server Audit Specification from Security folder in SQL Server.
However above options do not give any information about the application name used to login to SQL Server, also the other thing I notice when I tried auditing for ‘failed login’ and ‘successful login’ on my personal computer connected to my local instance, it constantly enters new ‘login success’ entries to audit file even when I am logged in once and not constantly logging-in, not sure why this happens.
And another way could be to extract from default trace and this method gives the application name but it gives information only about failed logins and not the succeeded ones. And since default traces are system created, not sure if we can configure it to log ‘login success’ information also.
We also are required to ensure not to put the server under too much stress while auditing.
Please do let me know your suggestion as to which is the best way? Is there any other way to achieve this?