I have Login Audits for both failed and successful. How do i view the actual logs? Where are they located?
https://docs.microsoft.com/en-us/sql/ssms/configure-login-auditing-sql-server-management-studio
Is there a way to ignore service accounts?
auditsql server
I have Login Audits for both failed and successful. How do i view the actual logs? Where are they located?
https://docs.microsoft.com/en-us/sql/ssms/configure-login-auditing-sql-server-management-studio
Is there a way to ignore service accounts?
Best Answer
I would change the setting in properties to
None
and set up a security audit where you have better control on what you want to audit, for how long you want to retain the result and exclude account you do not want to audit.Create a Server Audit Specification for Failed login only. You can add other
audit action type
as you need.This script will create a new login fail audit. Replace filepath, maxsize, max_files. To exclude service account replace the value where I have
ServiceAccount
in the script.Use this process as documented in below link to read the audit file.
https://docs.microsoft.com/en-us/sql/relational-databases/system-functions/sys-fn-get-audit-file-transact-sql
Two more resource to learn about security audit.