在 Azure CLI 中配置和访问 Azure Database for Maria DB 审核日志Configure and access Azure Database for Maria DB audit logs in the Azure CLI

可以从 Azure CLI 配置 Azure Database for MariaDB 审核日志You can configure the Azure Database for MariaDB audit logs from the Azure CLI.

如果没有 Azure 试用版订阅,请在开始前创建一个试用版订阅If you don't have an Azure trail subscription, create a trial subscription before you begin.

先决条件Prerequisites

若要完成本指南:To complete this guide:

  • 如果需要,请安装 Azure CLI 来运行 CLI 参考命令。If you prefer, install the Azure CLI to run CLI reference commands.
    • 如果使用的是本地安装,请使用 az login 命令登录到 Azure CLI。If you're using a local installation, sign in to the Azure CLI by using the az login command. 若要完成身份验证过程,请遵循终端中显示的步骤。To finish the authentication process, follow the steps displayed in your terminal. 有关其他登录选项,请参阅登录 Azure CLIFor additional sign-in options, see Sign in with the Azure CLI.
    • 出现提示时,请在首次使用时安装 Azure CLI 扩展。When you're prompted, install Azure CLI extensions on first use. 有关扩展详细信息,请参阅使用 Azure CLI 的扩展For more information about extensions, see Use extensions with the Azure CLI.
    • 运行 az version 以查找安装的版本和依赖库。Run az version to find the version and dependent libraries that are installed. 若要升级到最新版本,请运行 az upgradeTo upgrade to the latest version, run az upgrade.
  • 本文需要 Azure CLI 版本 2.0 或更高版本。This article requires version 2.0 or later of the Azure CLI.

配置审核日志记录Configure audit logging

重要

建议仅记录审核所需的事件类型和用户,以确保服务器的性能不会受到严重影响。It is recommended to only log the event types and users required for your auditing purposes to ensure your server's performance is not heavily impacted.

使用以下步骤启用和配置审核日志记录:Enable and configure audit logging using the following steps:

  1. 通过将“audit_logs_enabled”参数设为“ON”来启用审核日志。Turn on audit logs by setting the audit_logs_enabled parameter to "ON".

    az mariadb server configuration set --name audit_log_enabled --resource-group myresourcegroup --server mydemoserver --value ON
    
  2. 通过更新 audit_log_events 参数,选择要记录的 事件类型Select the event types to be logged by updating the audit_log_events parameter.

    az mariadb server configuration set --name audit_log_events --resource-group myresourcegroup --server mydemoserver --value "ADMIN,CONNECTION"
    
  3. 通过更新 audit_log_exclude_users 参数添加要从日志记录中排除的 MariaDB 用户。Add any MariaDB users to be excluded from logging by updating the audit_log_exclude_users parameter. 通过提供 MariaDB 用户名来指定用户。Specify users by providing their MariaDB user name.

    az mariadb server configuration set --name audit_log_exclude_users --resource-group myresourcegroup --server mydemoserver --value "azure_superuser"
    
  4. 通过更新“audit_log_include_users”参数,添加要包括在日志中的任何特定 MariaDB 用户。Add any specific MariaDB users to be included for logging by updating the audit_log_include_users parameter. 通过提供 MariaDB 用户名来指定用户。Specify users by providing their MariaDB user name.

    az mariadb server configuration set --name audit_log_include_users --resource-group myresourcegroup --server mydemoserver --value "sampleuser"
    

后续步骤Next steps