I have written few posts on SQL Server Auditing and they are written based on either Windows Event Log or File as the target of the Audit;
There is another option that can be set for the target which is Windows Security Event Log which is the most secured place for placing audit info. But, it cannot be set as simple as other targets, it needs some extra steps.
If I have created an Audit like below;
and try to enable;
I get this error. Reason for this is, for setting the target as Windows Security Log, SQL Server Service Account has to be a member of Generate Security Audit Policy. For that, open Local Security Policy and add SQL Server Service Account to Generate Security Audit Policy.
You may need to restart the SQL Server before trying with enabling the Audit created. Once done, you will be successfully enable the Audit.