Azure SQL Database
An Azure relational database service.
6,326 questions
SQL Auditing Logs Not Reaching Log Analytics or Blob for ppeid-sql-server
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 11%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Robert Wilson
0
Reputation points
Hello Azure Support,
We are experiencing an issue where audit logs from our SQL Server instance are not being delivered to Log Analytics or Blob Storage, despite all diagnostic settings being correctly configured.
🧪 Repro Steps:
- Enabled auditing at both the database and server level
- Created multiple diagnostic settings to forward audit logs to:
- Log Analytics workspace (ppeid-workspace)
- Storage account (ppeidauditstore)
- Confirmed diagnostic settings were saved and active (including Blob and Log Analytics)
- Ran multiple auditable events from SSMS:
- Log Analytics workspace (ppeid-workspace)
sql
CopyEdit
UPDATE Checks SET First_Name = 'TestLogTrigger' WHERE Check_ID = 1;
- Waited up to 40 minutes after each query
❌ Observed Behavior:
- No logs appear in Log Analytics using:
kql
CopyEdit
AzureDiagnostics
| where Category == "SQLSecurityAuditEvents"
| sort by TimeGenerated desc
- No .xel files are present in the Blob Storage containers under:
/ppeid-sql-server/yyyy/mm/dd/
âś… What We Need:
Please confirm:
- Is the audit pipeline active and functional for this subscription and server?
- Is there any misregistration, backend throttling, or permission failure blocking audit log delivery?
- Is there a known delay or outage affecting SQLSecurityAuditEvents or diagnostic forwarding?
We’re happy to provide screenshots, queries, and logs as needed. This setup is intended for production use, so accurate audit telemetry is a top priority.
Thank you for your help!
Sincerely,
Bob Wilson
PPE
Azure SQL Database
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 69%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Sai Raghunadh M 4,640 Reputation points Microsoft External Staff Moderator2025-06-23T20:24:55.72+00:00 Greetings!!
Audit Pipeline Status: The audit pipeline is active and healthy for Azure SQL — there’s no known issue impacting audit log delivery for your region or service tier at this time.
Misregistration, Throttling, or Permission Issues: We’ve seen cases where audit logs fail to deliver due to:
Diagnostic settings not fully saved or attached at both the server and database level
The audit or audit spec being in a DISABLED state
Storage or Log Analytics access permissions not allowing write operations These are worth double-checking — especially the enabled state and permissions.
Delay or Outage: No active outage is reported. However, audit logs can take up to 60–90 minutes to appear in Log Analytics or Blob Storage after an event is triggered. If you’re testing with UPDATE or SELECT statements, be sure to wait a full cycle and check again.
Please go through this Documentation that might help you:
https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview?source=recommendations
If everything appears correctly set up and you’re still seeing no logs, we recommend recreating the diagnostic settings and triggering another test event. Let us know, and we are happy to assist you.
-
Sai Raghunadh M 4,640 Reputation points Microsoft External Staff Moderator
2025-06-24T20:10:44.1166667+00:00 We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
-
Sai Raghunadh M 4,640 Reputation points Microsoft External Staff Moderator
2025-06-25T17:00:00.7133333+00:00 We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Sign in to comment
Sign in to answer