1

I´m trying to create a new audit on Azure SQL Database with command below:

Set-AzSqlDatabaseAudit -ResourceGroupName "NAME" -ServerName "SERVER" -DatabaseName "DATABASE" -AuditActionGroup "BATCH_COMPLETED_GROUP" -AuditAction "DELETE ON TABLE BY PUBLIC" -BlobStorageTargetState Enabled -StorageAccountResourceId "/..."

In audit log I noticed that all comandos are being registered, not just the delete commands in object desired and informed in cmdlet.

I can´t submit the comand withou option -AuditActionGroup "BATCH_COMPLETED_GROUP". I think the problem is here but I can´t submit without this part.

Improve this question

1 Answer 1

Reset to default
0

Please try auditing the action at the database level, that has worked for me.

Set-AzureRmSqlDatabaseAuditing -ResourceGroupName "resourceGroup"
 -ServerName "SQL Server Name" -DatabaseName "AdventureWorksLT"  
 -StorageAccountName "storageAccount" 
-AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" 
 -AuditAction "DELETE ON database::[AdventureWorksLT] BY [public]"  
 -RetentionInDays 60
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for the answer. In my case I need to filter only DELETE commands in just only one table. When I create audit with the option: -AuditActionGroup "BATCH_COMPLETED_GROUP" the result is that SQL Database logs all commands e not only the DELETE on table that I specified. I tried to inform only the -AuditAction but not works too.
What about saving the Audit log to Azure Log Analytics. You can query there what you want. You just need to go to Azure Portal > Monitor > Logs. Write your Kusto query and run it to get data
I already have an audit configured as a server side on Azure. The log is saved in blob storage. In this specific case I would like to save just only DELETE comands on just one specific table. But in my case after audit created all commands are being saved.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.