Monitor service account logins

Hello,
I've been asked to create a method of alerting if the account that the
MSSQLSERVER service runs under is used to attempt to log into the
database from another workstation. Here's what I've thought of so far:
OPTION 1: Monitoring for all login attempts. I don't want to do this as
we get about 200,000 logins an hour ( a seperate issue).
OPTION 2: I could do it via a server side trace but I'm not sure how I
could get an alert out of this without reading the trace file every
couple of minutes.
OPTION 3: I could run a query every minute that queries the
sysprocesses table but this leaves the possibility of sessions that
last under a minute not being picked up.
Can anyone think of a more elegant way of doing this? I'm leaning
towards option 2.
Cheers
DaveHello lightning-dave,

> I've been asked to create a method of alerting if the account that the
> MSSQLSERVER service runs under is used to attempt to log into the
> database from another workstation. Here's what I've thought of so far:
> OPTION 2: I could do it via a server side trace but I'm not sure how I
> could get an alert out of this without reading the trace file every
> couple of minutes.
If you are running SQL 2005, you might want to give this [0] a read and
see
if it useful in this case. Instead of having the event write to an output
table, you could have send an email, alert, whatever.
http://www.sqljunkies.com/WebLog/kt...ifications.aspx
Thank you,
Kent Tegels
DevelopMentor
http://staff.develop.com/ktegels/|||Thanks for the link. Unfortunately we're still on SQL2K - should have
mentioned that on my first message.
Kent Tegels wrote:
> Hello lightning-dave,
>
> If you are running SQL 2005, you might want to give this [0] a read an
d see
> if it useful in this case. Instead of having the event write to an output
> table, you could have send an email, alert, whatever.
> http://www.sqljunkies.com/WebLog/kt...ifications.aspx
> Thank you,
> Kent Tegels
> DevelopMentor
> http://staff.develop.com/ktegels/