It would be really nice to backport SQL Server 2012 capability to filter-out unwanted combinations of audit events, to SQL Server 2008 R2.
Many of our customers will wait several maintenance cycles to adopt SQL 2012 due to various reasons, and they'll probably stay on SQL 2008 R2 for several years.
And due to increasing legislation requirements, they demand us a flexible and performance-wise tool to comply auditing requirements.
I struggled and cannot find a way to exclude from the provided SQL 2008 R2 LOGIN/LOGOUT , the logon/logoff activity related to Connection Pooling. In a production environment, the volume of audit files due solely to this (purely internal) events forces us to don't recommend customers to activate this action group. And as a consequence, we can't properly audit the source of the user connections, as the login events records that information in the extended info field.
Auditing logon/logoff via SQL Audit is a must, but as said, due to the inability to filter out that kind of internal connections, that action group seems useless.
Please, do try to backport SQL Server 2012 selective audit filtering to SQL 2008 R2.