sp_readerrorlog works in charm for version 2005 and above, however it is not in sql server 2000.
As it has different format for parameters. After spent some time, I finally find out how to use it correctly.
eg.
Exec sp_readerrorlog 1,'D:\test.txt' , 'world' # grep all lines having the word
Exec sp_readerrorlog 1,'D:\test.txt' , 3 # read 3rd line
Exec sp_readerrorlog 1,'D:\mediator_dev\MSSQL$MED\LOG\ERRORLOG','Backup'
from
http://www.databasejournal.com/features/mssql/article.php/3399241/SQL-Server-2000-Security---Part-10---Auditing.htm
Login auditing - four option buttons - None, Success, Failure and All - under the "Audit level" heading on the Security tab of the SQL Server Properties dialog box in SQL Server Enterprise Manager control level of SQL Server login audits. These choices correspond to values of 0, 1, 2 and 3 in the AuditLevel entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQLServer\
It seems by default audit level is 0.
References:
http://vyaskn.tripod.com/sp_readerrorlog_undocumented.htm
