SQL Server 2008 Audit allows auditing of a number of things including select/insert/update/delete. It is working properly for capturing these events to the Windows Application or event log but it is only capturing Audit Success. I have a requirement to capture audit failures too such as a select of a table that does not exist or where the user does not have access. I think it may be an option in the audit policy but not sure how to set it.
Here is an example entry:
Date1/9/2012 6:51:27 PM
LogAudit Collection (Audit-20120109-115026)
Event Time 18:51:27.9823720
Server Instance Name<name here>
Action IDSELECT
Class TypeTABLE
Sequence Number1
SucceededTrue
Permission Bit Mask0x0000000000000001
Column PermissionTrue
Session ID61
Server Principal ID259
Database Principal ID1
Target Server Principal ID0
Target Database Principal ID0
Object ID530100929
Session Server Principal Name<user name>
Server Principal Name<user name>
Server Principal SID<id>
Database Principal Namedbo
Target Server Principal Name
Target Server Principal SIDNULL
Target Database Principal Name
Database NameDBA_Maintenance
Schema Namedbo
Object Nametest
Statementselect * FROM [DBA_Maintenance].[dbo].[test]
Additional Information
File NameD:\dba\Audit-20120109-115026_xxx.sqlaudit
File Offset6144
User Defined Event ID0
User Defined Information
Message