Configure and access Azure Database for MariaDB audit logs in the Azure CLI

You can configure the Azure Database for MariaDB audit logs from the Azure CLI.

If you don't have an Azure subscription, create an Azure free account before you begin.

Prerequisites

To complete this guide:

  • This article requires version 2.0 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.

Configure audit logging

Important

It is recommended to only log the event types and users required for your auditing purposes to ensure your server's performance is not heavily impacted.

Enable and configure audit logging using the following steps:

  1. Turn on audit logs by setting the audit_logs_enabled parameter to "ON".

    az mariadb server configuration set --name audit_log_enabled --resource-group myresourcegroup --server mydemoserver --value ON
    
  2. Select the event types to be logged by updating the audit_log_events parameter.

    az mariadb server configuration set --name audit_log_events --resource-group myresourcegroup --server mydemoserver --value "ADMIN,CONNECTION"
    
  3. Add any MariaDB users to be excluded from logging by updating the audit_log_exclude_users parameter. Specify users by providing their MariaDB user name.

    az mariadb server configuration set --name audit_log_exclude_users --resource-group myresourcegroup --server mydemoserver --value "azure_superuser"
    
  4. Add any specific MariaDB users to be included for logging by updating the audit_log_include_users parameter. Specify users by providing their MariaDB user name.

    az mariadb server configuration set --name audit_log_include_users --resource-group myresourcegroup --server mydemoserver --value "sampleuser"
    

Next steps

  • Learn more about audit logs in Azure Database for MariaDB
  • Learn how to configure audit logs in the Azure portal