I’m trying to figure out which process is trying to connect to my SQL Server instance with a wrong password. The log file only contains the IP address from where the connection is initiated. Example:
Date 4/05/2021 9:43:34 AM Log SQL Server (Current – 5/05/2021 10:11:00 AM)
Message Login failed for user ‘SA’. Reason: Password did not match that for the login provided. [CLIENT: 10.120.1.99]
It does not log which PID from the client machine made the attempt.
I know that I can use profiler to find out which PID from which machine is responsible for this. But I do not want to keep a profiler running for this. (especially if this happens rarely, in which case I’ll need to keep the profiler running for days before I can catch such an attempt).
Is there a way to log the PID as well as the IP for such failed logons?