In Microsoft® SQL Server™ 2000, use the c2 audit mode option to review both successful and unsuccessful attempts to access statements and objects. With this information, you can document system activity and look for security policy violations.
C2 auditing tracks C2 audit events and records them to a file in the \mssql\data directory for default instances of SQL Server 2000, or the \mssql$instancename\data directory for named instances of SQL Server 2000. If the file reaches a size limit of 200 megabytes (MB), C2 auditing will start a new file, close the old file, and write all new audit records to the new file. This process will continue until SQL Server is shut down or auditing is turned off.
Before enabling and disabling C2 auditing, consider the following:
Alternatively, you can restart the instance with the –f flag, which will bypass all auditing. This is useful if you want to disable auditing until you can free up additional disk space or in an emergency situation where you do not have enough disk space to allocate the 200 MB audit file.
To enable C2 auditing, set the c2 audit mode option to 1. This setting establishes the C2 audit trace and turns on the option to fail the server should the server be unable to write to the audit file for any reason. After setting the option to 1, restart the server to begin C2 audit tracing. To stop C2 audit tracing, set c2 audit mode to 0.
Important If all audit counters are turned on for all objects, there could be a significant performance impact on the server.