audit login fail and restrict number of atempt

Hi everybody,
I found 100 entries with milisecond
difference in error log
"Login failed for user 'sa'"

does it look like attack ?

1. Can I restrict number of failed login ?
2. What events to trace in order to get
ip address for for station that trying to login as sa and fail?

Thank you

Alex

1. With Sql server login you can't restrict number of attempts, this is one the reasons to go Windows Authentication.

2. You may have to use a network monitoring tool.