| title | sys.server_file_audits (Transact-SQL) | ||||
|---|---|---|---|---|---|
| description | sys.server_file_audits contains extended information about the file audit type in a SQL Server audit on a server instance. | ||||
| author | sravanisaluru | ||||
| ms.author | srsaluru | ||||
| ms.reviewer | randolphwest | ||||
| ms.date | 04/23/2026 | ||||
| ms.service | sql | ||||
| ms.subservice | system-objects | ||||
| ms.topic | reference | ||||
| f1_keywords |
|
||||
| helpviewer_keywords |
|
||||
| dev_langs |
|
[!INCLUDE sql-asdbmi]
Contains extended information about the file audit type in a [!INCLUDE ssNoVersion] audit on a server instance. For more information, see SQL Server Audit (Database Engine).
| Column name | Data type | Nullable | Description |
|---|---|---|---|
audit_id |
int | No | ID of the audit. |
name |
sysname | No | Name of the audit. |
audit_guid |
uniqueidentifier | Yes | GUID of the audit. |
create_date |
datetime | No | UTC date when the file audit was created. |
modify_date |
datetime | No | UTC date when the file audit was last modified. |
principal_id |
int | Yes | ID of the owner of the audit as registered on the server. |
type |
char(2) | No | Audit type: - SL = Windows Security event log- AL = Windows Application event log- FL = File on file system |
type_desc |
nvarchar(60) | Yes | Audit type description. |
on_failure |
tinyint | Yes | On failure condition: - 0 = Continue- 1 = Shut down server instance- 2 = Fail operation |
on_failure_desc |
nvarchar(60) | Yes | On failure to write an action entry: - CONTINUE- SHUTDOWN SERVER INSTANCE- FAIL OPERATION |
is_state_enabled |
bit | Yes | - 0 = Disabled- 1 = Enabled |
queue_delay |
int | Yes | Suggested maximum time, in milliseconds, to wait before writing to disk. If 0, the audit guarantees a write before the event can continue. |
predicate |
nvarchar(3000) | Yes | Predicate expression that is applied to the event. |
max_file_size |
bigint | Yes | Maximum size, in megabytes, of the audit: - 0 = Unlimited/Not applicable to the type of audit selected. |
max_rollover_files |
int | Yes | Maximum number of files to use with the rollover option. |
max_files |
int | Yes | Maximum number of files to use without the rollover option. |
reserve_disk_space |
bit | Yes | Amount of disk space to reserve per file. |
log_file_path |
nvarchar(260) | Yes | Path to where audit is located. File path for file audit, application log path for application log audit. |
log_file_name |
nvarchar(260) | Yes | Base name for the log file supplied in the CREATE AUDIT DDL. An incremental number is added to the base_log_name file as a suffix to create the log file name. |
retention_days |
int | Yes | Lifetime in days of the audit log file. - 0 = Unlimited.Applies to: [!INCLUDE ssazure-sqldb] and [!INCLUDE ssazuremi-md]. |
Principals with the ALTER ANY SERVER AUDIT or VIEW ANY DEFINITION permission can access this catalog view. In addition, the principal can't be denied VIEW ANY DEFINITION permission.
[!INCLUDE ssCatViewPerm] For more information, see Metadata visibility configuration.
- CREATE SERVER AUDIT
- ALTER SERVER AUDIT
- DROP SERVER AUDIT
- CREATE SERVER AUDIT SPECIFICATION
- ALTER SERVER AUDIT SPECIFICATION
- DROP SERVER AUDIT SPECIFICATION
- CREATE DATABASE AUDIT SPECIFICATION
- ALTER DATABASE AUDIT SPECIFICATION
- DROP DATABASE AUDIT SPECIFICATION
- ALTER AUTHORIZATION
- Create a Server Audit and Server Audit Specification
- sys.fn_get_audit_file (Transact-SQL)
- sys.server_audits (Transact-SQL)
- sys.server_file_audits (Transact-SQL)
- sys.server_audit_specifications (Transact-SQL)
- sys.database_audit_specifications (Transact-SQL)
- sys.database_audit_specification_details (Transact-SQL)
- sys.dm_server_audit_status (Transact-SQL)
- sys.dm_audit_actions (Transact-SQL)
- sys.dm_audit_class_type_map (Transact-SQL)