Server Audit Specifications

A new Server Audit Specification may be created from Object Explorer using the Security → Server Audit Specifications' context menu → New Server Audit Specification command, which opens the Create Server Audit Specification dialog, as shown in Figure 42.2.

Figure 42.2 Creating a new Server Audit Specification using Management Studio.

Each SQL Server Audit object may have only one Server Audit Specification, but there may be multiple Server Audits running, and each may have a Server Audit Specification.

The new Server Audit Specification can't be created unless it points to an existing SQL Server Audit object and that SQL Server Audit object currently does not have a Server Audit Specification connected to it.

With SQL Server 2012 Server-level audits are now able to be created on all editions of SQL Server.

Adding Actions

The most important part of defining the Server Audit Specification is adding actions to the specification. These actions aren't in a hierarchy like the DDL Triggers events and groups; each action group must be added individually.

Beginning with 2012, SQL Server audit specifications support a user defined audit group. You can use the sp_audit_write stored procedure to record audited events to the audit log. By using user-defined audit events, developers can code their applications to write custom information to the audit log.

The server-related ...