Hi everybody,
I found 100 entries with milisecond
difference in error log
"Login failed for user 'sa'"
does it look like attack ?
1. Can I restrict number of failed login ?
2. What events to trace in order to get
ip address for for station that trying to login as sa and fail?
Thank you
Alex