We can get MSSQL Audit logs under EventViewer - Windows Logs - Application directory. In this document, printing sql audit logs under the application will be explained.
First, enter Mssql Management Studio. The audit file is created under the Security - Audit directory, first Disabled and then entered in the properties.
You should do the configuration as above. Then close the window by saying OK and activate the audit file, we can open EventViewer when we see that we have received Success in the notification window.
You will see all the logs written under Logsign Audit under Application. ( Select, Delete, Create , Login auth etc.).
Then you can continue with WMI Integration to get Application file logs from the EventViewer.
For WMI Integration and user authorization, please follow the document below;
After integration has been done with WMI , you'll see the MSSQL Logs in the search screen.
Note: Instead of Wmi Integration, Nxlog can also be used as an alternative integration method.