Comments on Who’s been logging into my SQL Server?2013-05-07T13:39:52Zhttp://itknowledgeexchange.techtarget.com/sql-server/whos-been-logging-into-my-sql-server/feed/atom/By: DavidHayDavidHayhttp://itknowledgeexchange.techtarget.com/sql-server/whos-been-logging-into-my-sql-server/#comment-2402009-06-30T19:01:15Z2009-06-30T19:01:15ZI just set up a job and trace for all logins and failed logins, the way cosmictrickster said with a few exceptions. It dumps hourly to disk, then loads summary into a table. I don’t filter anything, I can do that on the way out. I can then catch developers who are using admin accounts based on the host name in the trace. I then set SSRS to email a daily login report for my main production servers each morning.
]]>By: CosmictricksterCosmictricksterhttp://itknowledgeexchange.techtarget.com/sql-server/whos-been-logging-into-my-sql-server/#comment-2392009-06-29T19:51:44Z2009-06-29T19:51:44ZOr you could do what I have done: create a stored procedure that runs on SQL startup which creates a server-side trace. In my case, it logs to a file, but you could log to a table as well. In that trace, I filter out noise like service accounts (ever seen how many logins MOSS makes?). It’s not a complete record of logins, but it’s easier to track things if you filter out the noise. Besides, if somebody was using a service account to access the server, their accesses would get lost in the noise and I would say you have a little more to worry about – someone got the password to one of the service accounts! You either have poor security or somebody has some elevated rights they probably shouldn’t have.