sys.server_file_audits (Transact-SQL)
Applies to: SQL Server
Contains extended information about the file audit type in a SQL Server audit on a server instance. For more information, see SQL Server Audit (Database Engine).
Column name | Data type | Description |
---|---|---|
audit_id | int | ID of the audit. |
name | sysname | Name of the audit. |
audit_guid | uniqueidentifier | GUID of the audit. |
create_date | datetime | UTC date when the file audit was created. |
modify_date | datetime | UTC date when the file audit was last modified. |
principal_id | int | ID of the owner of the audit as registered on the server. |
type | char(2) | Audit type: SL = NT Security event log AL = NT Application event log FL = File on file system |
type_desc | nvarchar(60) | Audit type description. |
on_failure | tinyint | On Failure condition: 0 = Continue 1 = Shut down server instance 2 = Fail operation |
on_failure_desc | nvarchar(60) | On Failure to write an action entry: CONTINUE SHUTDOWN SERVER INSTANCE FAIL OPERATION |
is_state_enabled | tinyint | 0 = Disabled 1 = Enabled |
queue_delay | int | Suggested maximum time, in milliseconds, to wait before writing to disk. If 0, the audit will guarantee a write before the event can continue. |
predicate | nvarchar(8000) | Predicate expression that is applied to the event. |
max_file_size | bigint | Maximum size, in megabytes, of the audit: 0 = Unlimited/Not applicable to the type of audit selected. |
max_rollover_files | int | Maximum number of files to use with the rollover option. |
max_files | int | Maximum number of files to use without the rollover option. |
reserved_disk_space | int | Amount of disk space to reserve per file. |
log_file_path | nvarchar(260) | Path to where audit is located. File path for file audit, application log path for application log audit. |
log_file_name | nvarchar(260) | Base name for the log file supplied in the CREATE AUDIT DDL. An incremental number is added to the base_log_name file as a suffix to create the log file name. |
Permissions
Principals with the ALTER ANY SERVER AUDIT or VIEW ANY DEFINITION permission have access to this catalog view. In addition, the principal must not be denied VIEW ANY DEFINITION permission.
The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.
See Also
CREATE SERVER AUDIT (Transact-SQL)
ALTER SERVER AUDIT (Transact-SQL)
DROP SERVER AUDIT (Transact-SQL)
CREATE SERVER AUDIT SPECIFICATION (Transact-SQL)
ALTER SERVER AUDIT SPECIFICATION (Transact-SQL)
DROP SERVER AUDIT SPECIFICATION (Transact-SQL)
CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER DATABASE AUDIT SPECIFICATION (Transact-SQL)
DROP DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER AUTHORIZATION (Transact-SQL)
sys.fn_get_audit_file (Transact-SQL)
sys.server_audits (Transact-SQL)
sys.server_file_audits (Transact-SQL)
sys.server_audit_specifications (Transact-SQL)
sys.database_audit_specifications (Transact-SQL)
sys.database_audit_specification_details (Transact-SQL)
sys.dm_server_audit_status (Transact-SQL)
sys.dm_audit_actions (Transact-SQL)
sys.dm_audit_class_type_map (Transact-SQL)
Create a Server Audit and Server Audit Specification