Audit Logs for Azure Database for MySQL flexible server
Diagnostic settings
As a part of Diagnostic policies deployed over the subscription, the diagnostic settings are already getting enabled on all the Azure Database for MySQL flexible servers.
Diagnostic settings deployed on the database level has all the categories of logs enabled as shown below:
Although all the log categories are enabled under the diagnostic settings, still while querying the LAW, we could not find any logs related to MySQL Audit Logs Category even after doing some operations against the database. For this, some addtional configuration needs to be done.
Server Parameters
- We have Server parameters under Settings tab where we can change the default settings for the MySQL server.
- We enable the audit log and have the Connection event enabled.
- Once the audit log is enabled from the server parameter, we can see the logs for MySQL Audit with the connection_log event class inside the AzureDiagnostics table of LAW.
- We can also include DML event to the audit_log_events field under server parameters. This will give us logs for DML operations like INSERT, DELETE etc on the tables.
- The sql_text_s field will contains the queries that have been run against the Database.
