在 Azure CLI 中配置和访问审核日志Configure and access audit logs in the Azure CLI

备注

将要查看的是 Azure Database for MySQL 的新服务。You are viewing the new service of Azure Database for MySQL. 若要查看经典 MySQL Database for Azure 的文档,请访问此页To view the documentation for classic MySQL Database for Azure, please visit this page.

可以从 Azure CLI 配置 Azure Database for MySQL 审核日志You can configure the Azure Database for MySQL audit logs from the Azure CLI.

先决条件Prerequisites

若要逐步执行本操作方法指南,需要:To step through this how-to guide, you need:

重要

本操作方法指南要求使用 Azure CLI 版本 2.0 或更高版本。This how-to guide requires that you use Azure CLI version 2.0 or later. 若要确认版本,请在 Azure CLI 命令提示符下输入 az --versionTo confirm the version, at the Azure CLI command prompt, enter az --version. 若要安装或升级,请参阅安装 Azure CLITo install or upgrade, see Install Azure CLI.

配置审核日志记录Configure audit logging

重要

建议仅记录审核所需的事件类型和用户,以确保服务器的性能不会受到严重影响。It is recommended to only log the event types and users required for your auditing purposes to ensure your server's performance is not heavily impacted.

使用以下步骤启用和配置审核日志记录:Enable and configure audit logging using the following steps:

  1. 通过将“audit_logs_enabled”参数设为“ON”来启用审核日志。Turn on audit logs by setting the audit_logs_enabled parameter to "ON".

    az mysql server configuration set --name audit_log_enabled --resource-group myresourcegroup --server mydemoserver --value ON
    
  2. 通过更新 audit_log_events 参数,选择要记录的事件类型Select the event types to be logged by updating the audit_log_events parameter.

    az mysql server configuration set --name audit_log_events --resource-group myresourcegroup --server mydemoserver --value "ADMIN,CONNECTION"
    
  3. 通过更新 audit_log_exclude_users 参数添加不进行日志记录的 MySQL 用户。Add any MySQL users to be excluded from logging by updating the audit_log_exclude_users parameter. 通过提供 MySQL 用户名来指定用户。Specify users by providing their MySQL user name.

    az mysql server configuration set --name audit_log_exclude_users --resource-group myresourcegroup --server mydemoserver --value "azure_superuser"
    
  4. 通过更新“audit_log_include_users”参数,添加要包括在日志记录中的任何特定 MySQL 用户。Add any specific MySQL users to be included for logging by updating the audit_log_include_users parameter. 通过提供 MySQL 用户名来指定用户。Specify users by providing their MySQL user name.

    az mysql server configuration set --name audit_log_include_users --resource-group myresourcegroup --server mydemoserver --value "sampleuser"
    

后续步骤Next steps