Is there a way to view the logs of when backups of Azure SQL were taken? Success, failure, etc, logs or logs of the PITR, LTR, diffs being taken?
I can see a list of our available LTRs, but I don't seem to see any log history of when these things were made, etc.
This is not SQL on Azure VMs, I'm using their fully managed Azure SQL.
You can use Azure SQL Database auditing to track database events and writes them to an audit log in your Azure storage account, or sends them to Event Hub or Log Analytics for downstream processing and analysis.
You can use SQL Database auditing to:
Retain an audit trail of selected events. You can define categories of database actions to be audited.
Report on database activity. You can use pre-configured reports and a dashboard to get started quickly with activity and event reporting.
Analyze reports. You can find suspicious events, unusual activity, and trends.
Find the detailed source document here to know more.
Set up auditing for your server tutorial here.
Related
I created Audit Trail in my database by overriding EF Core SaveChanges and SaveChangesAsync methods and storing if entity was Added, Removed, Edited, what columns where edited and what user did it.
However, I became aware of Azure Monitor, but I cannot find information is it possible to track changes made to records stored in selected errors using Azure Monitor instead of what I've done?
if entity was Added, Removed, Edited,what columns where edited and what user did it. is it possible to
track changes made to records stored in selected errors using Azure
Monitor instead of what I’ve done?
Yes, You can make use of audit logs to get the logs of commands executed in your Azure SQL on Inserting, Selecting, and Creating the data. You can make use of Azure Monitor Performance management and SQL Insights to get information and logs on the Top queries and errors on the query execution by the user. You can send your Azure SQL Logs to the Log Analytics workspace and query the details.
Audit Logs:-
Enable Audit Logs for your Azure SQL server like below and send the data to Log Analytics, You can also store the data in your Storage account. :-
Enable Azure SQL Server level logging:-
Enable Azure SQL DB level logging for Database events:-
This will create one Log analytics solution for the SQL audit logs in the selected LA workspace and you can find your Azure SQL DB records and logs below :-
Solution :-
You can also find the Top executed queries and error codes if the queries failed here in the Performance overview:-
Click on the Top executed query details row and you will find additional details on the query like below :-
You can send Azure SQL Logs via diagnostics settings too and send it to Log Analytics Workspace:-
If you’re connected to SSMS, you can import your audit logs to SSMS by storing the audit logs in your storage account first and then importing it like below :-
I'm developing an ETL process in Azure SQL Database, in which I will have several T-SQL stored procedures performing the automated processing on the data. These processes will occasionally fail due to diverse reasons, so I need to implement a logging strategy that will allow me to determine the cause of the failures whenever they happen.
The simplest solution would be to create a log table in the same Azure SQL Database, but I would really like to leverage Azure Monitor's Log Analytics capabilities. I've searched all around the web, but I've found no way in which I can send custom logs from a T-SQL stored procedure running on Azure SQL Database to a Azure Log Analytics workspace. Is there any way in which I can achieve this?
I have a scenario where I would like to query Azure Data warehouse tables within the Log Analytics workspace and using those records I need to create a result set and prepare a chart.
I do see some objects in log analytics workspace like a database, table but not sure what is the purpose and are these objects specific to a resource or generic and how to use them I couldn't get documentation for these objects can somebody guide me on this.
Unfortunately, you cannot use Azure Log Analytics to query Azure SQL Data Warehouse.
Use Azure Data Studio to connect and query data in Azure SQL data warehouse.
Recommended tools for querying data in Azure SQL Data Warehouse.
Azure Log Analytics is used to write, execute, and manage Azure Monitor log queries in the Azure portal. You can use Log Analytics queries to search for terms, identify trends, analyze patterns, and provide many other insights from your data.
For more information about log queries, see Overview of log queries in Azure Monitor.
For a detailed tutorial on writing log queries, see Get started with log queries in Azure Monitor.
Where does data logs of Azure Pipeline v2 gets stored, I would like to retrieve data of failed pipelines for specific date.( Dont want to use azure portal to view these data). Is there any table/view holds such datalogs from database.
To my knowledge, to obtain diagnostic logs you can use Azure Monitor, Operations Management Suite (OMS), or monitor those pipelines visually.
By Azure Pipeline v2, you mean Azure Data Factory v2. Alert and Monitor data factories using Azure Monitor
Diagnostic logs:
Save them to a Storage Account for auditing or manual inspection. You can specify the retention time (in days) using the diagnostic settings.
Stream them to Event Hubs for ingestion by a third-party service or custom analytics solution such as PowerBI.
Analyze them with Log Analytics
The logs are stored on Azure Data Factory web server for 45 days. If you want to get the pipeline run and activity run metadata, you can use Azure Data Factory SDK to extract the information you need and save it somewhere you want.
Recommended approach on this for log term analysis as well as limiting access to a production data factory would be to configure logs to be sent to log analytics. Be sure to enable dedicated logging tables as this will help on the backend in terms of organizing your logs.
From there you can also set up alerts and access groups running off of log analytics queries for better monitoring.
We are looking to get alerts on specific tables in a Azure DB to initiate actions.These could be
a) calling a Azure Search indexer API so that changes get indexed in near-real time every time the datasource changes
b) push updates to users via SignalR when there is an update
I understand AzureDB has functional limitations and triggers cannot invoke the Azure function directly due to lack of CLR support.
Azure SQL Database trigger to insert audit info into Azure Table
Given the triggers in Azure cannot invoke APIs, I was told that we could get information on database updates via the auditing. However, the auditing seems to be at the blob level- not at a table level
Given the multiple changes underway, it would be quite a task and time-delay to check out for the event of interest from the blob.
While there is a line around the blob auditing being configurable(supports higher granularity object-level auditing), I couldn't find an approach to limit blob updates to certain table alone. Any pointers would be appreciated
Also, given blob auditing seems to be built for threat detection/ regulatory purposes,any issues using this for event alerts?
Additional info on granular Blob Auditing in Azure SQL DB (including limiting the audit policy to specific tables/views) can be found here:
https://msdn.microsoft.com/library/azure/mt695939.aspx
Please note that we have also created the following OMS integration app for advanced analysis of Audit logs - you can use it to push the Blob audit logs into OMS, and then create customized alerts in OMS on top of the audit logs (this is a temporary solution, until our fully integrated OMS/Log Analytics solution is available):
https://github.com/Microsoft/Azure-SQL-DB-auditing-OMS-integration
Best Regards,
Gilad Mittelman
SQL Security, Microsoft