Share via

Auditing Azure SQL Azure

Fernando Gutierrez 305 Reputation points
2025-03-25T15:21:45.9666667+00:00

Hello!

I need to start configuring auditing for some SQL databases in Azure.

Before starting, I'd like to clear up some questions I have.

  1. What's the difference between enabling auditing at the SQL Server level or at the Database level?
  2. What's the difference between enabling Storage or Log Analytics? If both are enabled, are the data, information, and other items stored in both locations? Why is the cost double?
  3. If I want to enable auditing for only some databases within a SQL Server and NOT all, do I have to enable auditing at the Database level and NOT at the SQL Server level?

Thank you!

SQL Server Analysis Services
SQL Server Analysis Services
A Microsoft online analytical data engine used in decision support and business analytics, providing the analytical data for business reports and client applications such as Power BI, Excel, Reporting Services reports, and other data visualization tools.
1,344 questions
Accepted answer
  1. Marcin Policht 49,640 Reputation points MVP Volunteer Moderator
    2025-03-25T15:26:40.6133333+00:00

    1. SQL Server-Level vs. database-level auditing

    • Server-Level Auditing: Enables auditing for all databases under the SQL Server. If enabled, new databases inherit the auditing settings automatically.
    • Database-Level Auditing: Enables auditing only for specific databases without affecting others. This is useful when you want to audit some databases but not all.

    If you enable both, database-level settings override server-level settings for that specific database.

    2. Storage vs. Log Analytics (differences & costs)

    • Azure Storage: Stores raw audit logs in blob storage, file storage, or table storage. Best for long-term retention and compliance.
    • Log Analytics (via Azure Monitor): Stores logs in Azure Monitor Log Analytics, allowing advanced querying, visualization, and integration with monitoring tools like Sentinel.

    If both are enabled, is data stored in both?
    Yes, audited events are stored in both locations simultaneously, leading to double costs—you pay for storage usage + Log Analytics ingestion & retention costs.

    3. Enabling auditing for some databases only
    Yes, to audit only specific databases, enable auditing at the database level, not at the server level. If you enable it at the server level, it applies to all databases unless overridden at the database level.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.