| title | sys.server_file_audits (Transact-SQL) | ||||
|---|---|---|---|---|---|
| description | sys.server_file_audits (Transact-SQL) | ||||
| author | sravanisaluru | ||||
| ms.author | srsaluru | ||||
| ms.date | 03/23/2022 | ||||
| ms.service | sql | ||||
| ms.subservice | system-objects | ||||
| ms.topic | reference | ||||
| f1_keywords |
|
||||
| helpviewer_keywords |
|
||||
| dev_langs |
|
[!INCLUDE SQL Server]
Contains extended information about the file audit type in a [!INCLUDEssNoVersion] audit on a server instance. For more information, see SQL Server Audit (Database Engine).
| Column name | Data type | Description |
|---|---|---|
| audit_id | int | ID of the audit. |
| name | sysname | Name of the audit. |
| audit_guid | uniqueidentifier | GUID of the audit. |
| create_date | datetime | UTC date when the file audit was created. |
| modify_date | datetime | UTC date when the file audit was last modified. |
| principal_id | int | ID of the owner of the audit as registered on the server. |
| type | char(2) | Audit type: SL = NT Security event log AL = NT Application event log FL = File on file system |
| type_desc | nvarchar(60) | Audit type description. |
| on_failure | tinyint | On Failure condition: 0 = Continue 1 = Shut down server instance 2 = Fail operation |
| on_failure_desc | nvarchar(60) | On Failure to write an action entry: CONTINUE SHUTDOWN SERVER INSTANCE FAIL OPERATION |
| is_state_enabled | tinyint | 0 = Disabled 1 = Enabled |
| queue_delay | int | Suggested maximum time, in milliseconds, to wait before writing to disk. If 0, the audit will guarantee a write before the event can continue. |
| predicate | nvarchar(8000) | Predicate expression that is applied to the event. |
| max_file_size | bigint | Maximum size, in megabytes, of the audit: 0 = Unlimited/Not applicable to the type of audit selected. |
| max_rollover_files | int | Maximum number of files to use with the rollover option. |
| max_files | int | Maximum number of files to use without the rollover option. |
| reserved_disk_space | int | Amount of disk space to reserve per file. |
| log_file_path | nvarchar(260) | Path to where audit is located. File path for file audit, application log path for application log audit. |
| log_file_name | nvarchar(260) | Base name for the log file supplied in the CREATE AUDIT DDL. An incremental number is added to the base_log_name file as a suffix to create the log file name. |
| retention_days | int | Lifetime in days of the audit log file. Applies to Azure SQL Database and Azure SQL Managed Instance 0 = Unlimited. |
Principals with the ALTER ANY SERVER AUDIT or VIEW ANY DEFINITION permission have access to this catalog view. In addition, the principal must not be denied VIEW ANY DEFINITION permission.
[!INCLUDEssCatViewPerm] For more information, see Metadata Visibility Configuration.
CREATE SERVER AUDIT (Transact-SQL)
ALTER SERVER AUDIT (Transact-SQL)
DROP SERVER AUDIT (Transact-SQL)
CREATE SERVER AUDIT SPECIFICATION (Transact-SQL)
ALTER SERVER AUDIT SPECIFICATION (Transact-SQL)
DROP SERVER AUDIT SPECIFICATION (Transact-SQL)
CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER DATABASE AUDIT SPECIFICATION (Transact-SQL)
DROP DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER AUTHORIZATION (Transact-SQL)
sys.fn_get_audit_file (Transact-SQL)
sys.server_audits (Transact-SQL)
sys.server_file_audits (Transact-SQL)
sys.server_audit_specifications (Transact-SQL)
sys.database_audit_specifications (Transact-SQL)
sys.database_audit_specification_details (Transact-SQL)
sys.dm_server_audit_status (Transact-SQL)
sys.dm_audit_actions (Transact-SQL)
sys.dm_audit_class_type_map (Transact-SQL)
Create a Server Audit and Server Audit Specification