locked
Auditing contained database authentication RRS feed

  • Question

  • Hello!

    One more question on auditing, please:

    This page says:

    FAILED_DATABASE_AUTHENTICATION_GROUP Indicates that a principal tried to log on to a contained database and failed. Events in this class are raised by new connections or by connections that are reused from a connection pool. This event is raised.

    SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP Indicates that a principal successfully logged in to a contained database.

    I create a new audit specification

    ...and try to connect to the Test contained database using Windows-based and SQL-based db user (I make two successfull and two failed connection attempts), for example:


    Now I expect to see these 2 succsessful and two failed connection attempts in the log, but it produces only the success-related events:


    I failed (in other tests as well) to make the server log the failed connections - what am I doing wrong?

    Thank you in advance,
    Michael

    Thursday, September 26, 2019 3:30 PM

All replies

  • This is s long shot, but, what is your setting under the properties of the instance (security) set to? "Both failed and successful logins"?

    Thursday, September 26, 2019 4:09 PM
  • "None" - this setting does not affect the ability of the auditing feature to capture logins. (at least I have no problem auditing server-based failed and successful logings). As far as I know the instance setting turns on/off the login auditing to the SQL log - not to the audit file.
    • Edited by MF47 Friday, September 27, 2019 8:19 AM
    Friday, September 27, 2019 8:16 AM
  • With "Both failed and successful logins" the issue persists.
    Friday, September 27, 2019 11:47 AM