Is it possible to configure a SQL Server database to write audit information for logons (success and failure) to a database table that can be queried?
The requirement is to be able to generate a monthly report that captures:
Date / Time
Login Name
User Name
Source Hostname (i.e. the device where the connection is coming from)
Source Username (username on the device the connection is coming from)
Ideally we could capture that data, have it in a table somewhere and query it monthly for the report.
SQL Server Audit doesn't appear to let me capture that in a table – it seems to be a file, security log or application log and my Google Fu has not been strong enough to find anything so far to meet the requirement.
Short of a login trigger to interrogate the session and record that connection attempt in a table that can be queried later, are there any other options available?
Best Answer
Auditing of logons is set with options available through the SSMS studio or via T-SQL. You can log success or failure or both. The recommended destination is the Windows event log which can be queried with PowerShell or exported.
This fills up your event log fast as many service accounts are connecting many times a minute.
An audit policy can be created which can be more selective. From here
You can also make a system trigger but why bother when an audit policy will do the job?