az sql db audit-policy
Manage a database's auditing policy.
Commands
Name | Description | Type | Status |
---|---|---|---|
az sql db audit-policy show |
Show database audit policy. |
Core | GA |
az sql db audit-policy update |
Update a database's auditing policy. |
Core | GA |
az sql db audit-policy wait |
Place the CLI in a waiting state until a condition of the database's audit policy is met. |
Core | GA |
az sql db audit-policy show
Show database audit policy.
az sql db audit-policy show [--ids]
[--name]
[--resource-group]
[--server]
[--subscription]
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the Azure SQL Database.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az sql db audit-policy update
Update a database's auditing policy.
If the policy is being enabled, --storage-account
or both --storage-endpoint
and --storage-key
must be specified.
az sql db audit-policy update [--actions]
[--add]
[--blob-storage-target-state {Disabled, Enabled}]
[--eh]
[--ehari]
[--ehts {Disabled, Enabled}]
[--force-string]
[--ids]
[--lats {Disabled, Enabled}]
[--lawri]
[--name]
[--remove]
[--resource-group]
[--retention-days]
[--server]
[--set]
[--state {Disabled, Enabled}]
[--storage-account]
[--storage-endpoint]
[--storage-key]
[--subscription]
Examples
Enable by storage account name.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled \
--bsts Enabled --storage-account mystorage
Enable by storage endpoint and key.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled \
--bsts Enabled --storage-endpoint https://mystorage.blob.core.windows.net \
--storage-key MYKEY==
Set the list of audit actions.
az sql db audit-policy update -g mygroup -s myserver -n mydb \
--actions FAILED_DATABASE_AUTHENTICATION_GROUP 'UPDATE on database::mydb by public'
Disable an auditing policy.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Disabled
Disable a blob storage auditing policy.
az sql db audit-policy update -g mygroup -s myserver -n mydb --bsts Disabled
Enable a log analytics auditing policy.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled \
--lats Enabled --lawri myworkspaceresourceid
Disable a log analytics auditing policy.
az sql db audit-policy update -g mygroup -s myserver -n mydb
--lats Disabled
Enable an event hub auditing policy.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled \
--event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleid \
--event-hub eventhubname
Enable an event hub auditing policy for default event hub.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled \
--event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleid
Disable an event hub auditing policy.
az sql db audit-policy update -g mygroup -s myserver -n mydb
--event-hub-target-state Disabled
Optional Parameters
List of actions and action groups to audit.These are space seperated values.Example: --actions FAILED_DATABASE_AUTHENTICATION_GROUP BATCH_COMPLETED_GROUP.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>
.
Indicate whether blob storage is a destination for audit records.
The name of the event hub. If none is specified when providing event_hub_authorization_rule_id, the default event hub will be selected.
The resource Id for the event hub authorization rule.
Indicate whether event hub is a destination for audit records.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Indicate whether log analytics is a destination for audit records.
The workspace ID (resource ID of a Log Analytics workspace) for a Log Analytics workspace to which you would like to send Audit Logs.
Name of the Azure SQL Database.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove>
OR --remove propertyToRemove
.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The number of days to retain audit logs.
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>
.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>
.
Auditing policy state.
Name of the storage account.
The storage account endpoint.
Access key for the storage account.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az sql db audit-policy wait
Place the CLI in a waiting state until a condition of the database's audit policy is met.
az sql db audit-policy wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--server]
[--subscription]
[--timeout]
[--updated]
Examples
Place the CLI in a waiting state until it determines that database's audit policy exists
az sql db audit-policy wait -g mygroup -s myserver -n mydb --exists
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of the Azure SQL Database.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI