DOCS-4308 DOCS-4433 reverts the reverted auditing changes

Conflicts:
	source/includes/options-mongod.yaml
	source/reference/audit-message.txt
	source/tutorial/configure-auditing.txt

Author: kay-kim

source/core/auditing.txt

@@ -13,29 +13,27 @@ MongoDB Enterprise includes an auditing capability for
 facility allows administrators and users to track system activity for
 deployments with multiple users and applications. The auditing facility
 can write audit events to the console, the :term:`syslog`, a JSON file,
-or a BSON file. For details on the audit log messages, see
-:doc:`/reference/audit-message`.
+or a BSON file.
 
 Audit Events and Filter
 -----------------------
 
-The auditing system can record the following operations:
+To enable auditing for MongoDB Enterprise, see
+:doc:`/tutorial/configure-auditing`.
+
+Once enabled, the auditing system can record the following operations:
 
 - schema (DDL),
 - replica set,
 - authentication and authorization, and
 - general operations.
 
-See :ref:`audit-action-details-results` for the specific actions
-recorded.
+For details on the audit log messages, see
+:doc:`/reference/audit-message`.
 
 By default, the auditing system records all these operations; however,
-you can configure the :option:`--auditFilter` option to restrict the
-events captured.
-
-See :doc:`/tutorial/configure-auditing` to enable and configure
-auditing for MongoDB Enterprise. To set up filters, see
-:ref:`audit-filter`.
+you can :ref:`set up filters <audit-filter>` to restrict the events
+captured. To set up filters, see :ref:`audit-filter`.
 
 Audit Guarantee
 ---------------

source/includes/fact-audit-filter-single-quotes.rst

@@ -0,0 +1,2 @@
+To specify an audit filter, enclose the filter document in single
+quotes to pass the document as a string.

source/includes/fact-audit-filter-yaml-configuration.rst

@@ -0,0 +1,3 @@
+To specify the audit filter in a :doc:`configuration file
+</reference/configuration-options>`, you must use the YAML format of
+the configuration file.

source/includes/options-mongod.yaml

@@ -1451,12 +1451,17 @@ description: |
 
   .. code-block:: javascript
 
-     { atype: <expression> }
+     { <field1>: <expression1>, ... }
 
-  For authentication operations, the option can also take a document of
-  the form:
+  The ``<field>`` can be :doc:`any field in the audit message
+  </reference/audit-message>`, including fields returned in the
+  :ref:`param <audit-action-details-results>` document. The
+  ``<expression>`` is a :ref:`query condition expression
+  <query-selectors>`.
 
-  .. code-block:: javascript
+  .. include:: /includes/fact-audit-filter-single-quotes.rst
+
+  .. include:: /includes/fact-audit-filter-yaml-configuration.rst
 
     { atype: <expression>, "param.db": <database> }