SQL Server Audit Log Event ID 24047

Source	SQL Server (LOGbinder SQL)
Action Group	AUDIT_CHANGE_GROUP
Windows Security Log
Category • Subcategory	Object Access • Application Generated
Type	Success

24047: Issued a create server audit specification command (action_id CR class_type SA)

This is an event from SQL Server audit event from LOGbinder SQL generated by Action Group AUDIT_CHANGE_GROUP.

On this page

Description of this event
Field level details
Examples
Mini-seminars on this event

A create server audit specification command was issued

Free Security Log Resources by Randy

Description Fields in 24047

Field		Description
Occurred		When event was reported by SQL Server
Authorization result		If the command passed authorization checks
Session ID		ID of the session on which the event occurred
User
Server
Audit Specification Name		Defines which Audit Action Groups will be audited for the entire server (Server Audit Specification) or database (Database Audit Specification). See SQL Server Audit Policy .
Statement		Transact-SQL statement

Supercharger Free Edition

Supercharger's built-in Xpath filters leave the noise behind.

Free.

Where Does This Event Come From?

This Event Is Produced By

Which Integrates with Your SIEM

Issued a create server audit specification command
A create server audit specification command was issued
Action Group: AUDIT_CHANGE_GROUP
Occurred: 8/22/2013 6:07:48.0000000 PM
Authorization result: Access allowed
Session ID: 67
User: LB\Administrator
Server: DEV3
Audit Name: TestServerAuditSpec
Statement: CREATE SERVER AUDIT SPECIFICATION TestServerAuditSpec; FOR SERVER AUDIT TestServerAudit; ADD (APPLICATION_ROLE_CHANGE_PASSWORD_GROUP),; ADD (AUDIT_CHANGE_GROUP),; ADD (BACKUP_RESTORE_GROUP),; ADD (BROKER_LOGIN_GROUP),; ADD (DATABASE_CHANGE_GROUP),; ADD (DATABASE_MIRRORING_LOGIN_GROUP),; ADD (DATABASE_OBJECT_ACCESS_GROUP),; ADD (DATABASE_OBJECT_CHANGE_GROUP),; ADD (DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP),; ADD (DATABASE_OBJECT_PERMISSION_CHANGE_GROUP),; ADD (DATABASE_OPERATION_GROUP),; ADD (DATABASE_OWNERSHIP_CHANGE_GROUP),; ADD (DATABASE_PERMISSION_CHANGE_GROUP),; ADD (DATABASE_PRINCIPAL_CHANGE_GROUP),; ADD (DATABASE_PRINCIPAL_IMPERSONATION_GROUP),; ADD (DATABASE_ROLE_MEMBER_CHANGE_GROUP),; ADD (DBCC_GROUP),; ADD (FAILED_LOGIN_GROUP),; ADD (FULLTEXT_GROUP),; ADD (LOGIN_CHANGE_PASSWORD_GROUP),; ADD (SCHEMA_OBJECT_CHANGE_GROUP),; ADD (SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP),; ADD (SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP),; ADD (SERVER_OBJECT_CHANGE_GROUP),; ADD (SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP),; ADD (SERVER_OBJECT_PERMISSION_CHANGE_GROUP),; ADD (SERVER_OPERATION_GROUP),; ADD (SERVER_PERMISSION_CHANGE_GROUP),; ADD (SERVER_PRINCIPAL_CHANGE_GROUP),; ADD (SERVER_PRINCIPAL_IMPERSONATION_GROUP),; ADD (SERVER_ROLE_MEMBER_CHANGE_GROUP),; ADD (SERVER_STATE_CHANGE_GROUP),; ADD (TRACE_CHANGE_GROUP),; ADD (DATABASE_LOGOUT_GROUP),; ADD (FAILED_DATABASE_AUTHENTICATION_GROUP),; ADD (SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP),; ADD (USER_CHANGE_PASSWORD_GROUP),; ADD (USER_DEFINED_AUDIT_GROUP); WITH (STATE = OFF); ; -- 24043: Change audit state

For more information, see http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=24047

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.