Merge pull request #79229 from ajlam/audit-log-preview

Audit log preview

Author: v-dansch

articles/mysql/TOC.yml

@@ -93,8 +93,10 @@
     items:
     - name: Monitor
       href: concepts-monitoring.md
-    - name: Server logs
+    - name: Slow query logs
       href: concepts-server-logs.md
+    - name: Audit logs
+      href: concepts-audit-logs.md
   - name: Development
     items:
     - name: Drivers and tools compatibility
@@ -165,10 +167,16 @@
       href: howto-auto-grow-storage-portal.md
   - name: Access server logs
     items:
-    - name: Azure portal
-      href: howto-configure-server-logs-in-portal.md
-    - name: Azure CLI
-      href: howto-configure-server-logs-in-cli.md
+    - name: Slow query logs
+      items: 
+      - name: Azure portal
+        href: howto-configure-server-logs-in-portal.md
+      - name: Azure CLI
+        href: howto-configure-server-logs-in-cli.md
+    - name: Audit logs
+      items: 
+      - name: Azure portal
+        href: howto-configure-audit-logs-portal.md
   - name: Monitor
     items:
     - name: Create alerts on metrics

articles/mysql/concepts-audit-logs.md

@@ -0,0 +1,127 @@
+---
+title: Audit logs for Azure Database for MySQL
+description: Describes the audit logs available in Azure Database for MySQL, and the available parameters for enabling logging levels.
+author: ajlam
+ms.author: andrela
+ms.service: mysql
+ms.topic: conceptual
+ms.date: 06/11/2019
+---
+
+# Audit Logs in Azure Database for MySQL
+
+In Azure Database for MySQL, the audit log is available to users. The audit log can be used to track database-level activity and is commonly used for compliance.
+
+> [!IMPORTANT]
+> Audit log functionality is currently in preview.
+
+## Configure audit logging
+
+By default the audit log is disabled. To enable it, set `audit_log_enabled` to ON.
+
+Other parameters you can adjust include:
+
+- `audit_log_events`: controls the events to be logged. See below table for specific audit events.
+- `audit_log_exclude_users`: MySQL users to be excluded from logging. Allows for at most four users. Max length of the parameter is 256 characters.
+
+| **Event** | **Description** |
+|---|---|
+| `CONNECTION` | - Connection initiation (successful or unsuccessful) <br> -  User reauthentication with different user/password during session <br> - Connection termination |
+| `DML_SELECT`| SELECT queries |
+| `DML_NONSELECT` | INSERT/DELETE/UPDATE queries |
+| `DML` | DML = DML_SELECT + DML_NONSELECT |
+| `DDL` | Queries like "DROP DATABASE" |
+| `DCL` | Queries like "GRANT PERMISSION" |s
+| `ADMIN` | Queries like "SHOW STATUS" |
+| `GENERAL` | All in DML_SELECT, DML_NONSELECT, DML, DDL, DCL, and ADMIN |
+| `TABLE_ACCESS` | - Only available for MySQL 5.7 <br> - Table read statements, such as SELECT or INSERT INTO ... SELECT <br> - Table delete statements, such as DELETE or TRUNCATE TABLE <br> - Table insert statements, such as INSERT or REPLACE <br> - Table update statements, such as UPDATE |
+
+## Access audit logs
+
+Audit logs are integrated with Azure Monitor Diagnostic Logs. Once you've enabled audit logs on your MySQL server, you can emit them to Azure Monitor logs, Event Hubs, or Azure Storage. To learn more about how to enable diagnostic logs in the Azure portal, see the [audit log portal article](howto-configure-audit-logs-portal.md#set-up-diagnostic-logs).
+
+## Schemas
+
+The following sections describe what's output by MySQL audit logs based on the event type. Depending on the output method, the fields included and the order in which they appear may vary.
+
+### Connection
+
+| **Property** | **Description** |
+|---|---|
+| `TenantId` | Your tenant ID |
+| `SourceSystem` | `Azure` |
+| `TimeGenerated` [UTC] | Time stamp when the log was recorded in UTC |
+| `Type` | Type of the log. Always `AzureDiagnostics` |
+| `SubscriptionId` | GUID for the subscription that the server belongs to |
+| `ResourceGroup` | Name of the resource group the server belongs to |
+| `ResourceProvider` | Name of the resource provider. Always `MICROSOFT.DBFORMYSQL` |
+| `ResourceType` | `Servers` |
+| `ResourceId` | Resource URI |
+| `Resource` | Name of the server |
+| `Category` | `MySqlAuditLogs` |
+| `OperationName` | `LogEvent` |
+| `event_class` | `connection_log` |
+| `event_subclass` | `CONNECT`, `DISCONNECT`, `CHANGE USER` (only available for MySQL 5.7) |
+| `connection_id` | Unique connection ID generated by MySQL |
+| `host` | Blank |
+| `ip` | IP address of client connecting to MySQL |
+| `user` | Name of user executing the query |
+| `db` | Name of database connected to |
+| `\_ResourceId` | Resource URI |
+
+### General
+
+Schema below applies to GENERAL, DML_SELECT, DML_NONSELECT, DML, DDL, DCL, and ADMIN event types.
+
+| **Property** | **Description** |
+|---|---|
+| `TenantId` | Your tenant ID |
+| `SourceSystem` | `Azure` |
+| `TimeGenerated` [UTC] | Time stamp when the log was recorded in UTC |
+| `Type` | Type of the log. Always `AzureDiagnostics` |
+| `SubscriptionId` | GUID for the subscription that the server belongs to |
+| `ResourceGroup` | Name of the resource group the server belongs to |
+| `ResourceProvider` | Name of the resource provider. Always `MICROSOFT.DBFORMYSQL` |
+| `ResourceType` | `Servers` |
+| `ResourceId` | Resource URI |
+| `Resource` | Name of the server |
+| `Category` | `MySqlAuditLogs` |
+| `OperationName` | `LogEvent` |
+| `event_class` | `general_log` |
+| `event_subclass` | `LOG`, `ERROR`, `RESULT` (only available for MySQL 5.6) |
+| `event_time` | Query start seconds in UNIX timestamp |
+| `error_code` | Error code if query failed. `0` means no error |
+| `thread_id` | ID of thread that executed the query |
+| `host` | Blank |
+| `ip` | IP address of client connecting to MySQL |
+| `user` | Name of user executing the query |
+| `sql_text` | Full query text |
+| `\_ResourceId` | Resource URI |
+
+### Table access
+
+| **Property** | **Description** |
+|---|---|
+| `TenantId` | Your tenant ID |
+| `SourceSystem` | `Azure` |
+| `TimeGenerated` [UTC] | Time stamp when the log was recorded in UTC |
+| `Type` | Type of the log. Always `AzureDiagnostics` |
+| `SubscriptionId` | GUID for the subscription that the server belongs to |
+| `ResourceGroup` | Name of the resource group the server belongs to |
+| `ResourceProvider` | Name of the resource provider. Always `MICROSOFT.DBFORMYSQL` |
+| `ResourceType` | `Servers` |
+| `ResourceId` | Resource URI |
+| `Resource` | Name of the server |
+| `Category` | `MySqlAuditLogs` |
+| `OperationName` | `LogEvent` |
+| `event_class` | `table_access_log` |
+| `event_subclass` | `READ`, `INSERT`, `UPDATE`, or `DELETE` |
+| `connection_id` | Unique connection ID generated by MySQL |
+| `db` | Name of database accessed |
+| `table` | Name of table accessed |
+| `sql_text` | Full query text |
+| `\_ResourceId` | Resource URI |
+
+## Next steps
+
+- [How to configure audit logs in the Azure portal](howto-configure-audit-logs-portal.md)

