az sql server audit-policy
Manage a server's auditing policy.
Commands
Name | Description | Type | Status |
---|---|---|---|
az sql server audit-policy show |
Show server audit policy. |
Core | GA |
az sql server audit-policy update |
Update a server's auditing policy. |
Core | GA |
az sql server audit-policy wait |
Place the CLI in a waiting state until a condition of the server's audit policy is met. |
Core | GA |
az sql server audit-policy show
Show server audit policy.
az sql server audit-policy show [--ids]
[--name]
[--resource-group]
[--subscription]
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>
.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az sql server audit-policy update
Update a server's auditing policy.
If the policy is being enabled, --storage-account
or both --storage-endpoint
and --storage-key
must be specified.
az sql server audit-policy update [--actions]
[--add]
[--blob-storage-target-state {Disabled, Enabled}]
[--eh]
[--ehari]
[--ehts {Disabled, Enabled}]
[--force-string]
[--ids]
[--lats {Disabled, Enabled}]
[--lawri]
[--name]
[--no-wait]
[--remove]
[--resource-group]
[--retention-days]
[--set]
[--state {Disabled, Enabled}]
[--storage-account]
[--storage-endpoint]
[--storage-key]
[--subscription]
Examples
Enable by storage account name.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--bsts Enabled --storage-account mystorage
Enable by storage endpoint and key.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--bsts Enabled --storage-endpoint https://mystorage.blob.core.windows.net \
--storage-key MYKEY==
Set the list of audit actions.
az sql server audit-policy update -g mygroup -n myserver \
--actions FAILED_DATABASE_AUTHENTICATION_GROUP 'UPDATE on server::myserver by public'
Disable an auditing policy.
az sql server audit-policy update -g mygroup -n myserver --state Disabled
Disable a blob storage auditing policy.
az sql server audit-policy update -g mygroup -n myserver --bsts Disabled
Enable a log analytics auditing policy.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--lats Enabled --lawri myworkspaceresourceid
Disable a log analytics auditing policy.
az sql server audit-policy update -g mygroup -n myserver
--lats Disabled
Enable an event hub auditing policy.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleid \
--event-hub eventhubname
Enable an event hub auditing policy for default event hub.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleid
Disable an event hub auditing policy.
az sql server audit-policy update -g mygroup -n myserver
--event-hub-target-state Disabled
Optional Parameters
List of actions and action groups to audit.These are space seperated values.Example: --actions FAILED_DATABASE_AUTHENTICATION_GROUP BATCH_COMPLETED_GROUP.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>
.
Indicate whether blob storage is a destination for audit records.
The name of the event hub. If none is specified when providing event_hub_authorization_rule_id, the default event hub will be selected.
The resource Id for the event hub authorization rule.
Indicate whether event hub is a destination for audit records.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Indicate whether log analytics is a destination for audit records.
The workspace ID (resource ID of a Log Analytics workspace) for a Log Analytics workspace to which you would like to send Audit Logs.
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>
.
Do not wait for the long-running operation to finish.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove>
OR --remove propertyToRemove
.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The number of days to retain audit logs.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>
.
Auditing policy state.
Name of the storage account.
The storage account endpoint.
Access key for the storage account.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az sql server audit-policy wait
Place the CLI in a waiting state until a condition of the server's audit policy is met.
az sql server audit-policy wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]
Examples
Place the CLI in a waiting state until it determines that server's audit policy exists
az sql server audit-policy wait -g mygroup -n myserver --exists
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>
.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI