你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Set-AzSqlServerAudit
更改 Azure SQL Server 的审核设置。
语法
Set-AzSqlServerAudit
[-AuditActionGroup <AuditActionGroups[]>]
[-PredicateExpression <String>]
[-StorageKeyType <String>]
[-RetentionInDays <UInt32>]
[-BlobStorageTargetState <String>]
[-StorageAccountResourceId <String>]
[-EventHubTargetState <String>]
[-EventHubName <String>]
[-EventHubAuthorizationRuleResourceId <String>]
[-LogAnalyticsTargetState <String>]
[-WorkspaceResourceId <String>]
[-PassThru]
[-UseIdentity <String>]
[-ResourceGroupName] <String>
[-ServerName] <String>
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzSqlServerAudit
[-AuditActionGroup <AuditActionGroups[]>]
[-PredicateExpression <String>]
[-StorageKeyType <String>]
[-RetentionInDays <UInt32>]
[-BlobStorageTargetState <String>]
[-StorageAccountResourceId <String>]
[-EventHubTargetState <String>]
[-EventHubName <String>]
[-EventHubAuthorizationRuleResourceId <String>]
[-LogAnalyticsTargetState <String>]
[-WorkspaceResourceId <String>]
[-PassThru]
[-UseIdentity <String>]
-ServerObject <AzureSqlServerModel>
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] 说明
Set-AzSqlServerAudit cmdlet 更改 Azure SQL Server 的审核设置。 若要使用 cmdlet,请使用 ResourceGroupName 和 ServerName 参数来标识服务器。 当 blob 存储是审核日志的目标时,请指定 存储AccountResourceId 参数来确定审核日志的存储帐户,以及用于定义存储密钥的 存储KeyType 参数。 还可以通过设置 RetentionInDays 参数的值来定义审核日志的保留期。
示例
示例 1:启用 Azure SQL Server 的 Blob 存储审核策略
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -BlobStorageTargetState Enabled -StorageAccountResourceId "/subscriptions/7fe3301d-31d3-4668-af5e-211a890ba6e3/resourceGroups/resourcegroup01/providers/Microsoft.Storage/storageAccounts/mystorage"示例 2:禁用 Azure SQL Server 的 Blob 存储审核策略
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -BlobStorageTargetState Disabled示例 3:使用 T-SQL 谓词筛选启用 Azure SQL Server 的 Blob 存储审核策略
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -BlobStorageTargetState Enabled -StorageAccountResourceId "/subscriptions/7fe3301d-31d3-4668-af5e-211a890ba6e3/resourceGroups/resourcegroup01/providers/Microsoft.Storage/storageAccounts/mystorage" -PredicateExpression "statement <> 'select 1'"示例 4:从 Azure SQL Server 的审核策略中删除筛选设置
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -PredicateExpression ""示例 5:启用 Azure SQL Server 的事件中心审核策略
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -EventHubTargetState Enabled -EventHubName "EventHubName" -EventHubAuthorizationRuleResourceId "EventHubAuthorizationRuleResourceId"示例 6:禁用 Azure SQL Server 的事件中心审核策略
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -EventHubTargetState Disabled示例 7:启用 Azure SQL Server 的日志分析审核策略
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -LogAnalyticsTargetState Enabled -WorkspaceResourceId "/subscriptions/4b9e8510-67ab-4e9a-95a9-e2f1e570ea9c/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/viruela2"示例 8:禁用 Azure SQL Server 的日志分析审核策略
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -LogAnalyticsTargetState Disabled示例 9:通过管道禁用 Azure SQL Server 的日志分析审核策略
Get-AzSqlServer -ResourceGroupName "ResourceGroup01" -ServerName "Server01" | Set-AzSqlServerAudit -LogAnalyticsTargetState Disabled示例 10:禁用将 Azure SQL Server 的审核记录发送到 Blob 存储,并启用将其发送到 Log Analytics。
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -LogAnalyticsTargetState Enabled -WorkspaceResourceId "/subscriptions/4b9e8510-67ab-4e9a-95a9-e2f1e570ea9c/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/viruela2" -BlobStorageTargetState Disabled示例 11:允许将 Azure SQL Server 的审核记录发送到 Blob 存储、事件中心和日志分析。
Set-AzSqlServerAudit -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -BlobStorageTargetState Enabled -StorageAccountResourceId "/subscriptions/7fe3301d-31d3-4668-af5e-211a890ba6e3/resourceGroups/resourcegroup01/providers/Microsoft.Storage/storageAccounts/mystorage" -EventHubTargetState Enabled -EventHubName "EventHubName" -EventHubAuthorizationRuleResourceId "EventHubAuthorizationRuleResourceId" -LogAnalyticsTargetState Enabled -WorkspaceResourceId "/subscriptions/4b9e8510-67ab-4e9a-95a9-e2f1e570ea9c/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/viruela2"参数
-AsJob
在后台运行 cmdlet
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AuditActionGroup
建议使用的操作组集是以下组合 - 这将审核针对数据库执行的所有查询和存储过程,以及成功和失败的登录:
“BATCH_COMPLETED_GROUP”,
“SUCCESSFUL_DATABA标准版_AUTHENTICATION_GROUP”,
“FAILED_DATABA标准版_AUTHENTICATION_GROUP”
上述组合也是默认配置的集。 这些组涵盖针对数据库执行的所有 SQL 语句和存储过程,不应与其他组结合使用,因为这将导致重复的审核日志。
有关详细信息,请参阅 https://learn.microsoft.com/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups。
| Type: | AuditActionGroups[] |
| Accepted values: | BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP, LEDGER_OPERATION_GROUP, DBCC_GROUP, DATABASE_OWNERSHIP_CHANGE_GROUP, DATABASE_CHANGE_GROUP |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BlobStorageTargetState
指示 Blob 存储是否是审核记录的目标。
| Type: | String |
| Accepted values: | Enabled, Disabled |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
用于与 Azure 通信的凭据、帐户、租户和订阅。
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EventHubAuthorizationRuleResourceId
事件中心授权规则的资源 ID
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EventHubName
事件中心的名称。 如果在提供 EventHubAuthorizationRuleResourceId 时未指定任何内容,则会选择默认事件中心。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EventHubTargetState
指示事件中心是否是审核记录的目标。
| Type: | String |
| Accepted values: | Enabled, Disabled |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LogAnalyticsTargetState
指示 Log Analytics 是否是审核记录的目标。
| Type: | String |
| Accepted values: | Enabled, Disabled |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
指定是否在 cmdlet 执行结束时输出审核策略
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PredicateExpression
用于筛选审核日志的 T-SQL 谓词(WHERE 子句)。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
资源组的名称。
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RetentionInDays
审核日志的保留天数。
| Type: | Nullable<T>[UInt32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ServerName
SQL Server 名称。
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ServerObject
用于管理其审核策略的服务器对象。
| Type: | AzureSqlServerModel |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-StorageAccountResourceId
存储帐户资源 ID
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StorageKeyType
指定要使用的存储访问密钥之一。
| Type: | String |
| Accepted values: | Primary, Secondary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UseIdentity
指示是否使用托管标识。 当想要在目标存储不在防火墙后面时使用托管标识时,需要用到它。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WorkspaceResourceId
要向其发送审核日志的 Log Analytics 工作区的工作区 ID(Log Analytics 工作区的资源 ID)。 示例:/subscriptions/4b9e8510-67ab-4e9a-95a9-e2f1e570ea9c/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/viruela2
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
输入
Nullable<T>[[System.UInt32, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
输出
反馈
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