SQL Server Audit Log Event ID 24047

SourceSQL Server (LOGbinder SQL)
Action GroupAUDIT_CHANGE_GROUP
Windows Security Log
Category
 • Subcategory
Object Access
 • Application Generated
Type Success

24047: Issued a create server audit specification command (action_id CR class_type SA)

This is an event from SQL Server audit event from LOGbinder SQL generated by Action Group  AUDIT_CHANGE_GROUP.

On this page

A create server audit specification command was issued

Free Security Log Resources by Randy

Description Fields in 24047

FieldDescription
OccurredWhen event was reported by SQL Server
Authorization resultIf the command passed authorization checks
Session IDID of the session on which the event occurred
User
Server
Audit Specification NameDefines which Audit Action Groups will be audited for the entire server (Server Audit Specification) or database (Database Audit Specification). See SQL Server Audit Policy .
StatementTransact-SQL statement

Supercharger Free Edition

 

Where Does This Event Come From?

This Event Is Produced By

Which Integrates with Your SIEM

Examples of 24047

Issued a create server audit specification command
A create server audit specification command was issued
Action Group: AUDIT_CHANGE_GROUP
Occurred: 8/22/2013 6:07:48.0000000 PM
Authorization result: Access allowed
Session ID: 67
User: LB\Administrator
Server: DEV3
Audit Name: TestServerAuditSpec
Statement: CREATE SERVER AUDIT SPECIFICATION TestServerAuditSpec; FOR SERVER AUDIT TestServerAudit;     ADD (APPLICATION_ROLE_CHANGE_PASSWORD_GROUP),;     ADD (AUDIT_CHANGE_GROUP),;     ADD (BACKUP_RESTORE_GROUP),;     ADD (BROKER_LOGIN_GROUP),;     ADD (DATABASE_CHANGE_GROUP),;     ADD (DATABASE_MIRRORING_LOGIN_GROUP),;     ADD (DATABASE_OBJECT_ACCESS_GROUP),;     ADD (DATABASE_OBJECT_CHANGE_GROUP),;     ADD (DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP),;     ADD (DATABASE_OBJECT_PERMISSION_CHANGE_GROUP),;     ADD (DATABASE_OPERATION_GROUP),;     ADD (DATABASE_OWNERSHIP_CHANGE_GROUP),;     ADD (DATABASE_PERMISSION_CHANGE_GROUP),;     ADD (DATABASE_PRINCIPAL_CHANGE_GROUP),;     ADD (DATABASE_PRINCIPAL_IMPERSONATION_GROUP),;     ADD (DATABASE_ROLE_MEMBER_CHANGE_GROUP),;     ADD (DBCC_GROUP),;     ADD (FAILED_LOGIN_GROUP),;     ADD (FULLTEXT_GROUP),;     ADD (LOGIN_CHANGE_PASSWORD_GROUP),;     ADD (SCHEMA_OBJECT_CHANGE_GROUP),;     ADD (SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP),;     ADD (SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP),;     ADD (SERVER_OBJECT_CHANGE_GROUP),;     ADD (SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP),;     ADD (SERVER_OBJECT_PERMISSION_CHANGE_GROUP),;     ADD (SERVER_OPERATION_GROUP),;     ADD (SERVER_PERMISSION_CHANGE_GROUP),;     ADD (SERVER_PRINCIPAL_CHANGE_GROUP),;     ADD (SERVER_PRINCIPAL_IMPERSONATION_GROUP),;     ADD (SERVER_ROLE_MEMBER_CHANGE_GROUP),;     ADD (SERVER_STATE_CHANGE_GROUP),;     ADD (TRACE_CHANGE_GROUP),;     ADD (DATABASE_LOGOUT_GROUP),;     ADD (FAILED_DATABASE_AUTHENTICATION_GROUP),;     ADD (SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP),;     ADD (USER_CHANGE_PASSWORD_GROUP),;     ADD (USER_DEFINED_AUDIT_GROUP); WITH (STATE = OFF);     ; -- 24043: Change audit state

For more information, see http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=24047

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

 

Upcoming Webinars
    Additional Resources