Who is logging in as the sa login in SQL Server?

The native audit level configuration
is a simple configuration that can
help to determine if the sa login is
used in the sql Server instance. What
this configuration does is records all
of the successful (or Failed or both)
logins into a particular sql Server
instance. You will not kNow the host
name,application,etc. However,this
configuration will enable you to
determine if the sa login is being
used in the first place. Once you
have this information,then you can
dig deeper with sql Server Profiler
outlined below.

对于sql Server 2008,有一个new feature “SQL Server Audit”.以下文章解释了如何autid登录,包括示例脚本：SQL Server Audit in SQL Server 2008.