在 Azure 门户中配置和访问 Azure Database for MySQL 的审核日志Configure and access audit logs for Azure Database for MySQL in the Azure portal

备注

将要查看的是 Azure Database for MySQL 的新服务。You are viewing the new service of Azure Database for MySQL. 若要查看经典 MySQL Database for Azure 的文档,请访问此页To view the documentation for classic MySQL Database for Azure, please visit this page.

可以从 Azure 门户配置 Azure Database for MySQL 审核日志和诊断设置。You can configure the Azure Database for MySQL audit logs and diagnostic settings from the Azure portal.

先决条件Prerequisites

若要逐步执行本操作方法指南,需要:To step through this how-to guide, you need:

配置审核日志记录Configure audit logging

重要

建议仅记录审核所需的事件类型和用户,以确保服务器的性能不会受到严重影响。It is recommended to only log the event types and users required for your auditing purposes to ensure your server's performance is not heavily impacted.

启用并配置审核日志记录。Enable and configure audit logging.

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 选择 Azure Database for MySQL 服务器。Select your Azure Database for MySQL server.

  3. 在侧栏的“设置”部分,选择“服务器参数”。 Under the Settings section in the sidebar, select Server parameters. 服务器参数Server parameters

  4. audit_log_enabled 参数更新为 ON。Update the audit_log_enabled parameter to ON. 启用审核日志Enable audit logs

  5. 通过更新 audit_log_events 参数,选择要记录的事件类型Select the event types to be logged by updating the audit_log_events parameter. 审核日志事件Audit log events

  6. 通过更新 audit_log_exclude_users 参数添加不进行日志记录的 MySQL 用户。Add any MySQL users to be excluded from logging by updating the audit_log_exclude_users parameter. 通过提供 MySQL 用户名来指定用户。Specify users by providing their MySQL user name. 审核日志排除用户Audit log exclude users

  7. 更改参数之后,可以单击“保存”。Once you have changed the parameters, you can click Save. 也可以放弃所做的更改。Or you can Discard your changes. 保存Save

设置诊断日志Set up diagnostic logs

  1. 在侧栏的“监视”部分,选择“诊断设置” 。Under the Monitoring section in the sidebar, select Diagnostic settings.

  2. 单击“+ 添加诊断设置”添加诊断设置Click on "+ Add diagnostic setting" Add diagnostic setting

  3. 提供诊断设置名称。Provide a diagnostic setting name.

  4. 指定向哪些数据接收器(存储帐户、事件中心和/或 Log Analytics 工作区)发送审核日志。Specify which data sinks to send the audit logs (storage account, event hub, and/or Log Analytics workspace).

  5. 选择“MySqlAuditLogs”作为日志类型。Select "MySqlAuditLogs" as the log type. 配置诊断设置Configure diagnostic setting

  6. 配置可以通过管道向其传输审核日志的数据接收器以后,即可单击“保存”。Once you've configured the data sinks to pipe the audit logs to, you can click Save. 保存诊断设置Save diagnostic setting

  7. 访问审核日志时,可以在配置的数据接收器中浏览它们。Access the audit logs by exploring them in the data sinks you configured. 可能需要等待长达 10 分钟的时间这些日志才会出现。It may take up to 10 minutes for the logs to appear.

后续步骤Next steps

  • 详细了解 Azure Database for MySQL 中的审核日志Learn more about audit logs in Azure Database for MySQL
  • 了解如何在 Azure CLI 中配置审核日志Learn how to configure audit logs in the Azure CLI