An admin trying to directly access your SQL Server is a red flag that requires immediate investigation. Proper SQL Server login auditing helps you keep an eye on aberrant activity around the databases where you keep your sensitive information, so you can strengthen the security of your data and shield it from unauthorized access.
All logs with SQL Server audit events, including login events to instances, are stored in audit tables. When you need to find out who tried to access your SQL Server during a certain time period, you can leverage the capabilities of the native SQL Server management tools from Microsoft — SQL Server Management Studio and SQL Server Profiler. But keep in mind that to write queries with audit specifications in either of these tools (for instance, to get SQL Server audit information about logins or logouts), you need to be fluent in Transact-SQL, the language Management Studio is based on. And while you can use the Object Explorer interface to view your SQL Server audit data, be ready to expend a great deal of time and effort because the data is in a hard-to-read format and there are no comprehensive reports.
Although native tools can help you enable SQL Server audit of login events to instances, for efficient overall auditing of SQL Server, including SQL login auditing, you need more. For example, you need to be able to trace aberrant access attempts so you can shield your data before it’s too late.
Netwrix Auditor for SQL Server helps you keep an eye on both successful logins and failed logins, enabling you to detect and quickly investigate who tried to directly access your critical systems, and when and from which workstation each attempt was made. The solution provides complete auditing of SQL Server, supported with ready-to-use, detailed reports that you can easily subscribe to and Google-like search. These valuable features expedite the process of identifying suspicious logins or login errors and addressing questions from managers or auditors. Plus, with the solution’s cost-effective two-tiered storage (SQL database + file-based), you can keep consolidated SQL Server audit logs for years and easily access them whenever you need to.