az sql db audit-policy
Manage a database's auditing policy.
Commands
az sql db audit-policy show |
Gets a database's blob auditing policy. |
az sql db audit-policy update |
Update a database's auditing policy. |
az sql db audit-policy show
Gets a database's blob auditing policy.
az sql db audit-policy show [--ids]
[--name]
[--query-examples]
[--resource-group]
[--server]
[--subscription]
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the Azure SQL Database.
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name of the Azure SQL server. You can configure the default using az configure --defaults sql-server=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az sql db audit-policy update
Update a database's auditing policy.
If the policy is being enabled, --storage-account
or both --storage-endpoint
and --storage-key
must be specified.
az sql db audit-policy update [--actions]
[--add]
[--force-string]
[--ids]
[--name]
[--remove]
[--resource-group]
[--retention-days]
[--server]
[--set]
[--state {Disabled, Enabled}]
[--storage-account]
[--storage-endpoint]
[--storage-key]
[--subscription]
Examples
Enable by storage account name.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled --storage-account mystorage
Enable by storage endpoint and key.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Enabled \
--storage-endpoint https://mystorage.blob.core.windows.net --storage-key MYKEY==
Set the list of audit actions.
az sql db audit-policy update -g mygroup -s myserver -n mydb \
--actions FAILED_DATABASE_AUTHENTICATION_GROUP 'UPDATE on database::mydb by public'
Add an audit action.
az sql db audit-policy update -g mygroup -s myserver -n mydb \
--add auditActionsAndGroups FAILED_DATABASE_AUTHENTICATION_GROUP
Remove an audit action by list index.
az sql db audit-policy update -g mygroup -s myserver -n mydb --remove auditActionsAndGroups 0
Disable an auditing policy.
az sql db audit-policy update -g mygroup -s myserver -n mydb --state Disabled
Optional Parameters
List of actions and action groups to audit.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the Azure SQL Database.
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The number of days to retain audit logs.
Name of the Azure SQL server. You can configure the default using az configure --defaults sql-server=<name>
.
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
Auditing policy state.
Name of the storage account.
The storage account endpoint.
Access key for the storage account.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.