articles/mysql/concepts-monitoring.md

@@ -35,7 +35,7 @@ These metrics are available for Azure Database for MySQL:
 |backup_storage_used|Backup Storage Used|Bytes|The amount of backup storage used.|
 
 ## Server logs
-You can enable slow query logging on your server. These logs are also available through Azure Diagnostic Logs in Azure Monitor logs, Event Hubs, and Storage Account. To learn more about logging, visit the [server logs](concepts-server-logs.md) page.
+You can enable slow query and audit logging on your server. These logs are also available through Azure Diagnostic Logs in Azure Monitor logs, Event Hubs, and Storage Account. To learn more about logging, visit the [audit logs](concepts-audit-logs.md) and [slow query logs](concepts-server-logs.md) articles.
 
 ## Next steps
 - See [How to set up alerts](howto-alert-on-metric.md) for guidance on creating an alert on a metric.

articles/mysql/concepts-server-logs.md

@@ -1,19 +1,19 @@
 ---
 title: Server logs for Azure Database for MySQL
-description: Describes the logs available in Azure Database for MySQL, and the available parameters for enabling different logging levels.
+description: Describes the slow query logs available in Azure Database for MySQL, and the available parameters for enabling different logging levels.
 author: ajlam
 ms.author: andrela
 ms.service: mysql
 ms.topic: conceptual
-ms.date: 02/28/2019
+ms.date: 05/29/2019
 ---
-# Server Logs in Azure Database for MySQL
-In Azure Database for MySQL, the slow query log is available to users. Access to the transaction log is not supported. The slow query log can be used to identify performance bottlenecks for troubleshooting. 
+# Slow query logs in Azure Database for MySQL
+In Azure Database for MySQL, the slow query log is available to users. Access to the transaction log is not supported. The slow query log can be used to identify performance bottlenecks for troubleshooting.
 
 For more information about the MySQL slow query log, see the MySQL reference manual's [slow query log section](https://dev.mysql.com/doc/refman/5.7/en/slow-query-log.html).
 
-## Access server logs
-You can list and download Azure Database for MySQL server logs using the Azure portal, and the Azure CLI.
+## Access slow query logs
+You can list and download Azure Database for MySQL slow query logs using the Azure portal, and the Azure CLI.
 
 In the Azure portal, select your Azure Database for MySQL server. Under the **Monitoring** heading, select the **Server Logs** page.
 
@@ -24,8 +24,7 @@ Logs are available for up to seven days from their creation. If the total size o
 
 Logs are rotated every 24 hours or 7 GB, whichever comes first.
 
-
-## Configure logging 
+## Configure slow query logging 
 By default the slow query log is disabled. To enable it, set slow_query_log to ON.
 
 Other parameters you can adjust include:
@@ -67,10 +66,10 @@ The following table describes what's in each log. Depending on the output method
 | `rows_sent_s` | Number of rows sent |
 | `rows_examined_s` | Number of rows examined |
 | `last_insert_id_s` | [last_insert_id](https://dev.mysql.com/doc/refman/8.0/en/information-functions.html#function_last-insert-id) |
-| `insert_id_s` | Insert id |
+| `insert_id_s` | Insert ID |
 | `sql_text_s` | Full query |
-| `server_id_s` | The server's id |
-| `thread_id_s` | Thread id |
+| `server_id_s` | The server's ID |
+| `thread_id_s` | Thread ID |
 | `\_ResourceId` | Resource URI |
 
 ## Next Steps

articles/mysql/howto-configure-audit-logs-portal.md

@@ -0,0 +1,68 @@
+---
+title: Configure and access audit logs for Azure Database for MySQL in Azure portal
+description: This article describes how to configure and access the audit logs in Azure Database for MySQL from the Azure portal.
+author: ajlam
+ms.author: andrela
+ms.service: mysql
+ms.topic: conceptual
+ms.date: 06/11/2019
+---
+
+# Configure and access audit logs in the Azure portal
+
+You can configure the [Azure Database for MySQL audit logs](concepts-audit-logs.md) and diagnostic settings from the Azure portal.
+
+> [!IMPORTANT]
+> Audit log functionality is currently in preview.
+
+## Prerequisites
+
+To step through this how-to guide, you need:
+
+- [Azure Database for MySQL server](quickstart-create-mysql-server-database-using-azure-portal.md)
+
+## Configure audit logging
+
+Enable and configure audit logging.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Select your Azure Database for MySQL server.
+
+1. Under the **Settings** section in the sidebar, select **Server parameters**.
+    ![Server parameters](./media/howto-configure-audit-logs-portal/server-parameters.png)
+
+1. Update the **audit_log_enabled** parameter to ON.
+    ![Enable audit logs](./media/howto-configure-audit-logs-portal/audit-log-enabled.png)
+
+1. Select the events to be logged by updating the **audit_log_events** parameter.
+    ![Audit log events](./media/howto-configure-audit-logs-portal/audit-log-events.png)
+
+1. Add any MySQL users to be excluded from logging by updating the **audit_log_exclude_users** parameter. Specify users by providing their MySQL user name.
+    ![Audit log exclude users](./media/howto-configure-audit-logs-portal/audit-log-exclude-users.png)
+
+1. Once you have changed the parameters, you can click **Save**. Or you can **Discard** your changes.
+    ![Save](./media/howto-configure-audit-logs-portal/save-parameters.png)
+
+## Set up diagnostic logs
+
+1. Under the **Monitoring** section in the sidebar, select **Diagnostic settings**.
+
+1. Click on "+ Add diagnostic setting"
+![Add diagnostic setting](./media/howto-configure-audit-logs-portal/add-diagnostic-setting.png)
+
+1. Provide a diagnostic setting name.
+
+1. Specify which data sinks to send the audit logs (storage account, event hub, and/or Log Analytics workspace).
+
+1. Select "MySqlAuditLogs" as the log type.
+![Configure diagnostic setting](./media/howto-configure-audit-logs-portal/configure-diagnostic-setting.png)
+
+1. Once you've configured the data sinks to pipe the audit logs to, you can click **Save**.
+![Save diagnostic setting](./media/howto-configure-audit-logs-portal/save-diagnostic-setting.png)
+
+1. Access the audit logs by exploring them in the data sinks you configured. It may take up to 10 minutes for the logs to appear.
+
+## Next steps
+
+- Learn more about [audit logs](concepts-audit-logs.md) in Azure Database for MySQL.

articles/mysql/howto-configure-server-logs-in-cli.md

@@ -6,7 +6,7 @@ ms.author: raagyema
 ms.service: mysql
 ms.devlang: azurecli
 ms.topic: conceptual
-ms.date: 02/28/2018
+ms.date: 05/29/2019
 ---
 # Configure and access server logs by using Azure CLI
 You can download the Azure Database for MySQL server logs by using Azure CLI, the Azure command-line utility.
@@ -32,7 +32,7 @@ az mysql server configuration list --resource-group myresourcegroup --server myd
 ```
 
 ## List logs for Azure Database for MySQL server
-To list the available log files for your server, run the [az mysql server-logs list](/cli/azure/mysql/server-logs#az-mysql-server-logs-list) command.
+To list the available slow query log files for your server, run the [az mysql server-logs list](/cli/azure/mysql/server-logs#az-mysql-server-logs-list) command.
 
 You can list the log files for server **mydemoserver.mysql.database.azure.com** under the resource group **myresourcegroup**. Then direct the list of log files to a text file called **log\_files\_list.txt**.
 ```azurecli-interactive
@@ -47,4 +47,4 @@ az mysql server-logs download --name 20170414-mydemoserver-mysql.log --resource-
 ```
 
 ## Next steps
-- Learn about [server logs in Azure Database for MySQL](concepts-server-logs.md).
+- Learn about [slow query logs in Azure Database for MySQL](concepts-server-logs.md).

articles/mysql/howto-configure-server-logs-in-portal.md

@@ -1,16 +1,16 @@
 ---
-title: Configure and access server logs for Azure Database for MySQL in Azure Portal
-description: This article describes how to configure and access the server logs in Azure Database for MySQL from the Azure Portal.
+title: Configure and access slow query logs for Azure Database for MySQL in Azure portal
+description: This article describes how to configure and access the slow logs in Azure Database for MySQL from the Azure portal.
 author: rachel-msft
 ms.author: raagyema
 ms.service: mysql
 ms.topic: conceptual
-ms.date: 02/28/2018
+ms.date: 05/29/2019
 ---
 
-# Configure and access server logs in the Azure portal
+# Configure and access slow query logs in the Azure portal
 
-You can configure, list, and download the [Azure Database for MySQL server logs](concepts-server-logs.md) from the Azure portal.
+You can configure, list, and download the [Azure Database for MySQL slow query logs](concepts-server-logs.md) from the Azure portal.
 
 ## Prerequisites
 To step through this how-to guide, you need:
@@ -37,7 +37,7 @@ Configure access to the MySQL slow query log.
 6. Return to the list of logs by clicking the **close button** (X icon) on the **Server Parameters** page.
 
 ## View list and download logs
-Once logging begins, you can view a list of available logs and download individual log files on the Server Logs pane. 
+Once logging begins, you can view a list of available slow query logs and download individual log files on the Server Logs pane.
 
 1. Open the Azure portal.
 
@@ -56,9 +56,7 @@ Once logging begins, you can view a list of available logs and download individu
 
    ![Click download icon](./media/howto-configure-server-logs-in-portal/5-download.png)
 
-
 ## Next steps
-- See [Access Server Logs in CLI](howto-configure-server-logs-in-cli.md) to learn how to download logs programmatically.
-- Learn more about [Server Logs](concepts-server-logs.md) in Azure Database for MySQL. 
-- For more information about the parameter definitions and MySQL logging, see the MySQL documentation on [Logs](https://dev.mysql.com/doc/refman/5.7/en/slow-query-log.html).
-
+- See [access slow query Logs in CLI](howto-configure-server-logs-in-cli.md) to learn how to download slow query logs programmatically.
+- Learn more about [slow query logs](concepts-server-logs.md) in Azure Database for MySQL.
+- For more information about the parameter definitions and MySQL logging, see the MySQL documentation on [Logs](https://dev.mysql.com/doc/refman/5.7/en/slow-query-log.html).