http://itknowledgeexchange.techtarget.com/sql-server/whos-been-logging-into-my-sql-server/ Tue, 24 Nov 2009 01:08:34 +0000 http://wordpress.org/?v=2.6.2 http://itknowledgeexchange.techtarget.com/sql-server/whos-been-logging-into-my-sql-server/#comment-240 DavidHay Tue, 30 Jun 2009 19:01:15 +0000 http://itknowledgeexchange.techtarget.com/sql-server/whos-been-logging-into-my-sql-server/#comment-240 I just set up a job and trace for all logins and failed logins, the way cosmictrickster said with a few exceptions. It dumps hourly to disk, then loads summary into a table. I don't filter anything, I can do that on the way out. I can then catch developers who are using admin accounts based on the host name in the trace. I then set SSRS to email a daily login report for my main production servers each morning. I just set up a job and trace for all logins and failed logins, the way cosmictrickster said with a few exceptions. It dumps hourly to disk, then loads summary into a table. I don’t filter anything, I can do that on the way out. I can then catch developers who are using admin accounts based on the host name in the trace. I then set SSRS to email a daily login report for my main production servers each morning.

]]> http://itknowledgeexchange.techtarget.com/sql-server/whos-been-logging-into-my-sql-server/#comment-239 Cosmictrickster Mon, 29 Jun 2009 19:51:44 +0000 http://itknowledgeexchange.techtarget.com/sql-server/whos-been-logging-into-my-sql-server/#comment-239 Or you could do what I have done: create a stored procedure that runs on SQL startup which creates a server-side trace. In my case, it logs to a file, but you could log to a table as well. In that trace, I filter out noise like service accounts (ever seen how many logins MOSS makes?). It's not a complete record of logins, but it's easier to track things if you filter out the noise. Besides, if somebody was using a service account to access the server, their accesses would get lost in the noise and I would say you have a little more to worry about - someone got the password to one of the service accounts! You either have poor security or somebody has some elevated rights they probably shouldn't have. Or you could do what I have done: create a stored procedure that runs on SQL startup which creates a server-side trace. In my case, it logs to a file, but you could log to a table as well. In that trace, I filter out noise like service accounts (ever seen how many logins MOSS makes?). It’s not a complete record of logins, but it’s easier to track things if you filter out the noise. Besides, if somebody was using a service account to access the server, their accesses would get lost in the noise and I would say you have a little more to worry about - someone got the password to one of the service accounts! You either have poor security or somebody has some elevated rights they probably shouldn’t have.

]]>