I have recently noticed in the SQL logs a message
"Login failed for user 'sa'. [CLIENT 10.0.2.85]"
This has been happening a lot over quite a long period.
I know what the machine is but I cannot work out what application is causing this. I cannot find any error logs that show a problem. The timing is a bit random.
How can I go about identifying the 'culprit' ?