sys.server_file_audits (Transact-SQL)

Applies to: SQL Server

Contains extended information about the file audit type in a SQL Server audit on a server instance. For more information, see SQL Server Audit (Database Engine).

Column name Data type Description
audit_id int ID of the audit.
name sysname Name of the audit.
audit_guid uniqueidentifier GUID of the audit.
create_date datetime UTC date when the file audit was created.
modify_date datatime UTC date when the file audit was last modified.
principal_id int ID of the owner of the audit as registered on the server.
type char(2) Audit type:

SL = NT Security event log

AL = NT Application event log

FL = File on file system
type_desc nvarchar(60) Audit type description.
on_failure tinyint On Failure condition:

0 = Continue

1 = Shut down server instance

2 = Fail operation
on_failure_desc nvarchar(60) On Failure to write an action entry:

CONTINUE

SHUTDOWN SERVER INSTANCE

FAIL OPERATION
is_state_enabled tinyint 0 = Disabled

1 = Enabled
queue_delay int Suggested maximum time, in milliseconds, to wait before writing to disk. If 0, the audit will guarantee a write before the event can continue.
predicate nvarchar(8000) Predicate expression that is applied to the event.
max_file_size bigint Maximum size, in megabytes, of the audit:

0 = Unlimited/Not applicable to the type of audit selected.
max_rollover_files int Maximum number of files to use with the rollover option.
max_files int Maximum number of files to use without the rollover option.
reserved_disk_space int Amount of disk space to reserve per file.
log_file_path nvarchar(260) Path to where audit is located. File path for file audit, application log path for application log audit.
log_file_name nvarchar(260) Base name for the log file supplied in the CREATE AUDIT DDL. An incremental number is added to the base_log_name file as a suffix to create the log file name.

Permissions

Principals with the ALTER ANY SERVER AUDIT or VIEW ANY DEFINITION permission have access to this catalog view. In addition, the principal must not be denied VIEW ANY DEFINITION permission.

The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.

See Also

CREATE SERVER AUDIT (Transact-SQL)
ALTER SERVER AUDIT (Transact-SQL)
DROP SERVER AUDIT (Transact-SQL)
CREATE SERVER AUDIT SPECIFICATION (Transact-SQL)
ALTER SERVER AUDIT SPECIFICATION (Transact-SQL)
DROP SERVER AUDIT SPECIFICATION (Transact-SQL)
CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER DATABASE AUDIT SPECIFICATION (Transact-SQL)
DROP DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER AUTHORIZATION (Transact-SQL)
sys.fn_get_audit_file (Transact-SQL)
sys.server_audits (Transact-SQL)
sys.server_file_audits (Transact-SQL)
sys.server_audit_specifications (Transact-SQL)
sys.database_audit_specifications (Transact-SQL)
sys.database_audit_specification_details (Transact-SQL)
sys.dm_server_audit_status (Transact-SQL)
sys.dm_audit_actions (Transact-SQL)
sys.dm_audit_class_type_map (Transact-SQL)
Create a Server Audit and Server Audit Specification