microsoft.public.sqlserver.notificationsvcs
[Top] [All Lists]

Re: malevolent attacks

Subject: Re: malevolent attacks
From: "David Gugick"
Date: Sun, 22 Jan 2006 12:30:45 -0500
Newsgroups: microsoft.public.sqlserver.notificationsvcs
Imtiaz wrote:
we are using SQL Server 2000 version.
How to use Login  Auditing?

Those are SQL 2005 features. You can use Profiler to capture Auditing
Events in an ad-hoc fashion or use server-side tracing (recommended).
I'd recommend you create a nightly job that stops the old trace a starts
a new one using a new trace file name.
Check out the auditing events to see which ones are of interest to you.
Decide what columns you want to capture. BOL lists the relevant columns
for each event. Design the trace from Profiler and then script it out
using the File - Script Trace option.
Take the script and incorporate a dynamic file name (using the date will
work). You can then take the script and add it to an agent job to stop
any old jobs and start up a new one. it will require some coding on your
part. Keep in mind that you cannot access trace files when they are
opened by SQL Server. Once a trace stops, you can then open the files in
Profiler or select from them using fn_trace_gettable.

--
David Gugick
Quest Software
www.quest.com




<Prev in Thread] Current Thread [Next in Thread>