az sql db audit-policy
Manage a database's auditing policy.
Commands
| az sql db audit-policy show | Gets a database's blob auditing policy. |
| az sql db audit-policy update | Update a database's auditing policy. |
az sql db audit-policy show
Gets a database's blob auditing policy.
az sql db audit-policy show [--ids]
[--name]
[--resource-group]
[--server]
[--subscription]Optional Parameters
One or more resource IDs (space-delimited). If provided, no other 'Resource Id' arguments should be specified.
Name of the Azure SQL Database.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name of the Azure SQL server. You can configure the default using az configure --defaults sql-server=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
az sql db audit-policy update
Update a database's auditing policy.
az sql db audit-policy update [--actions]
[--add]
[--force-string]
[--ids]
[--name]
[--remove]
[--resource-group]
[--retention-days]
[--server]
[--set]
[--state {Disabled, Enabled}]
[--storage-account]
[--storage-endpoint]
[--storage-key]
[--subscription]Examples
Enable by storage account name.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled --storage-account mystorageEnable by storage endpoint and key.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled \
--storage-endpoint https://mystorage.blob.core.windows.net --storage-key MYKEY==Set the list of audit actions.
az sql db audit-policy update -g mygroup -s myserver -n mydb \
--actions FAILED_DATABASE_AUTHENTICATION_GROUP 'UPDATE on database::mydb by public'Add an audit action.
az sql db audit-policy update -g mygroup -s myserver -n mydb \
--add auditActionsAndGroups FAILED_DATABASE_AUTHENTICATION_GROUPRemove an audit action by list index.
az sql db audit-policy update -g mygroup -s myserver -n mydb --remove auditActionsAndGroups 0Disable an auditing policy.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state DisabledOptional Parameters
List of actions and action groups to audit.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). If provided, no other 'Resource Id' arguments should be specified.
Name of the Azure SQL Database.
Remove a property or an element from a list. Example: --remove property.list
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The number of days to retain audit logs.
Name of the Azure SQL server. You can configure the default using az configure --defaults sql-server=<name>.
Update an object by specifying a property path and value to set. Example: --set property1.property2=
Auditing policy state.
Name of the storage account.
The storage account endpoint.
Access key for the storage account.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.