I have in place a Server audit that collects logins.
Every 5 minutes I import that data into a table in another instace where I build and send by email a small report. That's fine but i need to set up a new filter.
The request is to filter out logins that are member of the db_datareader role only (in a couple of user databases).
But I can't find any way to filter server audit this way during audit event.I can filter later, based on the current database role membership, but I think that's too late. Things may have changed in the meantime and we don't want to lose that info.
Can you please suggest how to handle this situation or an alternate tecnology to capture logins with such a level of details?