az sql server audit-policy
Manage a server's auditing policy.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az sql server audit-policy show |
Show server audit policy. |
Core | GA |
| az sql server audit-policy update |
Update a server's auditing policy. |
Core | GA |
| az sql server audit-policy wait |
Place the CLI in a waiting state until a condition of the server's audit policy is met. |
Core | GA |
az sql server audit-policy show
Show server audit policy.
az sql server audit-policy show [--ids]
[--name]
[--resource-group]
[--subscription]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sql server audit-policy update
Update a server's auditing policy.
If the policy is being enabled, --storage-account or both --storage-endpoint and --storage-key must be specified.
az sql server audit-policy update [--actions]
[--add]
[--blob-storage-target-state --bsts {Disabled, Enabled}]
[--eh --event-hub]
[--ehari --event-hub-authorization-rule-id]
[--ehts --event-hub-target-state {Disabled, Enabled}]
[--force-string]
[--ids]
[--lats --log-analytics-target-state {Disabled, Enabled}]
[--lawri --log-analytics-workspace-resource-id]
[--name]
[--no-wait]
[--remove]
[--resource-group]
[--retention-days]
[--set]
[--state {Disabled, Enabled}]
[--storage-account]
[--storage-endpoint]
[--storage-key]
[--subscription]Examples
Enable by storage account name.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--bsts Enabled --storage-account mystorageEnable by storage endpoint and key.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--bsts Enabled --storage-endpoint https://mystorage.blob.core.windows.net \
--storage-key MYKEY==Set the list of audit actions.
az sql server audit-policy update -g mygroup -n myserver \
--actions FAILED_DATABASE_AUTHENTICATION_GROUP 'UPDATE on server::myserver by public'Disable an auditing policy.
az sql server audit-policy update -g mygroup -n myserver --state DisabledDisable a blob storage auditing policy.
az sql server audit-policy update -g mygroup -n myserver --bsts DisabledEnable a log analytics auditing policy.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--lats Enabled --lawri myworkspaceresourceidDisable a log analytics auditing policy.
az sql server audit-policy update -g mygroup -n myserver
--lats DisabledEnable an event hub auditing policy.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleid \
--event-hub eventhubnameEnable an event hub auditing policy for default event hub.
az sql server audit-policy update -g mygroup -n myserver --state Enabled \
--event-hub-target-state Enabled \
--event-hub-authorization-rule-id eventhubauthorizationruleidDisable an event hub auditing policy.
az sql server audit-policy update -g mygroup -n myserver
--event-hub-target-state DisabledOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
List of actions and action groups to audit.These are space seperated values.Example: --actions FAILED_DATABASE_AUTHENTICATION_GROUP BATCH_COMPLETED_GROUP.
| Property | Value |
|---|---|
| Parameter group: | Policy Arguments |
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
Indicate whether blob storage is a destination for audit records.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
| Accepted values: | Disabled, Enabled |
The name of the event hub. If none is specified when providing event_hub_authorization_rule_id, the default event hub will be selected.
| Property | Value |
|---|---|
| Parameter group: | Event Hub Arguments |
The resource Id for the event hub authorization rule.
| Property | Value |
|---|---|
| Parameter group: | Event Hub Arguments |
Indicate whether event hub is a destination for audit records.
| Property | Value |
|---|---|
| Parameter group: | Event Hub Arguments |
| Accepted values: | Disabled, Enabled |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Indicate whether log analytics is a destination for audit records.
| Property | Value |
|---|---|
| Parameter group: | Log Analytics Arguments |
| Accepted values: | Disabled, Enabled |
The workspace ID (resource ID of a Log Analytics workspace) for a Log Analytics workspace to which you would like to send Audit Logs.
| Property | Value |
|---|---|
| Parameter group: | Log Analytics Arguments |
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The number of days to retain audit logs.
| Property | Value |
|---|---|
| Parameter group: | Policy Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
Auditing policy state.
| Property | Value |
|---|---|
| Parameter group: | Policy Arguments |
| Accepted values: | Disabled, Enabled |
Name of the storage account.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
The storage account endpoint.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
Access key for the storage account.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sql server audit-policy wait
Place the CLI in a waiting state until a condition of the server's audit policy is met.
az sql server audit-policy wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Examples
Place the CLI in a waiting state until it determines that server's audit policy exists
az sql server audit-policy wait -g mygroup -n myserver --existsOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
