Enable Logging of both failed and successful logins on Linux
-
Anyone seen how you do this? On a Windows Environment you can just do this via the Server Properties Window, and on the Security Pane (like any other version of SQL) there's a radio button for it. SQL Server on Linux has no such Security Pane. Ideas?
Is this a feature that isn't out yet, or are we expected to use the logs on the Linux side?
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk -
No idea. I don't see it either and never noticed. I don't see this in the list of issues, but I asked the question of MS.
- Steve Jones - SSC Editor - Tuesday, May 29, 2018 10:15 PM
Thanks Steve.
I had completely forgotten I'd made this topic, but just had another check (as we've had a few CU's & SSMS releases) and same problem.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk -
No reply yet. I stumbled upon it, and thought that this should be there, even if it's just SQL logins.
- Steve Jones - SSC Editor - Wednesday, May 30, 2018 9:08 AM
Considering that, on SQL Server on Linux, the server is set up for SQL logins only initially (it's a lot of work to use Kerboros, and I've not entertained trying it yet without a Domain Controller at home), it would seem prudent to that failed logins are logged. O.o
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk -
Steve, did you have any luck with a response on this?
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk -
Nope, just bumped it to my MS contacts. Fingers crossed.
-
Have not forgotten. Another MVP says this doesn't work, so he uses the SQL Audit functions.
It got bumped twice from MS people, each adding another person. So far no answer, but trying to give them a week as someone might be out.
- Steve Jones - SSC Editor - Thursday, August 9, 2018 12:15 PM
Thanks Steve, I appreciate it.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk -
The answer I have back from MS is that this is not enabled for Linux. They recommend using a Server Audit and an audit specification for failed and successful logins (FAILED_LOGIN_GROUP and SUCCESSFUL_LOGIN_GROUP)
- Steve Jones - SSC Editor - Monday, August 20, 2018 11:18 AM
I wonder if that is by intention/by design, accident, or simply "oops, we forgot about that feature". Yes a Server Audit can be used, but why is such a "simple" feature available on SQL Server on Windows and not on Linux. A real shame in all honesty if they're trying to achieve parity between the 2 versions.
Thanks for chasing up though Steve, really appreciate it and the final answer.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk -
The answer I got it that there are a number of features from that security tab that write to the registry, which doesn't exist on Windows. I think the Windows feature is hokey, though SQL Audit is a bit of a mess as well, but I suspect they are pushing Audit/XE for most of the way forward for those types of actions.
Viewing 12 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply