Merge pull request #79443 from ajlam/audit-log-preview

Audit log preview for MariaDB

Author: ktoliver

articles/mariadb/TOC.yml

@@ -63,8 +63,10 @@
     items:
     - name: Monitor
       href: concepts-monitoring.md
-    - name: Server logs
+    - name: Slow query logs
       href: concepts-server-logs.md
+    - name: Audit logs
+      href: concepts-audit-logs.md
   - name: Development
     items:
     - name: Drivers and tools compatibility
@@ -112,13 +114,19 @@
   - name: Auto grow storage
     items:
     - name: Azure portal
-      href: howto-auto-grow-storage-portal.md
+      href: howto-auto-grow-storage-portal.md  
   - name: Access server logs
     items:
-    - name: Azure portal
-      href: howto-configure-server-logs-portal.md
-    - name: Azure CLI
-      href: howto-configure-server-logs-cli.md
+    - name: Slow query logs
+      items: 
+      - name: Azure portal
+        href: howto-configure-server-logs-portal.md
+      - name: Azure CLI
+        href: howto-configure-server-logs-cli.md
+    - name: Audit logs
+      items: 
+      - name: Azure portal
+        href: howto-configure-audit-logs-portal.md
   - name: Monitor
     items:
     - name: Create alerts on metrics

articles/mariadb/concepts-audit-logs.md

@@ -0,0 +1,126 @@
+---
+title: Audit logs for Azure Database for MariaDB
+description: Describes the audit logs available in Azure Database for MariaDB, and the available parameters for enabling logging levels.
+author: ajlam
+ms.author: andrela
+ms.service: mariadb
+ms.topic: conceptual
+ms.date: 06/11/2019
+---
+
+# Audit Logs in Azure Database for MariaDB
+
+In Azure Database for MariaDB, the audit log is available to users. The audit log can be used to track database-level activity and is commonly used for compliance.
+
+> [!IMPORTANT]
+> Audit log functionality is currently in preview.
+
+## Configure audit logging
+
+By default the audit log is disabled. To enable it, set `audit_log_enabled` to ON.
+
+Other parameters you can adjust include:
+
+- `audit_log_events`: controls the events to be logged. See below table for specific audit events.
+- `audit_log_exclude_users`: MariaDB users to be excluded from logging. Allows for at most four users. Max length of the parameter is 256 characters.
+
+| **Event** | **Description** |
+|---|---|
+| `CONNECTION` | - Connection initiation (successful or unsuccessful) <br> -  User reauthentication with different user/password during session <br> - Connection termination |
+| `DML_SELECT`| SELECT queries |
+| `DML_NONSELECT` | INSERT/DELETE/UPDATE queries |
+| `DML` | DML = DML_SELECT + DML_NONSELECT |
+| `DDL` | Queries like "DROP DATABASE" |
+| `DCL` | Queries like "GRANT PERMISSION" |
+| `ADMIN` | Queries like "SHOW STATUS" |
+| `GENERAL` | All in DML_SELECT, DML_NONSELECT, DML, DDL, DCL, and ADMIN |
+
+## Access audit logs
+
+Audit logs are integrated with Azure Monitor Diagnostic Logs. Once you've enabled audit logs on your MariaDB server, you can emit them to Azure Monitor logs, Event Hubs, or Azure Storage. To learn more about how to enable diagnostic logs in the Azure portal, see the [audit log portal article](howto-configure-audit-logs-portal.md#set-up-diagnostic-logs).
+
+## Schemas
+
+The following sections describe what's output by MariaDB audit logs based on the event type. Depending on the output method, the fields included and the order in which they appear may vary.
+
+### Connection
+
+| **Property** | **Description** |
+|---|---|
+| `TenantId` | Your tenant ID |
+| `SourceSystem` | `Azure` |
+| `TimeGenerated` [UTC] | Time stamp when the log was recorded in UTC |
+| `Type` | Type of the log. Always `AzureDiagnostics` |
+| `SubscriptionId` | GUID for the subscription that the server belongs to |
+| `ResourceGroup` | Name of the resource group the server belongs to |
+| `ResourceProvider` | Name of the resource provider. Always `MICROSOFT.DBFORMARIADB` |
+| `ResourceType` | `Servers` |
+| `ResourceId` | Resource URI |
+| `Resource` | Name of the server |
+| `Category` | `MySqlAuditLogs` |
+| `OperationName` | `LogEvent` |
+| `event_class` | `connection_log` |
+| `event_subclass` | `CONNECT`, `DISCONNECT` |
+| `connection_id` | Unique connection ID generated by MariaDB |
+| `host` | Blank |
+| `ip` | IP address of client connecting to MariaDB |
+| `user` | Name of user executing the query |
+| `db` | Name of database connected to |
+| `\_ResourceId` | Resource URI |
+
+### General
+
+Schema below applies to GENERAL, DML_SELECT, DML_NONSELECT, DML, DDL, DCL, and ADMIN event types.
+
+| **Property** | **Description** |
+|---|---|
+| `TenantId` | Your tenant ID |
+| `SourceSystem` | `Azure` |
+| `TimeGenerated` [UTC] | Time stamp when tshe log was recorded in UTC |
+| `Type` | Type of the log. Always `AzureDiagnostics` |
+| `SubscriptionId` | GUID for the subscription that the server belongs to |
+| `ResourceGroup` | Name of the resource group the server belongs to |
+| `ResourceProvider` | Name of the resource provider. Always `MICROSOFT.DBFORMARIADB` |
+| `ResourceType` | `Servers` |
+| `ResourceId` | Resource URI |
+| `Resource` | Name of the server |
+| `Category` | `MySqlAuditLogs` |
+| `OperationName` | `LogEvent` |
+| `event_class` | `general_log` |
+| `event_subclass` | `LOG`, `ERROR`, `RESULT` |
+| `event_time` | Query start seconds in UNIX timestamp |
+| `error_code` | Error code if query failed. `0` means no error |
+| `thread_id` | ID of thread that executed the query |
+| `host` | Blank |
+| `ip` | IP address of client connecting to MariaDB |
+| `user` | Name of user executing the query |
+| `sql_text` | Full query text |
+| `\_ResourceId` | Resource URI |
+
+### Table access
+
+| **Property** | **Description** |
+|---|---|
+| `TenantId` | Your tenant ID |
+| `SourceSystem` | `Azure` |
+| `TimeGenerated` [UTC] | Time stamp when the log was recorded in UTC |
+| `Type` | Type of the log. Always `AzureDiagnostics` |
+| `SubscriptionId` | GUID for the subscription that the server belongs to |
+| `ResourceGroup` | Name of the resource group the server belongs to |
+| `ResourceProvider` | Name of the resource provider. Always `MICROSOFT.DBFORMARIADB` |
+| `ResourceType` | `Servers` |
+| `ResourceId` | Resource URI |
+| `Resource` | Name of the server |
+| `Category` | `MySqlAuditLogs` |
+| `OperationName` | `LogEvent` |
+| `event_class` | `table_access_log` |
+| `event_subclass` | `READ`, `INSERT`, `UPDATE`, or `DELETE` |
+| `connection_id` | Unique connection ID generated by MariaDB |
+| `db` | Name of database accessed |
+| `table` | Name of table accessed |
+| `sql_text` | Full query text |
+| `\_ResourceId` | Resource URI |
+
+## Next steps
+
+- [How to configure audit logs in the Azure portal](howto-configure-audit-logs-portal.md)

articles/mariadb/concepts-server-logs.md

@@ -5,15 +5,15 @@ author: rachel-msft
 ms.author: raagyema
 ms.service: mariadb
 ms.topic: conceptual
-ms.date: 04/29/2019
+ms.date: 06/12/2019
 ---
-# Server Logs in Azure Database for MariaDB
+# Slow query logs in Azure Database for MariaDB
 In Azure Database for MariaDB, the slow query log is available to users. Access to the transaction log is not supported. The slow query log can be used to identify performance bottlenecks for troubleshooting.
 
 For more information about the slow query log, see the MariaDB documentation for [slow query log](https://mariadb.com/kb/en/library/slow-query-log-overview/).
 
-## Access server logs
-You can list and download Azure Database for MariaDB server logs using the Azure portal, and the Azure CLI.
+## Access slow query logs
+You can list and download Azure Database for MariaDB slow query logs using the Azure portal, and the Azure CLI.
 
 In the Azure portal, select your Azure Database for MariaDB server. Under the **Monitoring** heading, select the **Server Logs** page.
 
@@ -24,7 +24,7 @@ Logs are available for up to seven days from their creation. If the total size o
 
 Logs are rotated every 24 hours or 7 GB, whichever comes first.
 
-## Configure logging
+## Configure slow query logging
 By default the slow query log is disabled. To enable it, set slow_query_log to ON.
 
 Other parameters you can adjust include:

articles/mariadb/howto-configure-audit-logs-portal.md

@@ -0,0 +1,68 @@
+---
+title: Configure and access audit logs for Azure Database for MariaDB in Azure portal
+description: This article describes how to configure and access the audit logs in Azure Database for MariaDB from the Azure portal.
+author: ajlam
+ms.author: andrela
+ms.service: mariadb
+ms.topic: conceptual
+ms.date: 06/11/2019
+---
+
+# Configure and access audit logs in the Azure portal
+
+You can configure the [Azure Database for MariaDB audit logs](concepts-audit-logs.md) and diagnostic settings from the Azure portal.
+
+> [!IMPORTANT]
+> Audit log functionality is currently in preview.
+
+## Prerequisites
+
+To step through this how-to guide, you need:
+
+- [Azure Database for MariaDB server](quickstart-create-mariadb-server-database-using-azure-portal.md)
+
+## Configure audit logging
+
+Enable and configure audit logging.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Select your Azure Database for MariaDB server.
+
+1. Under the **Settings** section in the sidebar, select **Server parameters**.
+    ![Server parameters](./media/howto-configure-audit-logs-portal/server-parameters.png)
+
+1. Update the **audit_log_enabled** parameter to ON.
+    ![Enable audit logs](./media/howto-configure-audit-logs-portal/audit-log-enabled.png)
+
+1. Select the events to be logged by updating the **audit_log_events** parameter.
+    ![Audit log events](./media/howto-configure-audit-logs-portal/audit-log-events.png)
+
+1. Add any MariaDB users to be excluded from logging by updating the **audit_log_exclude_users** parameter. Specify users by providing their MariaDB user name.
+    ![Audit log exclude users](./media/howto-configure-audit-logs-portal/audit-log-exclude-users.png)
+
+1. Once you have changed the parameters, you can click **Save**. Or you can **Discard** your changes.
+    ![Save](./media/howto-configure-audit-logs-portal/save-parameters.png)
+
+## Set up diagnostic logs
+
+1. Under the **Monitoring** section in the sidebar, select **Diagnostic settings**.
+
+1. Click on "+ Add diagnostic setting"
+![Add diagnostic setting](./media/howto-configure-audit-logs-portal/add-diagnostic-setting.png)
+
+1. Provide a diagnostic setting name.
+
+1. Specify which data sinks to send the audit logs (storage account, event hub, and/or Log Analytics workspace).
+
+1. Select "MySqlAuditLogs" as the log type.
+![Configure diagnostic setting](./media/howto-configure-audit-logs-portal/configure-diagnostic-setting.png)
+
+1. Once you've configured the data sinks to pipe the audit logs to, you can click **Save**.
+![Save diagnostic setting](./media/howto-configure-audit-logs-portal/save-diagnostic-setting.png)
+
+1. Access the audit logs by exploring them in the data sinks you configured. It may take up to 10 minutes for the logs to appear.
+
+## Next steps
+
+- Learn more about [audit logs](concepts-audit-logs.md) in Azure Database for MariaDB.

articles/mariadb/howto-configure-server-logs-cli.md

@@ -6,7 +6,7 @@ ms.author: raagyema
 ms.service: mariadb
 ms.devlang: azurecli
 ms.topic: conceptual
-ms.date: 11/10/2018
+ms.date: 06/12/2019
 ---
 # Configure and access server logs by using Azure CLI
 You can download the Azure Database for MariaDB server logs by using Azure CLI, the Azure command-line utility.
@@ -32,7 +32,7 @@ az mariadb server configuration list --resource-group myresourcegroup --server m
 ```
 
 ## List logs for Azure Database for MariaDB server
-To list the available log files for your server, run the [az mariadb server-logs list](/cli/azure/mariadb/server-logs#az-mariadb-server-logs-list) command.
+To list the available slow query log files for your server, run the [az mariadb server-logs list](/cli/azure/mariadb/server-logs#az-mariadb-server-logs-list) command.
 
 You can list the log files for server **mydemoserver.mariadb.database.azure.com** under the resource group **myresourcegroup**. Then direct the list of log files to a text file called **log\_files\_list.txt**.
 ```azurecli-interactive
@@ -47,4 +47,4 @@ az mariadb server-logs download --name mysql-slow-mydemoserver-2018110800.log --
 ```
 
 ## Next steps
-- Learn about [server logs in Azure Database for MariaDB](concepts-server-logs.md).
+- Learn about [slow query logs in Azure Database for MariaDB](concepts-server-logs.md).

articles/mariadb/howto-configure-server-logs-portal.md

@@ -1,16 +1,16 @@
 ---
-title: Configure and access server logs for Azure Database for MariaDB in Azure Portal
-description: This article describes how to configure and access the server logs in Azure Database for MariaDB from the Azure Portal.
+title: Configure and access server logs for Azure Database for MariaDB in Azure portal
+description: This article describes how to configure and access the server logs in Azure Database for MariaDB from the Azure portal.
 author: rachel-msft
 ms.author: raagyema
 ms.service: mariadb
 ms.topic: conceptual
-ms.date: 09/24/2018
+ms.date: 06/11/2019
 ---
 
 # Configure and access server logs in the Azure portal
 
-You can configure, list, and download the [Azure Database for MariaDB server logs](concepts-server-logs.md) from the Azure portal.
+You can configure, list, and download the [Azure Database for MariaDB slow query logs](concepts-server-logs.md) from the Azure portal.
 
 ## Prerequisites
 To step through this how-to guide, you need:
@@ -37,7 +37,7 @@ Configure access to the slow query log.
 6. Return to the list of logs by clicking the **close button** (X icon) on the **Server Parameters** page.
 
 ## View list and download logs
-Once logging begins, you can view a list of available logs and download individual log files on the Server Logs pane. 
+Once logging begins, you can view a list of available slow query logs and download individual log files on the Server Logs pane. 
 
 1. Open the Azure portal.
 
@@ -57,7 +57,7 @@ Once logging begins, you can view a list of available logs and download individu
    ![Click download icon](./media/howto-configure-server-logs-portal/5-download.png)
 
 ## Next steps
-- Learn more about [Server Logs](concepts-server-logs.md) in Azure Database for MariaDB.
+- Learn more about [slow query Logs](concepts-server-logs.md) in Azure Database for MariaDB.
 - For more information about the parameter definitions and logging, see the MariaDB documentation on [Logs](https://mariadb.com/kb/en/library/slow-query-log-overview/).
 
-<!-- - See [Access Server Logs in CLI](howto-configure-server-logs-in-cli.md) to learn how to download logs programmatically. -->
+<!--- See [Access Server Logs in CLI](howto-configure-server-logs-in-cli.md) to learn how to download logs programmatically. -->