To create a new SQL Server Audit object:(MSSMS)

1. Expand Security and right-click Audits

2. Select New Audit

3. Write name of the Audit to identify,

select Audit destination (whether to store the audit data in an application security event
log, event log or a file.) indicate a location for the audit fileClick OK (audit object
will be created and appear in the Audits node of the Object Explorer)

1
4. By default, the newly created audit object is disabled. The disabled status is indicated by
a red x. to enable the Audit

Right-click on the Audit object  select Enable Audit

5. To apply the audit activity on an entire SQL Server instance

Expand Security and right-click Server Audit Specification

2
To apply the audit activity to a specific database

expand the node of the database to audit Security, right-click Database Audit
Specifications select New Database Audit Specification

6. In the Create Database Audit Specification dialog, indicate the specification name,
associate the specification with the audit object created in the previous step,
7. Specify the activity to audit in the Audit Action Type(all actions that can be audited using
SQL Server Auditing are listed) indicate the database, object, or schema as an Object
Class, the name of the audited object, and principal Name

3
 8. Database audit specifications are disabled, by default. To enable them, select this option
in the context menu

9. When the time comes to see the audit log

Expand Security Expand Audits Right Click the Audit log …View Audit Logs

4
Using T-SQL
To create an Audit Object
CREATE SERVER AUDIT Sample_Audit
TO FILE ( FILEPATH ='E:\Audittest\' );
To Enable Audit
ALTER SERVER AUDIT Sample_Audit
WITH (STATE = ON);
GO
To Create Audit Specification
USE STUDENTGRADE
CREATE DATABASE AUDIT SPECIFICATION [ Sample
DatabaseAuditSpecification]
FOR SERVER AUDIT [Sample_Audit]
ADD (DATABASE_OBJECT_ACCESS_GROUP),
ADD (DATABASE_OBJECT_CHANGE_GROUP),
ADD (DELETE ON DATABASE::[STUDENTGRADE] BY [dbo]),
ADD (INSERT ON DATABASE::[STUDENTGRADE] BY [dbo]),
ADD (SELECT ON DATABASE::[STUDENTGRADE] BY [dbo]),
ADD (UPDATE ON DATABASE::[STUDENTGRADE] BY [dbo])
WITH (STATE = OFF)
GO
To enable Audit specification
USE STUDENTGRADE
ALTER DATABASE AUDIT SPECIFICATION SampleDatabaseAuditSpecification
FOR SERVER AUDIT [Sample_Audit]
WITH (STATE = ON);
GO

5
Use fn_get_audit_file to view the audit log

SELECT event_time,action_id, statement, database_name, server_principal_name

FROM fn_get_audit_file( 'E:\Audittest\Sample_Audit.sqlaudit' , DEFAULT , DEFAULT);

Note

 The audit report for example for data deletion event include user who made the deletion,
and when the deletion was made are but not the actual deleted data which is a
disadvantage for users who need more comprehensive audit data.
 It is difficult to manage multiple instances and consolidate the audit data and there is a lot
of work involved in managing, analyzing and archiving audit data, whether in a file or
log, and necessitates manual effort for importing, archiving and reporting.