I have a feeling someone is running a brute force password program against my
SQL Server. How can i see how many invalid attempts there was? And from which
IP Address? sp_monitor does not give me much information.
Thank you!
You can try a network sniffing utility like Network Monitor.
"DOTNETGUY" wrote:
> I have a feeling someone is running a brute force password program against my
> SQL Server. How can i see how many invalid attempts there was? And from which
> IP Address? sp_monitor does not give me much information.
> Thank you!
|||You can log failed logon attempts to the SQL Server log. Right-click the
server in Enterprise Manager and choose properties. Go to the security tab
and check the appropriate option under Audit level. Failure is I think the
default anyway. You can check the SQL Server logs, under the management
folder for the results.
From there you can see how many attempts there were, and against which
account, but that's about all the information you get. If you want more
information, you can set up a SQL Profiler trace, using the Audit Login
Failed Event.
Jacco Schalkwijk
SQL Server MVP
"DOTNETGUY" <DOTNETGUY@.discussions.microsoft.com> wrote in message
news:309EE9B2-BA33-4D7C-984E-4BA5934295C6@.microsoft.com...
>I have a feeling someone is running a brute force password program against
>my
> SQL Server. How can i see how many invalid attempts there was? And from
> which
> IP Address? sp_monitor does not give me much information.
> Thank you!
|||DOTNETGUY wrote:
> I have a feeling someone is running a brute force password program
> against my SQL Server. How can i see how many invalid attempts there
> was? And from which IP Address? sp_monitor does not give me much
> information.
> Thank you!
You can also set up a server-side trace and monitor the following event:
Security Audit: Audit Login Failed
David Gugick
Quest Software
www.imceda.com
www.quest.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment