August 16, 2005 at 7:25 am
I turned on auditing and my SQL logs filled with "Login failed for user 'lawprodcr'.". This is a known account used by my reporting system. Is there a way to find out what server or workstation is trying to make this connection? I want to known if I am being hacked, or someone just has a report running with the wrong password.
Robin HC
August 16, 2005 at 9:14 am
I don't think you can enable it thru the logs.
But you can set a profiler trace, only showing Security audit information. and it will tell you the host machine etc.
August 16, 2005 at 11:56 pm
You could also look at the windows event log which should contain an entry for each failure, not sure if it indicates workstation. As previously mentioned you could create a profiler trace looking for that specific login.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply