January 7, 2002 at 6:57 am
Hello everybody.
With my SQL servers I can only check the login id failure but not the IP address of the intruder.
Did anybody know the SQL 7 way to have the IP address of the intruder logged in my SQL logs ?
Thank's for advanced.
Dennis from ADT France.
Edited by - Kevin75000 on 01/07/2002 07:01:12 AM
Edited by - Kevin75000 on 01/07/2002 07:02:06 AM
Samantha
January 7, 2002 at 9:34 am
Is this an internal or external attack? If external, what do your firewall logs say?
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley
January 7, 2002 at 9:48 am
I'd agree with Brian. The firewall is the best place. If this is not possible, I am not sure what you can do. Profiler does not get this (the client can also supply false information). The best bet might be to setup a network sniffer (you can setup a local one using W2K/Nt. Capture all traffic and then correlate the info with the times from the SQL log. Keep in mind this can be a lot of data and is a load.
If you can get an external sniffer that is preferable, but you will have to reconcile time differences.
Steve Jones
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply