< Back
Set-AzureRmSqlServerAuditingPolicy
Post
NAME Set-AzureRmSqlServerAuditingPolicy
SYNOPSIS
Changes the auditing policy of a SQL Database server.
SYNTAX
Set-AzureRmSqlServerAuditingPolicy [-ResourceGroupName] <String> [-AuditActionGroup {BATCH_STARTED_GROUP | BATCH_COMPLETED_GROUP |
APPLICATION_ROLE_CHANGE_PASSWORD_GROUP | BACKUP_RESTORE_GROUP | DATABASE_LOGOUT_GROUP | DATABASE_OBJECT_CHANGE_GROUP |
DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP | DATABASE_OBJECT_PERMISSION_CHANGE_GROUP | DATABASE_OPERATION_GROUP | AUDIT_CHANGE_GROUP |
DATABASE_PERMISSION_CHANGE_GROUP | DATABASE_PRINCIPAL_CHANGE_GROUP | DATABASE_PRINCIPAL_IMPERSONATION_GROUP | DATABASE_ROLE_MEMBER_CHANGE_GROUP |
FAILED_DATABASE_AUTHENTICATION_GROUP | SCHEMA_OBJECT_ACCESS_GROUP | SCHEMA_OBJECT_CHANGE_GROUP | SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP |
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP | SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP | USER_CHANGE_PASSWORD_GROUP}] [-AuditType {NotSet | Table |
Blob}] [-DefaultProfile <IAzureContextContainer>] [-EventType {PlainSQL_Success | PlainSQL_Failure | ParameterizedSQL_Success |
ParameterizedSQL_Failure | StoredProcedure_Success | StoredProcedure_Failure | Login_Success | Login_Failure | TransactionManagement_Success |
TransactionManagement_Failure | All | None}] [-PassThru] [-RetentionInDays <UInt32>] -ServerName <String> [-StorageAccountName <String>]
[-StorageKeyType {Primary | Secondary}] [-TableIdentifier <String>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Set-AzureRmSqlServerAuditingPolicy cmdlet changes the auditing policy of an Azure SQL Database server. Specify the ResourceGroupName and
ServerName parameters to identify the server, the StorageAccountName parameter to specify the storage account for the audit logs, and the
StorageKeyType parameter to define the storage keys to use.
You can also define retention for the audit logs table by setting the value of the RetentionInDays and TableIdentifier parameters to define the
period and the seed for the audit log table names. Specify the EventType parameter to define which event types to audit. After you run this
cmdlet, auditing of the databases that use the policy of this server is enabled. If the cmdlet succeeds and you specify the PassThru parameter,
the cmdlet returns an object that describes the current auditing policy, and the server identifiers. Server identifiers include ResourceGroupName
and ServerName .
PARAMETERS
-AuditActionGroup <AuditActionGroups[]>
Specify one or more audit action groups. This parameter is only applicable to Blob auditing.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-AuditType <AuditType>
Specify the audit type. Audit logs can be written to Table storage or Blob storage. Blob auditing provides higher performance and supports
object-level auditing.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-EventType <String[]>
Specifies the event types to audit. This parameter is only applicable to Table auditing.
You can specify several event types. You can specify All to audit all of the event types or None to specify that no events will be audited. If
you specify All or None at the same time, the command fails.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-ResourceGroupName <String>
Specifies the name of the resource group that contains the database.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-RetentionInDays <UInt32>
Specifies the number of retention days for the audit logs table. A value of zero (0) means that the table is not retained. this is the
default. If you specify a value greater than zero, you must also specify a value for the TableIdentifer parameter.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ServerName <String>
Specifies the name of the server that contains the database.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StorageAccountName <String>
Specifies the name of the storage account for auditing the database. Wildcard characters are not permitted. If you do not specify this
parameter, the cmdlet uses the storage account that was defined previously as part of the auditing policy of the database. If this is the
first time a database auditing policy is defined and you do not specify this parameter, the command fails.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StorageKeyType <String>
Specifies which of the storage access keys to use. The acceptable values for this parameter are:
- Primary
- Secondary
The default value is Primary.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TableIdentifier <String>
Specifies the name of the audit logs table. Specify this value if you specify a value greater than zero for the RetentionInDays parameter.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.Sql.Security.Model.ServerAuditingPolicyModel
NOTES
Example 1: Set the auditing policy of an Azure SQL server use Table auditing
PS C:\\>Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -AuditType Table -StorageAccountName
"Storage22"
This command sets the auditing policy of the server named Server01 to use a storage account named Storage22.
Example 2: Set the storage account key of an existing auditing policy of an Azure SQL server
PS C:\\>Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -StorageAccountKey Secondary
This command sets the auditing policy of the server named Server01 to use the secondary key. The command does not modify the storage account name.
Example 3: Set the auditing policy of an Azure SQL server to use a specific event type
PS C:\\>Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -EventType Login_Failure
Example 4: Set the auditing policy of a database to use Blob auditing
PS C:\\>Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -AuditType Blob -StorageAccountName
"Storage31" -AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP" -RetentionInDays 8
This command sets the auditing policy of the server named Server01 to use the Login_Failure event type. This command does not modify any other
setting.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... tingpolicy
Get-AzureRmSqlServerAuditingPolicy
Use-AzureRmSqlServerAuditingPolicy
SQL Database Documentation https://docs.microsoft.com/azure/sql-database/
SYNOPSIS
Changes the auditing policy of a SQL Database server.
SYNTAX
Set-AzureRmSqlServerAuditingPolicy [-ResourceGroupName] <String> [-AuditActionGroup {BATCH_STARTED_GROUP | BATCH_COMPLETED_GROUP |
APPLICATION_ROLE_CHANGE_PASSWORD_GROUP | BACKUP_RESTORE_GROUP | DATABASE_LOGOUT_GROUP | DATABASE_OBJECT_CHANGE_GROUP |
DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP | DATABASE_OBJECT_PERMISSION_CHANGE_GROUP | DATABASE_OPERATION_GROUP | AUDIT_CHANGE_GROUP |
DATABASE_PERMISSION_CHANGE_GROUP | DATABASE_PRINCIPAL_CHANGE_GROUP | DATABASE_PRINCIPAL_IMPERSONATION_GROUP | DATABASE_ROLE_MEMBER_CHANGE_GROUP |
FAILED_DATABASE_AUTHENTICATION_GROUP | SCHEMA_OBJECT_ACCESS_GROUP | SCHEMA_OBJECT_CHANGE_GROUP | SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP |
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP | SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP | USER_CHANGE_PASSWORD_GROUP}] [-AuditType {NotSet | Table |
Blob}] [-DefaultProfile <IAzureContextContainer>] [-EventType {PlainSQL_Success | PlainSQL_Failure | ParameterizedSQL_Success |
ParameterizedSQL_Failure | StoredProcedure_Success | StoredProcedure_Failure | Login_Success | Login_Failure | TransactionManagement_Success |
TransactionManagement_Failure | All | None}] [-PassThru] [-RetentionInDays <UInt32>] -ServerName <String> [-StorageAccountName <String>]
[-StorageKeyType {Primary | Secondary}] [-TableIdentifier <String>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Set-AzureRmSqlServerAuditingPolicy cmdlet changes the auditing policy of an Azure SQL Database server. Specify the ResourceGroupName and
ServerName parameters to identify the server, the StorageAccountName parameter to specify the storage account for the audit logs, and the
StorageKeyType parameter to define the storage keys to use.
You can also define retention for the audit logs table by setting the value of the RetentionInDays and TableIdentifier parameters to define the
period and the seed for the audit log table names. Specify the EventType parameter to define which event types to audit. After you run this
cmdlet, auditing of the databases that use the policy of this server is enabled. If the cmdlet succeeds and you specify the PassThru parameter,
the cmdlet returns an object that describes the current auditing policy, and the server identifiers. Server identifiers include ResourceGroupName
and ServerName .
PARAMETERS
-AuditActionGroup <AuditActionGroups[]>
Specify one or more audit action groups. This parameter is only applicable to Blob auditing.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-AuditType <AuditType>
Specify the audit type. Audit logs can be written to Table storage or Blob storage. Blob auditing provides higher performance and supports
object-level auditing.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-EventType <String[]>
Specifies the event types to audit. This parameter is only applicable to Table auditing.
You can specify several event types. You can specify All to audit all of the event types or None to specify that no events will be audited. If
you specify All or None at the same time, the command fails.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-ResourceGroupName <String>
Specifies the name of the resource group that contains the database.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-RetentionInDays <UInt32>
Specifies the number of retention days for the audit logs table. A value of zero (0) means that the table is not retained. this is the
default. If you specify a value greater than zero, you must also specify a value for the TableIdentifer parameter.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ServerName <String>
Specifies the name of the server that contains the database.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StorageAccountName <String>
Specifies the name of the storage account for auditing the database. Wildcard characters are not permitted. If you do not specify this
parameter, the cmdlet uses the storage account that was defined previously as part of the auditing policy of the database. If this is the
first time a database auditing policy is defined and you do not specify this parameter, the command fails.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StorageKeyType <String>
Specifies which of the storage access keys to use. The acceptable values for this parameter are:
- Primary
- Secondary
The default value is Primary.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TableIdentifier <String>
Specifies the name of the audit logs table. Specify this value if you specify a value greater than zero for the RetentionInDays parameter.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.Sql.Security.Model.ServerAuditingPolicyModel
NOTES
Example 1: Set the auditing policy of an Azure SQL server use Table auditing
PS C:\\>Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -AuditType Table -StorageAccountName
"Storage22"
This command sets the auditing policy of the server named Server01 to use a storage account named Storage22.
Example 2: Set the storage account key of an existing auditing policy of an Azure SQL server
PS C:\\>Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -StorageAccountKey Secondary
This command sets the auditing policy of the server named Server01 to use the secondary key. The command does not modify the storage account name.
Example 3: Set the auditing policy of an Azure SQL server to use a specific event type
PS C:\\>Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -EventType Login_Failure
Example 4: Set the auditing policy of a database to use Blob auditing
PS C:\\>Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -AuditType Blob -StorageAccountName
"Storage31" -AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP" -RetentionInDays 8
This command sets the auditing policy of the server named Server01 to use the Login_Failure event type. This command does not modify any other
setting.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... tingpolicy
Get-AzureRmSqlServerAuditingPolicy
Use-AzureRmSqlServerAuditingPolicy
SQL Database Documentation https://docs.microsoft.com/azure/sql-database/