Failed SQL Server logins

 30,961 0 ,

This metric returns the number of 'login failed' error messages found in the SQL Server error log file in the last hour.

Install metric...

Metrics install automatically if you have Redgate Monitor installed.

If you are using Redgate’s SQL Server monitoring tool, Redgate Monitor, you can instantly install and run this metric on your servers.

This metric returns the number of ‘login failed’ error messages found in the SQL Server error log file in the last hour.

The T-SQL for this metric uses the undocumented stored procedure: xp_readerrorlog. Once you’ve been alerted to login failures, you can find out why they occurred by running the procedure against the SQL Server error log file and searching for text similar to this:

The error state corresponds to a specific reason for failure, for example, state 5 means the user entered an invalid userid. For details of each state, see: http://blogs.msdn.com/b/sql_protocols/archive/2006/02/21/536201.aspx.

You can create additional custom metrics that read different messages in the SQL Server or SQL Agent error log file by reusing an edited version of this T-SQL. You’ll need to update the parameters for the procedure:

For example, to be alerted when the DBCC trace flag has been enabled in the last hour, replace the procedure with:

Note: There is a known issue with using xp_readerrorlog in SQL Server versions earlier than 2008 R2. The command may stop responding during execution and cause CPU usage to increase to 100%. For more details and links to fixes from Microsoft, go to http://support.microsoft.com/kb/973524.

Metric definition

Name

Failed SQL Server logins

Description

This metric returns the number of 'login failed' error messages found in the SQL Server error log file in the last hour.

The T-SQL query that will collect data

Instances to collect from

Select all

Databases to collect from

master

Collection frequency

3600

Note: If you've updated the T-SQL to read from the file more frequently, you should update the metric collection frequency to match.

Use collected or calculated values

Leave the Use a calculated rate of change between collections check box unchecked

Metric collection

Enabled

Alert definition

Alert name

Failed SQL Server logins

Description

This alert is raised when SQL Monitor detects one or more failed SQL Server logins in the last hour.

Raise an alert when the metric value goes

Above the defined threshholds

Default threshold values

High:0
Medium:
Low:

Raise an alert when the threshold is passed for

1 collection

Alert is

Enabled

30,961 Rate
Click to rate this post!
[Total: 6 Average: 4.2]

What are custom metrics?

The Redgate Monitor custom metric feature lets you run T-SQL queries against your SQL Servers to collect specific data. You can analyze and receive alerts about your custom data just like everything else Redgate Monitor collects.

But what if you don’t want to write your own queries? No problem. Redgate has brought together a range of quality custom metrics for you to use in Redgate Monitor, which are all are free, tried and tested. You can install straight away, and use the resources on this site to help you write your own.

See the Getting Started guides

What is Redgate Monitor?

Redgate Monitor is a SQL Server performance monitoring tool that gives you real-time and historical SQL Server performance data with alerts and diagnostics.

With its embedded expertise from SQL Server experts and MVPs, it gives you the information and advice you need to find and fix issues before users are even aware.

Find out more about Redgate Monitor

Featured custom metrics

  • Total database file size

    by Hugo Kornelis | 8,255 views |

    This custom metric measures the total database file size (data files and log file combined). An increase in this metric signals that a database was grown. When not done by the DBA, this is an autogrow. Excessive autogrow events should be prevented as this can result to file fragmentation. Try to manually grow files before […] Read more

  • Number of active backups and restores

    by Redgate Monitor Team | 6,311 views |

    This metric will display the total number of active backups and restores on a server. This can be used to correlate with other metrics to explain why disk IO and CPU usage could have changed. Read more

  • Full backup to odd path

    by Eelco Drost | 5,723 views |

    This custom metric queries the MSDB database to search for multiple paths for a full backup Read more

See all custom metrics

Find metrics

See all metrics