sys.server_file_audits (Transact-SQL)

Contains extended information about the file audit type in a SQL Server audit on a server instance. For more information, see SQL Server Audit (Database Engine).

Column name

Data type

Description

audit_id

int

ID of the audit.

name

sysname

Name of the audit.

audit_guid

uniqueidentifier

GUID of the audit.

create_date

datetime

UTC date when the file audit was created.

modify_date

datatime

UTC date when the file audit was last modified.

principal_id

int

ID of the owner of the audit as registered on the server.

type

char(2)

Audit type:

0 = NT Security event log

1 = NT Application event log

2 = File on file system

type_desc

nvarchar(60)

Audit type description.

on_failure

tinyint

On Failure condition:

0 = Continue

1 = Shut down server instance

2 = Fail operation

on_failure_desc

nvarchar(60)

On Failure to write an action entry:

CONTINUE

SHUTDOWN SERVER INSTANCE

FAIL OPERATION

is_state_enabled

tinyint

0 = Disabled

1 = Enabled

queue_delay

int

Suggested maximum time, in milliseconds, to wait before writing to disk. If 0, the audit will guarantee a write before the event can continue.

predicate

nvarchar(8000)

Predicate expression that is applied to the event.

max_file_size

bigint

Maximum size, in megabytes, of the audit:

0 = Unlimited/Not applicable to the type of audit selected.

max_rollover_files

int

Maximum number of files to use with the rollover option.

max_files

int

Maximum number of files to use without the rollover option.

reserved_disk_space

int

Amount of disk space to reserve per file.

log_file_path

nvarchar(260)

Path to where audit is located. File path for file audit, application log path for application log audit.

log_file_name

nvarchar(260)

Base name for the log file supplied in the CREATE AUDIT DDL. An incremental number is added to the base_log_name file as a suffix to create the log file name.

Permissions

Principals with the VIEW AUDIT STATE permission have access to this catalog view.

The visibility of the metadata in catalog views is limited to securables that a user either owns or on which the user has been granted some permission. For more information, see Metadata Visibility Configuration.

See Also

Reference

CREATE SERVER AUDIT (Transact-SQL)

ALTER SERVER AUDIT (Transact-SQL)

DROP SERVER AUDIT (Transact-SQL)

CREATE SERVER AUDIT SPECIFICATION (Transact-SQL)

ALTER SERVER AUDIT SPECIFICATION (Transact-SQL)

DROP SERVER AUDIT SPECIFICATION (Transact-SQL)

CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL)

ALTER DATABASE AUDIT SPECIFICATION (Transact-SQL)

DROP DATABASE AUDIT SPECIFICATION (Transact-SQL)

ALTER AUTHORIZATION (Transact-SQL)

sys.fn_get_audit_file (Transact-SQL)

sys.server_audits (Transact-SQL)

sys.server_file_audits (Transact-SQL)

sys.server_audit_specifications (Transact-SQL)

sys.database_audit_specifications (Transact-SQL)

sys.database_audit_specification_details (Transact-SQL)

sys.dm_server_audit_status (Transact-SQL)

sys.dm_audit_actions (Transact-SQL)

sys.dm_audit_class_type_map (Transact-SQL)

Concepts

Create a Server Audit and Server Audit Specification