启用与 SQL MI 数据库删除操作相关的日志记录。

huangapple go评论55阅读模式
英文:

Enable SQL MI logs related database drop/delete activity

问题

我们有一个Azure SQL MI,上面有许多数据库。我们需要通过诊断设置启用SQL MI的审计日志,并通过在MI上执行查询并将这些日志发送到事件中心来启用日志。我们能够获取日志(选择、执行),但无法看到与数据库删除活动相关的日志。

我正在使用此博客(https://docs.imperva.com/en-US/bundle/cloud-data-security/page/78051.htm)来启用Azure SQL MI中的审计日志,我是否漏掉了任何步骤?

此外,我们需要查看/可视化发送到事件中心的数据/请求。

英文:

We have an Azure SQL MI having number of databases on it . We have to enable audit logs of SQL MI from diagnostic settings and also enabled logs by executing queries on MI and sending those logs to event hub. We are getting up logs (select, Execute) but not able to see the logs related to database drop/delete activity

the blog (https://docs.imperva.com/en-US/bundle/cloud-data-security/page/78051.htm) I am using the for enabling audit log in Azure SQL MI, what I am missing any step
plus we need to see/visualize the data/request that are coming to eventHub.

答案1

得分: 0

创建一个新的警报,可以使用门户或Azure CLI。

  • 导航到[监视警报]>>选择新的警报规则>>在范围下,点击选择资源>>选择订阅并点击完成>>在条件下,点击选择条件>>“创建/更新服务器防火墙规则”>>选择完成>>在操作组下,点击选择操作组>>选择要附加到警报规则的所需操作组,或者如果需要,创建一个,然后点击选择>>输入警报规则名称和描述>>选择资源组>>点击创建警报规则。

  • 参考来源:Fugue

az monitor activity-log alert create --name createUpdateSQLServerFirewallRule \
   --resource-group <resource_group_name> \
   --condition category="Administrative" and \
   operationName="Microsoft.Sql/servers/firewallRules/write" \
   --scope "/subscriptions/<subscription_id>" \
   --action-group <action_group>
  • 对于数据库的删除,请参考此链接
az monitor activity-log alert create --name cc-delete-sql-database-alert --description "Alert triggered by Delete Azure SQL Database events" --resource-group Default-ActivityLogAlerts --action-group "/subscriptions/1234abcd-1234-abcd1234abcd1234abcd/resourcegroups/defaultactivitylogalerts/providers/microsoft.insights/actiongroups/cloudconformity%20action%20group" --condition category=Administrative and operationName=Microsoft.Sql/servers/databases/delete
  • 对于SQL服务器的删除:

启用与 SQL MI 数据库删除操作相关的日志记录。

英文:

Create a new alert using portal or Azurecli

  • Navigate to [Monitor Alerts]>>Select New alert rule>> Under Scope, click Select Resource>> subscription and click Done>> Under Condition, click Select Condition>>“Create/Update server firewall rule” >> Select Done >> Under Action group, click Select action group >> Select the desired action group to attach to the alert rule, or create one if needed, and click Select >> Enter an alert rule name and description >>Select a resource group>>Click Create alert rule.

启用与 SQL MI 数据库删除操作相关的日志记录。

  • Reference taken from Fugue.

    az monitor activity-log alert create --name createUpdateSQLServerFirewallRule \ --resource-group <resource_group_name> \ --condition category="Administrative" and \ operationName="Microsoft.Sql/servers/firewallRules/write" \ --scope "/subscriptions/<subscription_id>" \ --action-group <action_group>

  • For database, deletion refer this.

    az monitor activity-log alert create--name cc-delete-sql-database-alert--description "Alert triggered by Delete Azure SQL Database events"--resource-group Default-ActivityLogAlerts--action-group "/subscriptions/1234abcd-1234-abcd1234abcd1234abcd/resourcegroups/defaultactivitylogalerts/providers/microsoft.insights/actiongroups/cloudconformity%20action%20group" --condition category=Administrative andoperationName=Microsoft.Sql/servers/databases/delete

  • For SQL server Deletion:

启用与 SQL MI 数据库删除操作相关的日志记录。

huangapple
  • 本文由 发表于 2023年7月6日 17:13:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/76627263.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定