Using Error Logs

wbodger · May 4, 2007

So, looking at the most recent Error Log, I see quite a number of failed logon attempts.

Login failed for user 'web'.

However, I'm wondering if there is anyway to track down in the logs where those failed attempts are coming from?

Willie

mrdenny · May 4, 2007

Are you using SQL 2000 or SQL 2005?

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]

http://www.mrdenny.com

wbodger · May 4, 2007

Ahh.. Sorry, I am running SQL Server 2000 SP4.

mrdenny · May 4, 2007

Nope, not really. In SQL 2005 Microsoft added the IP address which is trying to log in. In SQL 2000 that information isn't provided.

About the only way that I know of is to setup SQL Profiler and have it monitor for the "Audit Login Failed" event under "Security Audit". Add in the hostname column and remove all other events. This will give you the hostname of the users which is trying to connect.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]

http://www.mrdenny.com

wbodger · May 4, 2007

OK, thanks.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Using Error Logs

wbodger

Programmer

mrdenny

Programmer

wbodger

Programmer

mrdenny

Programmer

wbodger

Programmer

Similar threads

Part and Inventory Search

Sponsor