Tracing non-trusted login failures

[moonshadow]

Is there anyway to trace the origin of login failures under standard logins ? For example, we may have someone trying to guess passwords for logins for one of our SQL Servers, and we want to trace the origin - either machine name or NT Login account. At the moment, all we have is SQL Server reporting that the Login failed.

 

[tlbroadbent]

Use SQL Profiler to setup a trace of login failures. Terry L. Broadbent
FAQ183-874 contains tips for posting questions in these forums.
NOTE: Reference to the FAQ is not directed at any individual.

 

[moonshadow]

unfortunately that doesn't seem to report hostname, NT user name or any other useful information when the user fails to log in but only when successful. We're running SQL 7 by the way.

 

[moonshadow]

I think this may be a bug in SQL Server SP2. I've read elsewhere that this is corrected in SP3 (which we're not allowed to install here without 2 years of testing (or some other similarly ludicrous amount of time)). Can anyone else confirm this ? I.e. with SP3 will SQL 7 report the hostname of anyone who fails to login using standard security?