At the server level, I want to audit privileged users for certain DDL, Security changes, failed logins, etc. At the same time, how can I audit ALL failed logins on the server from any other login? I don't want to audit every other login for DDL, security changes, etc.
On the Server level you have two different options. You can set up auditing for the privileged users and you can set up the general "Audited Activities".
So, on the Audited Activities tab you would set it up to look for "Failed Logins".
On the Privileged Users tab, after adding your priviliged users you can add in the checks for DDL, Security, Failed Logins, etc.
I actually have mine set up that way and it is only working for Privileged Users. According to your support, that is by design??? It doesn't make any sense to me. Support said that if anyone is put in the privileged users it will only audit the privileged users.
I forgot that there is a known issue with Login/Failed Login when it is enabled in both places. That will be remedied in the 5.6 version of the product which will hopefully release early next year.