Sql Serer Audit Successful Login Group
It appears that Michael's post is questioning Audit Trail's abaility to work with SQL Server AlwaysOn groups, but not any particular event. If you're already successfully auditing unsuccessful logins, I don't anticipate any issues auditing the successful logins too.
Successful logins for SQL Server 2005 and 2008 will have an event ID of 18454 and failed logins will have an event ID of 18456. SQL Server 2000 uses the same event ID for both, making it impossible to determine of the event signifies a success or failure without looking at the event details.
Yes, this is possible in Enterprise edition of SQL Server 2008R2 and in all editions of SQL Server starting in SQL Server 2012. We can do the auditing using the aptly named Audit object. SQL Server 2012 and above allows use of the Audit object at the server level, which is where logins occur. First
Tried using SQL Server audit feature, using SUCCESSFUL_LOGIN_GROUP, but it does not allow me to select "principal name" and specify logins that are interesting to me. Is there a workaround ? I need only certain logins to be audited, otherwise it will be millions of records in the audit file if I audit every successful login of every application
This group allows you to track logon attempts to the server that fail. To track successful logon attempts see SUCCESSFUL_LOGIN_GROUP. This is a server level audit action group only. It is not available in database audit specifications. LOGbinder for SQL Server events generated under this Audit Action Group:
How to set up and use SQL Server Audit In the previous part of the SQL Server auditing methods series, SQL Server Audit feature - Introduction , we described main features of the SQL Server Auditfeature - its main characteristics, what events it can audit and where the audit information is stored.