Sqlserver-dba.com

Search

Subscribe

Subscribe to RSS feed  Follow @jackvamvas - Twitter

Enjoy this post? Enter your email address for updates on new posts:

Delivered by FeedBurner

Email +Jack Vamvas at jack@sqlserver-dba.com

Categories

SQLServer-DBA.com Links

Subscribe to newsletter

Dba_db2_button

Recent Posts

Powered by TypePad
SQL Server - Powershell and Failed Logon attempts

20 July,2012 by Jack Vamvas

Analysing SQL Server Failed logon attempts generates some interesting findings.

Read How to manage Failed Logon attempts  and Powershell and ErrorLogs  for some background information

I’ve implemented  a daily report on Failed Logon attempts . If  there is something obvious, I analyse and feedback to the relevant application\technology owner. Otherwise I log the failed logon attempts onto a service call. The expectation is for an application owner to verify the failed logon attempt .

 Some things I’ve discovered:

1)       Legacy Scheduled jobs –  the application was decommissioned but components still existed

2)       Aspects of current applications not working properly.

3)       Logon attempts by individuals , who shouldn’t be accessing

This Powershell script – iterates through a list of SQL Server Instances. It  creates a System.Data.Table , and places the results of every  failed logon attempt in the last 24 hrs.

The script pipes the System.Data.Table into a html file.

Read SQL Server – Send email using Powershell with attachment  to incorporate email with this report

                                              
set-location D:\health\SQL_Server
$isodate=Get-Date -format s 
$isodate=$isodate -replace(":","")
$basepath=(Get-Location -PSProvider FileSystem).ProviderPath


$serverpath=$basepath + "\config\instances.txt"
$outputfile="\logs\sql_server_health_SQL_Server_Login_Failed_" + $isodate + ".html"
$outputfilefull = $basepath + $outputfile


$dt = new-object "System.Data.DataTable"
foreach ($instance in get-content $serverpath)
{
    $instance
    $cn = new-object System.Data.SqlClient.SqlConnection "server=$instance;database=msdb;Integrated Security=sspi"
    $cn.Open()
    $sql = $cn.CreateCommand()
    $sql.CommandText = "DECLARE @sqlStatement1 VARCHAR(200)
		SET @sqlStatement1 = 'master.dbo.xp_readerrorlog'
            BEGIN		
            CREATE TABLE #Errors_t2 (LogDate DATETIME,ProcessInfo NVARCHAR(50),vchMessage varchar(2000))
		INSERT #Errors_t2 EXEC @sqlStatement1
		SELECT @@servername as Server , LogDate, RTRIM(LTRIM(vchMessage)) as Message FROM #Errors_t2 WHERE 
		([vchMessage] like '%Login failed%'
		AND DATEDIFF(hh, LogDate, GETDATE()) <= 24
            )
	      DROP TABLE #Errors_t2
	       END"
    $rdr = $sql.ExecuteReader()
    $dt.Load($rdr)
    $cn.Close()

    
}

$dt | select * -ExcludeProperty RowError, RowState, HasErrors, Name, Table, ItemArray | ConvertTo-Html -head $reportstyle -body "
SQL Server Login Failed in the last 24 hrs 
" | Set-Content $outputfilefull

 Read More

How to create a SQL Server Security Audit - SQL Server DBA

Powershell sql server security audit - SQL Server DBA

SQL Server - Database Server Security Audit Process - SQL Server ...

SQL Server – Find current user and sysadmin


Author: Jack Vamvas (http://www.sqlserver-dba.com)

Enjoy this post? Enter your email address for updates on new posts:

Delivered by FeedBurner

Posted by Jack Vamvas at 6:23 AM in DBA Scripts, Powershell, Security Management | Permalink | Comments (2) | TrackBack (0)

Searches: , , ,

I ran the script on powershell its showing no errors but where do i view the html report??

Posted by: Rayy | Oct 30, 2012 11:02:52 PM

Hi Rayy, if you notice on the very last line there is a variable $outputfilefull . That variable is the path of the html file. Further up the script (at the top) you'll see some example paths. $outputfilefull is made up of $basepath and $outputfile . Change those paths to where you want the file saved. $outputfile includes the actual file name. Let me know how you get on

Posted by: Jack Vamvas | Oct 31, 2012 9:05:06 AM

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer