i have my SQL server 2005 crashing when Events log is full
I have a hacker attacking my DB with a brut force tool but whereas he does not have the password, event log registers his access attempts as Failure Audit.
I have thousands of lines of "Failure Audit" in my event log
The event logs are set to be overwritten automatically when they reach 16Mb but it's not working correctly, they r not overwriting their content.
in SQL 2005 ERRORLOG file i see:
2007-05-14 01:57:11.57 spid80 Error: 17054, Severity: 16, State: 1.
2007-05-14 01:57:11.57 spid80 The current event was not reported to the Windows Events log. Operating system error = 1502(The event log file is full.). You may need to clear the Windows Events log if it is full.
SQL Agent cannot starts because it's not able to write in the event log that it's starting and when it cannot write in event log, it does not start and my sql server crashed
My Question is simply how to fix this issue once for all
Which Windows OS are you using?|||In the event viewer, right click the "Security Log" and select "Properties" and change the radio button to "Overwrite events as needed". This will prevent the log from filling up and crashing.Actually, do this for each log.
|||You should also add a line to your firewall to prevent his IP from accessing your SQL Server. You should actually lock all users from hitting your SQL Server directly, but start with his subnet as a good first step.
No comments:
Post a Comment