We have set up alerts to notify the DBA team if a table has been illegally accessed. Selecting message 229 and tying it to an alert does a nice job of letting you know what table and what kind of access they were trying to get. It writes it both to the event log and SQL server log. In the SQL server log it also shows the spid # that was trying to access it. This is were I am having trouble. I need to quickly capture that spid # and then query sysprocesses to find out the login name and host name of the spid. Does any one have any idea how I can do this. I need to consider the fact that no one may be onsight when this violation occurs, so I need to automate something to capture the spid and run the query, but I'm stumped. Any help would be appreciated.