Summary

Extended Events is a powerful, new auditing technology for Windows and SQL Server. By itself Extend Events take a lot of work to use. SQL Audit is a powerful collection of objects, easily configured, that extends and leverages Extended Events and makes it useful today. If your shop runs a version of SQL Server that supports SQL Server Audit, there is no reason to continue with other auditing technologies such as tracing or triggers for compliance and monitoring. SQL Audit is the future and will improve with each new version of SQL Server as is evident with the enhancements in SQL Server 2012.

Major highlights of this chapter include the following:

• Each instance may have multiple SQL Audits — collection buckets for audit data that can write to an audit file, application log, or security event log.
• Each SQL Audit can have one Server Database Specification and one Database Audit Specification per database writing to that SQL Audit. Each Server or Database Audit Specification may have multiple events or actions that it's auditing.
• Database Audit Specifications can audit DML statements: select, insert, update, and delete. In addition, the audit details include user context information.

This part covers another new monitoring technology targeted at enterprise servers. SQL Audit is a strategic tool, both for Microsoft and the IT shops that adopt it.