HandleAzureSQLAuditingWithEase Passsummit
HandleAzureSQLAuditingWithEase Passsummit
WITH EASE
Josephine Bush
She/Hers
DBA, MBA, Author
ALPINE SKI HOUSE
ABOUT ME
Josephine Bush
10+ years DBA
experience
MBA IT Management
MS Data Analytics @hellosqlkitty
sqlkitty.com ALPINE SKI HOUSE 2
WHAT IS AUDITING?
Retaining data
1
3
Script GUI
CREATE EVENT SESSION [audit] ON DATABASE
ADD EVENT sqlserver.rpc_completed(
ACTION(sqlserver.client_app_name,sqlserver.client_hostna
me,sqlserver.database_name,sqlserver.sql_text,sqlserver.
username)
WHERE ([sqlserver].[username]=N'josephine')),
ADD EVENT sqlserver.sql_batch_completed(
ACTION(sqlserver.client_app_name,sqlserver.client_hostna
me,sqlserver.database_name,sqlserver.sql_text,sqlserver.
username)
WHERE ([sqlserver].[username]=N'josephine'))
ADD TARGET package0.event_file(SET
filename=N'https://StorageAccount.blob.core.windows.net/ You need a credential
Container/audit.xel')
WITH (STARTUP_STATE=ON)
setup to use the URL to
the storage account in
ALPINE SKI HOUSE
the filename 35
MANAGED INSTANCE AUDITING
SQL Server Audit Extended Events
Need a storage Or use
account for all diagnostic
these options settings
and a with Log
credential to Analytics
read/write to workspace
this storage
URL
IAM role – This will allow your RDS instance to access your S3
bucket
Josephine
@hellosqlkitty / sqlkitty.com