SQL Server Audit Log Event ID 24047
24047: Issued a create server audit specification command (action_id CR class_type SA)
This is an event from
SQL Server
audit event from
LOGbinder SQL
generated by
.
On this page
A create server audit specification command was issued
Free Security Log Resources by Randy
Field | Description |
Occurred | When event was reported by SQL Server |
Authorization result | If the command passed authorization checks |
Session ID | ID of the session on which the event occurred |
User | |
Server | |
Audit Specification Name | Defines which Audit Action Groups will be audited for the entire server (Server Audit Specification) or database (Database Audit Specification). See SQL Server Audit Policy . |
Statement | Transact-SQL statement |
Supercharger Free Edition
Supercharger's built-in Xpath filters leave the noise behind.
Free.
This Event Is Produced By
Which Integrates with Your SIEM
Issued a create server audit specification command
A create server audit specification command was issued
Action Group: AUDIT_CHANGE_GROUP
Occurred: 8/22/2013 6:07:48.0000000 PM
Authorization result: Access allowed
Session ID: 67
User: LB\Administrator
Server: DEV3
Audit Name: TestServerAuditSpec
Statement: CREATE SERVER AUDIT SPECIFICATION TestServerAuditSpec; FOR SERVER AUDIT TestServerAudit; ADD (APPLICATION_ROLE_CHANGE_PASSWORD_GROUP),; ADD (AUDIT_CHANGE_GROUP),; ADD (BACKUP_RESTORE_GROUP),; ADD (BROKER_LOGIN_GROUP),; ADD (DATABASE_CHANGE_GROUP),; ADD (DATABASE_MIRRORING_LOGIN_GROUP),; ADD (DATABASE_OBJECT_ACCESS_GROUP),; ADD (DATABASE_OBJECT_CHANGE_GROUP),; ADD (DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP),; ADD (DATABASE_OBJECT_PERMISSION_CHANGE_GROUP),; ADD (DATABASE_OPERATION_GROUP),; ADD (DATABASE_OWNERSHIP_CHANGE_GROUP),; ADD (DATABASE_PERMISSION_CHANGE_GROUP),; ADD (DATABASE_PRINCIPAL_CHANGE_GROUP),; ADD (DATABASE_PRINCIPAL_IMPERSONATION_GROUP),; ADD (DATABASE_ROLE_MEMBER_CHANGE_GROUP),; ADD (DBCC_GROUP),; ADD (FAILED_LOGIN_GROUP),; ADD (FULLTEXT_GROUP),; ADD (LOGIN_CHANGE_PASSWORD_GROUP),; ADD (SCHEMA_OBJECT_CHANGE_GROUP),; ADD (SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP),; ADD (SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP),; ADD (SERVER_OBJECT_CHANGE_GROUP),; ADD (SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP),; ADD (SERVER_OBJECT_PERMISSION_CHANGE_GROUP),; ADD (SERVER_OPERATION_GROUP),; ADD (SERVER_PERMISSION_CHANGE_GROUP),; ADD (SERVER_PRINCIPAL_CHANGE_GROUP),; ADD (SERVER_PRINCIPAL_IMPERSONATION_GROUP),; ADD (SERVER_ROLE_MEMBER_CHANGE_GROUP),; ADD (SERVER_STATE_CHANGE_GROUP),; ADD (TRACE_CHANGE_GROUP),; ADD (DATABASE_LOGOUT_GROUP),; ADD (FAILED_DATABASE_AUTHENTICATION_GROUP),; ADD (SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP),; ADD (USER_CHANGE_PASSWORD_GROUP),; ADD (USER_DEFINED_AUDIT_GROUP); WITH (STATE = OFF); ; -- 24043: Change audit state
For more information, see http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=24047
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection