英文:
Enable SQL MI logs related database drop/delete activity
问题
我们有一个Azure SQL MI,上面有许多数据库。我们需要通过诊断设置启用SQL MI的审计日志,并通过在MI上执行查询并将这些日志发送到事件中心来启用日志。我们能够获取日志(选择、执行),但无法看到与数据库删除活动相关的日志。
我正在使用此博客(https://docs.imperva.com/en-US/bundle/cloud-data-security/page/78051.htm)来启用Azure SQL MI中的审计日志,我是否漏掉了任何步骤?
此外,我们需要查看/可视化发送到事件中心的数据/请求。
英文:
We have an Azure SQL MI having number of databases on it . We have to enable audit logs of SQL MI from diagnostic settings and also enabled logs by executing queries on MI and sending those logs to event hub. We are getting up logs (select, Execute) but not able to see the logs related to database drop/delete activity
the blog (https://docs.imperva.com/en-US/bundle/cloud-data-security/page/78051.htm) I am using the for enabling audit log in Azure SQL MI, what I am missing any step
plus we need to see/visualize the data/request that are coming to eventHub.
答案1
得分: 0
创建一个新的警报,可以使用门户或Azure CLI。
-
导航到[监视警报]>>选择新的警报规则>>在范围下,点击选择资源>>选择订阅并点击完成>>在条件下,点击选择条件>>“创建/更新服务器防火墙规则”>>选择完成>>在操作组下,点击选择操作组>>选择要附加到警报规则的所需操作组,或者如果需要,创建一个,然后点击选择>>输入警报规则名称和描述>>选择资源组>>点击创建警报规则。
-
参考来源:Fugue。
az monitor activity-log alert create --name createUpdateSQLServerFirewallRule \
--resource-group <resource_group_name> \
--condition category="Administrative" and \
operationName="Microsoft.Sql/servers/firewallRules/write" \
--scope "/subscriptions/<subscription_id>" \
--action-group <action_group>
- 对于数据库的删除,请参考此链接。
az monitor activity-log alert create --name cc-delete-sql-database-alert --description "Alert triggered by Delete Azure SQL Database events" --resource-group Default-ActivityLogAlerts --action-group "/subscriptions/1234abcd-1234-abcd1234abcd1234abcd/resourcegroups/defaultactivitylogalerts/providers/microsoft.insights/actiongroups/cloudconformity%20action%20group" --condition category=Administrative and operationName=Microsoft.Sql/servers/databases/delete
- 对于SQL服务器的删除:
英文:
Create a new alert using portal or Azurecli
- Navigate to [Monitor Alerts]>>Select New alert rule>> Under Scope, click Select Resource>> subscription and click Done>> Under Condition, click Select Condition>>“Create/Update server firewall rule” >> Select Done >> Under Action group, click Select action group >> Select the desired action group to attach to the alert rule, or create one if needed, and click Select >> Enter an alert rule name and description >>Select a resource group>>Click Create alert rule.
-
Reference taken from Fugue.
az monitor activity-log alert create --name createUpdateSQLServerFirewallRule \ --resource-group <resource_group_name> \ --condition category="Administrative" and \ operationName="Microsoft.Sql/servers/firewallRules/write" \ --scope "/subscriptions/<subscription_id>" \ --action-group <action_group>
-
For database, deletion refer this.
az monitor activity-log alert create--name cc-delete-sql-database-alert--description "Alert triggered by Delete Azure SQL Database events"--resource-group Default-ActivityLogAlerts--action-group "/subscriptions/1234abcd-1234-abcd1234abcd1234abcd/resourcegroups/defaultactivitylogalerts/providers/microsoft.insights/actiongroups/cloudconformity%20action%20group" --condition category=Administrative andoperationName=Microsoft.Sql/servers/databases/delete
-
For SQL server Deletion:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论