SQL Server 2008 Audit allows auditing of a number of things including select/insert/update/delete. It is working properly for capturing these events to the Windows Application or event log but it is only capturing Audit Success. I have a requirement to capture audit failures too such as a select of a table that does not exist or where the user does not have access. I think it may be an option in the audit policy but not sure how to set it.

Here is an example entry:

Date1/9/2012 6:51:27 PM

LogAudit Collection (Audit-20120109-115026)

Event Time 18:51:27.9823720

Server Instance Name<name here>

Action IDSELECT

Class TypeTABLE

Sequence Number1

SucceededTrue

Permission Bit Mask0x0000000000000001

Column PermissionTrue

Session ID61

Server Principal ID259

Database Principal ID1

Target Server Principal ID0

Target Database Principal ID0

Object ID530100929

Session Server Principal Name<user name>

Server Principal Name<user name>

Server Principal SID<id>

Database Principal Namedbo

Target Server Principal Name

Target Server Principal SIDNULL

Target Database Principal Name

Database NameDBA_Maintenance

Schema Namedbo

Object Nametest

Statementselect * FROM [DBA_Maintenance].[dbo].[test]

Additional Information

File NameD:\dba\Audit-20120109-115026_xxx.sqlaudit

File Offset6144

User Defined Event ID0

User Defined Information

Message