question

HI Not used [this][1] option before, but it looks like it can do the trick. In the past I have used manageengine as it was a enterprise requirement to audit the all servers. [1]: http://www.mssqltips.com/sqlservertip/1915/how-to-automatically-monitor-windows-event-log-from-sql-server/

Ok. There is a PoSH option. You can use the [PoSH guru's][1] method to perform this. Create a table to host the values. SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO SET ANSI_PADDING ON GO CREATE TABLE [dbo].[EventViewer]( [Index] [int] NULL, [Time] [datetime] NULL, [EntryType] [varchar](MAX) NULL, [Source] [varchar](MAX) NULL, [InstanceID] [varchar](MAX) NULL, [Message] [varchar](MAX) NULL ) ON [PRIMARY] GO SET ANSI_PADDING OFF GO You should be able to then execute the PoSH script (assuming you have access to the server, you have AUDITING turned on and the relevant modules loaded) $ServerEvents = 'SERVER1' $DBServer = 'DBAServer' $DB = 'DBA' $variable = ( Get-EventLog -ComputerName $ServerEvents -LogName Security -After “11-04-2014“ | where eventid -EQ "528" | select index,TimeGenerated,EntryType,Source,InstanceID,Message); $valuedatatable = Out-DataTable -InputObject $variable ; Write-DataTable -ServerInstance $DBServer -Database $DB -TableName EventViewer -Data $valuedatatable I have changed the code that Laerte uses to include only the Successful logon event. It would also be a good idea to read the blog as he also describes now to enumerate multiple servers NOTE: Code is "as is" and no warranty is provided. Please test in a non-production evironment first. [1]: https://www.simple-talk.com/blogs/2011/08/31/storing-windows-event-viewer-output-in-a-sql-server-table-with-powershell/

Refer to this for auditing for Windows 2008 and later http://social.technet.microsoft.com/Forums/windowsserver/en-US/216c7ee3-2cf2-4a1a-a1d9-23a79853ef7c/audit-logon-events-for-windows-2008?forum=winservergen