sys.server_file_audits (Transact-SQL)

 

Updated: April 5, 2016

THIS TOPIC APPLIES TO:yesSQL Server (starting with 2008)noAzure SQL DatabasenoAzure SQL Data Warehouse noParallel Data Warehouse

Contains extended information about the file audit type in a SQL Server audit on a server instance. For more information, see SQL Server Audit (Database Engine).

Column nameData typeDescription
audit_idintID of the audit.
namesysnameName of the audit.
audit_guiduniqueidentifierGUID of the audit.
create_datedatetimeUTC date when the file audit was created.
modify_datedatatimeUTC date when the file audit was last modified.
principal_idintID of the owner of the audit as registered on the server.
typechar(2)Audit type:

0 = NT Security event log

1 = NT Application event log

2 = File on file system
type_descnvarchar(60)Audit type description.
on_failuretinyintOn Failure condition:

0 = Continue

1 = Shut down server instance

2 = Fail operation
on_failure_descnvarchar(60)On Failure to write an action entry:

CONTINUE

SHUTDOWN SERVER INSTANCE

FAIL OPERATION
is_state_enabledtinyint0 = Disabled

1 = Enabled
queue_delayintSuggested maximum time, in milliseconds, to wait before writing to disk. If 0, the audit will guarantee a write before the event can continue.
predicatenvarchar(8000)Predicate expression that is applied to the event.
max_file_sizebigintMaximum size, in megabytes, of the audit:

0 = Unlimited/Not applicable to the type of audit selected.
max_rollover_filesintMaximum number of files to use with the rollover option.
max_filesintMaximum number of files to use without the rollover option.
reserved_disk_spaceintAmount of disk space to reserve per file.
log_file_pathnvarchar(260)Path to where audit is located. File path for file audit, application log path for application log audit.
log_file_namenvarchar(260)Base name for the log file supplied in the CREATE AUDIT DDL. An incremental number is added to the base_log_name file as a suffix to create the log file name.

Principals with the ALTER ANY SERVER AUDIT or VIEW ANY DEFINITION permission have access to this catalog view. In addition, the principal must not be denied VIEW ANY DEFINITION permission.

The visibility of the metadata in catalog views is limited to securables that a user either owns or on which the user has been granted some permission. For more information, see Metadata Visibility Configuration.

CREATE SERVER AUDIT (Transact-SQL)
ALTER SERVER AUDIT (Transact-SQL)
DROP SERVER AUDIT (Transact-SQL)
CREATE SERVER AUDIT SPECIFICATION (Transact-SQL)
ALTER SERVER AUDIT SPECIFICATION (Transact-SQL)
DROP SERVER AUDIT SPECIFICATION (Transact-SQL)
CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER DATABASE AUDIT SPECIFICATION (Transact-SQL)
DROP DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER AUTHORIZATION (Transact-SQL)
sys.fn_get_audit_file (Transact-SQL)
sys.server_audits (Transact-SQL)
sys.server_file_audits (Transact-SQL)
sys.server_audit_specifications (Transact-SQL)
sys.database_audit_specifications (Transact-SQL)
sys.database_audit_specification_details (Transact-SQL)
sys.dm_server_audit_status (Transact-SQL)
sys.dm_audit_actions (Transact-SQL)
sys.dm_audit_class_type_map (Transact-SQL)
Create a Server Audit and Server Audit Specification

Community Additions

ADD
Show: