Solved

SQL Server auditing for user logins

Posted on 2011-03-16
3
720 Views
Last Modified: 2012-05-11
Hi,
We are using SQL 2008 R2, and the requirement is rather simple, it is to have auditing for successful user logins and failed user logins to our database server.

Management wants to see: a] user name, b] time and c] application name (example: sql server management studio) used for logging-in or connect to SQL server.
We have a couple of options before us that I know of:
1.      Enable ‘enable both failed and successful logins’ from server properties window.
2.      Configure Audits and Server Audit Specification from Security folder in SQL Server.
However above options do not give any information about the application name used to login to SQL Server, also the other thing I notice when I tried auditing for ‘failed login’ and ‘successful login’ on my personal computer connected to my local instance, it constantly enters new ‘login success’ entries to audit file even when I am logged in once and not constantly logging-in, not sure why this happens.

And another way could be to extract from default trace and this method gives the application name but it gives information only about failed logins and not the succeeded ones. And since default traces are system created, not sure if we can configure it to log ‘login success’ information also.

We also are required to ensure not to put the server under too much stress while auditing.

Please do let me know your suggestion as to which is the best way? Is there any other way to achieve this?
0
Comment
Question by:navindba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:Daniel_PL
ID: 35150691
You can use server side traces, you can adapt following to your needs:
http://www.mssqltips.com/tip.asp?tip=1035
http://www.sqlservercentral.com/articles/Performance/71549/
http://support.microsoft.com/kb/270599

You can find trace events to catch:
http://msdn.microsoft.com/en-us/library/ms186265.aspx

Please keep in mind that such a trace in production enviroment may take quite ammount of space - I personally saw something about 700MB each 30 minutes.

0
 

Author Comment

by:navindba
ID: 35151496
Thank you for the reply.
Is there no way other than doing via server side traces? Just because it is a costly way of doing on production and it will need to run constantly for auditing requirement.
Also why are there so many ‘login success’ entries to the audit file even when I am logged-in once, as described in my original post?
0
 
LVL 14

Accepted Solution

by:
Daniel_PL earned 100 total points
ID: 35151623
It depends on the number of connections, in one of our systems there are many of them so it implies lots of entries captured by trace.
You can use SQL Server auditing, but as you wrote no program name is available :/
0

Featured Post

Percona Monitoring and Management and Grafana

Proactive monitoring is vital to a highly-available environment. We have a quick start guide on Experts Exchange for Grafana users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question