Today we continue our series on Auditing with some clarifications.  An audit is essentially the combination of several elements.  This concept took a day or two to wrap around my brain so I thought I would discuss our way through it.

1. The Audit Object is collected on either the server or database level.  This covers actions as well as groups of actions.
2. The Audit Specification is an object that belongs to an audit.  This is a one-to-one relationship between audit object and audit specification.  Both items are created at the instance level.  The audit specification can collect many server-level or database-level action groups which are raised through extended events. You can have many groups within a specification.  In addition, the audit specification is either a database or server specification and it cannot be both.
3. The Audit Action Group is a predefined group of actions within the database engine itself.  (See the MSDN list of Action Groups and Actions)
4. The Target is essentially where the audit results are sent to, which we have already discussed as a file, the Application Log or the Security Log.

I hope this clarifies some points before we move forward.  Enjoy and stay tuned.