接收到数据库上的连接尝试失败，但没有源IP地址可供调查 [英] Receiving Failed connection attemps on DB, but no source IP address to investigate

问题描述

圣安东尼奥之后灾难，我们在数据库上收到很多失败的连接尝试.

After the San Antonio  disaster, we are getting lots of failed connection attempts on our DB.

FROM sys.event_log WHERE event_type ='connection_failed'

FROM sys.event_log WHERE event_type = 'connection_failed'

显示没有源IP地址的行，我认为这将在addl_data中.这是一行数据.

reveals rows with no source Ip address, which I would think would be in addl_data.  Here is one row of data.

< g class ="gr_ gr_31 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id ＝"31". id ="31"> MACOffice>  2018-09-11 18:55:00.0000000  2018-09-11 19:00:00.0000000  connectivity  connection_failed  7  blocked_by_firewall  2 1  2 1 ;客户 IP地址不允许访问服务器

<g class="gr_ gr_31 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="31" id="31">MACOffice</g> 2018-09-11 18:55:00.0000000 2018-09-11 19:00:00.0000000 connectivity connection_failed 7 blocked_by_firewall 2 1 Client IP address is not allowed to access the server NULL

我需要找出谁正在尝试连接到我们的数据库，但无法获取足够的信息以进行进一步调查.

I need to find out who is attempting to connect to our database but am unable to get enough info to investigate further.

谢谢你，特伦斯

推荐答案

你好，

Hello,

Have you considered to enabled threat detection in order to have probably more information and take action in case of anomalous activities?

Hope this helps.

Alberto Morillo
SQLCoffee.com

这篇关于接收到数据库上的连接尝试失败，但没有源IP地址可供调查的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！