I am trying out the new SQL Audit functionality and have created a Login Failed audit using the FAILED_LOGIN_GROUP audit action type. I have given SQL Server service the Audit security privilege in secpol.msc so it can write to the security log, and restarted it. I am successfully getting login failures for Windows authentication attempts, but I am not getting anything in the Security Log for SQL accounts, although these do show up in the SQL Server error log.Our audit gathering process scrapes the Security log, so would really like the standard login failures to go there. Is there way to do that?
↧