Article ID: 288426 - Last Review: October 29, 2003 - Revision: 3.2

FIX: Alerts Triggered Incorrectly When Security Auditing is Enabled

View products that this article applies to.
This article was previously published under Q288426
BUG #: 352091 (Shiloh_bugs)
BUG #: 101254 (SQLBUG_70)

On This Page

Expand all | Collapse all

SYMPTOMS

By default, Security Auditing informational messages have a severity of 14. However, after you set up Security Auditing on the server, you may encounter a scenario where Security Auditing informational messages raise alerts with a variety of severity levels. The alerts may be randomly triggered.
Back to the top

CAUSE

When handling the audit login messages the server incorrectly initializes the severity variable and the latter is a random value.
Back to the top

RESOLUTION

SQL Server 2000

To resolve this problem, obtain the latest service pack for Microsoft SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
290211  (http://support.microsoft.com/kb/290211/EN-US/ ) INF: How to Obtain the Latest SQL Server 2000 Service Pack
Back to the top

Hotfix

NOTE: The following hotfix was created prior to Microsoft SQL Server 2000 Service Pack 1.

The English version of this fix should have the following file attributes or later: 

   File name     Size      Time
   -------------------------------------------

   s70986i.exe   5.07 MB   3/30/2001 11:51 AM
Back to the top

SQL Server 7.0

To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301511  (http://support.microsoft.com/kb/301511/EN-US/ ) INF: How to Obtain the Latest SQL Server 7.0 Service Pack
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

SQL Server 2000
This problem was first corrected in Microsoft SQL Server 2000 Service Pack 1.

SQL Server 7.0
This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.
Back to the top

MORE INFORMATION

The alerts that occur are determined by what severity-based alerts you have currently defined. By default, SQL Server installs severity-based alerts with a severity ranging from 19 to 24.

An example of a typical Security Auditing information message is:
18454 Login succeeded for user 'Login1'. Connection: Non-Trusted.
-or-
18453 Login succeeded for user 'Domain1\Login2'. Connection: Trusted.
You may see an alert e-mail sent to you that contains the following type of severity information: 
Content-Description: SQL Server Alert System: 'Sev. 24 Errors' occurred on 
    \\SQLSERVER

From:  alertmail@company.com 
To:  jsmith@company.com
Subject:  SQL Server Alert System: 'Sev. 24 Errors' occurred on \\SQLSERVER 
Date:  Fri, 19 Jan 2001 09:36:16 -0500 

DATE/TIME:	1/19/2001 9:45:10 AM

DESCRIPTION:	18454
		Login succeeded for user 'Login1'. Connection: Non-Trusted.

COMMENT:	SQLSERVER

JOB RUN:	(None)
Back to the top
APPLIES TO
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 7.0 Standard Edition
Back to the top
Keywords: 
kbbug kbfix kbsqlserv2000sp1fix KB288426
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers