You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -98,9 +98,11 @@ You must explicitly enable diagnostic settings for each Azure SQL database that
98
98
99
99
When you configure the event hubs source or HTTP source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: `Azure/SQL/Logs`, `Azure/SQL/ActivityLogs`, and `Azure/SQL/Metrics`.
100
100
101
-
### Configure metrics collection
101
+
### Configure collector
102
102
103
-
1. Create a hosted collector if not already configured and tag the `tenant_name` field. You can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name). <br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-Storage-Tag-Tenant-Name.png')} alt="Azure Tag Tenant Name" style={{border: '1px solid gray'}} width="500" />
103
+
Create a hosted collector if not already configured and tag the `tenant_name` field. You can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name). Make sure you create the required sources in this collector. <br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-Storage-Tag-Tenant-Name.png')} alt="Azure Tag Tenant Name" style={{border: '1px solid gray'}} width="500" />
104
+
105
+
### Configure metrics collection
104
106
105
107
import MetricsSourceBeta from '../../reuse/metrics-source-beta.md';
106
108
@@ -112,30 +114,27 @@ import MetricsSourceBeta from '../../reuse/metrics-source-beta.md';
112
114
113
115
In this section, you will configure a pipeline for shipping diagnostic logs from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) to an Event Hub.
114
116
115
-
1. Create a hosted collector if not already configured and tag the `tenant_name` field. You can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name). <br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-Storage-Tag-Tenant-Name.png')} alt="Azure Tag Tenant Name" style={{border: '1px solid gray'}} width="500" />
116
117
1. To set up the Azure Event Hubs source in Sumo Logic, refer to the [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
117
118
1. To create the Diagnostic settings in Azure portal, refer to the [Azure documentation](https://learn.microsoft.com/en-gb/azure/data-factory/monitor-configure-diagnostics). Perform below steps for each Azure SQL database that you want to monitor.
118
-
* Choose `Stream to an event hub` as the destination.
119
-
* Select all the log types except `SQL Security Audit Event`.
120
-
* Use the Event hub namespace and Event hub name configured in previous step in destination details section. You can use the default policy `RootManageSharedAccessKey` as the policy name.
121
-
122
-
<img src={useBaseUrl('img/integrations/microsoft-azure/Azure-SQL-Configure-Diagnostic-Logs.png')} alt="Azure Database for MySql Tag Location" style={{border: '1px solid gray'}} width="800" />
123
-
124
-
3. Tag the location field in the source with right location value.<br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-Storage-Tag-Location.png')} alt="Azure Database for MySql Tag Location" style={{border: '1px solid gray'}} width="400" />
119
+
* Choose `Stream to an event hub` as the destination.
120
+
* Select all the log types except `SQL Security Audit Event`.
121
+
* Use the Event hub namespace and Event hub name configured in previous step in destination details section. You can use the default policy `RootManageSharedAccessKey` as the policy name.<br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-SQL-Configure-Diagnostic-Logs.png')} alt="Azure Database for MySql Tag Location" style={{border: '1px solid gray'}} width="800" />
122
+
1. Tag the location field in the source with right location value.<br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-Storage-Tag-Location.png')} alt="Azure Database for MySql Tag Location" style={{border: '1px solid gray'}} width="400" />
125
123
126
124
:::note
127
125
Auto Tuning logs will be collected when Auto Tuning feature is enabled in Azure SQL. Click [here](https://learn.microsoft.com/en-us/azure/azure-sql/database/automatic-tuning-enable?view=azuresql) to learn more on how to enable this feature.
128
126
:::
127
+
129
128
#### Enable SQL Security Audit logs
130
129
In this section, you will configure a pipeline for shipping diagnostic logs from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) to an Event Hub.
131
130
132
131
1. To enable the Audit logs in Azure portal, refer to the [Azure documentation](https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-setup?view=azuresql#configure-auditing-for-your-server). Perform below steps for each Azure SQL database that you want to monitor.
133
-
* Choose `Event Hub` as the destination. Refer to the [Azure documentation](https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-setup?view=azuresql#audit-to-event-hubs-destination).
134
-
* Use the same Event hub namespace and Event hub name as configured in `Diagnostic logs` in destination details section. You can use the default policy `RootManageSharedAccessKey` as the policy name.<br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-SQL-Configure-Auditing.png')} alt="Configure Auditing" style={{border: '1px solid gray'}} width="800" />
132
+
* Choose `Event Hub` as the destination. Refer to the [Azure documentation](https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-setup?view=azuresql#audit-to-event-hubs-destination).
133
+
* Use the same Event hub namespace and Event hub name as configured in `Diagnostic logs` in destination details section. You can use the default policy `RootManageSharedAccessKey` as the policy name.<br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-SQL-Configure-Auditing.png')} alt="Configure Auditing" style={{border: '1px solid gray'}} width="800" />
135
134
1. By default, auditing is enabled only for the below action groups. Refer to [Azure help](https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions) for more details on supported action groups and actions.
136
-
* "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"
137
-
* "FAILED_DATABASE_AUTHENTICATION_GROUP"
138
-
* "BATCH_COMPLETED_GROUP"
135
+
* "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"
136
+
* "FAILED_DATABASE_AUTHENTICATION_GROUP"
137
+
* "BATCH_COMPLETED_GROUP"
139
138
140
139
Follow the below command to update the audit policy with new actions using Azure CLI. If you want to use any other mechanism, refer to the [Microsoft documentation](https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/create-a-server-audit-and-database-audit-specification?view=sql-server-ver16).
141
140
).
@@ -389,7 +388,7 @@ For more information about the statistics presented on the QueryStoreWaitStats d
389
388
390
389
**Wait Category Trend.** A stacked column chart that shows the count of wait events by category per timeslice over the last 24 hours.
391
390
392
-
**Total Wait Time for Query by Wait Category**. A stacked column chart that shows, for each query, the length of time a query spent waiting in each Wait Category over the last 24 hours.
391
+
**Total Wait Time for Query by Wait Category**. A stacked column chart that shows, for each query, the length of time a query spent waiting in each Wait Category over the last 24 hours.
393
392
394
393
**Wait Details**. The table displays wait statistics as encountered by queries on a given database, residing on a given logical server in the last 24 hours.
395
394
@@ -424,7 +423,7 @@ For more information about the data presented on the Timeouts dashboard, see [Ti
**Timeouts**. The count of timeouts over the last 7 days.
426
+
**Timeouts**. The count of timeouts over the last 7 days.
428
427
429
428
**Top 10 Error States**. A table that lists the top 10 errors states that have occurred over the last 7 days and the count of errors in each state.
430
429
@@ -437,8 +436,8 @@ For more information about the data presented on the Timeouts dashboard, see [Ti
437
436
The **Azure SQL - Health** dashboard provides information of any service health incidents or resource health events associated with SQL database service or resource in your azure account.
438
437
439
438
Use this dashboard to:
440
-
* View recent resource and service health incidents.
441
-
* View distribution of service and resource health by incident type.
439
+
* View recent resource and service health incidents.
440
+
* View distribution of service and resource health by incident type.
The **Azure SQL - Policy and Recommendations** dashboard provides information of all effect action operations performed by Azure Policy and recommendations events from Azure Advisor.
449
448
450
449
Use this dashboard to:
451
-
* Monitor policy events with warnings and errors.
452
-
* View recent failed policy events.
453
-
* View total recommendation events.
454
-
* Identify High Impact recommendations.
455
-
* View recent recommendation events and navigate to the affected resource.
450
+
* Monitor policy events with warnings and errors.
451
+
* View recent failed policy events.
452
+
* View total recommendation events.
453
+
* Identify High Impact recommendations.
454
+
* View recent recommendation events and navigate to the affected resource.
The **Azure SQL - Administrative Operations** dashboard provides details on read/write/delete specific changes, different operations used, top 10 operations that caused most errors, and users performing admin operations.
463
462
464
463
Use this dashboard to:
465
-
* Identify top users performing administrative operations.
466
-
* View Top 10 operations that caused the most errors.
467
-
* View recent read, write, and delete operations.
464
+
* Identify top users performing administrative operations.
465
+
* View Top 10 operations that caused the most errors.
The **Azure SQL - SQL Security Audit** dashboard provides audit information on server level events and database level events including DML and DDL statements executed.
474
473
475
474
Use this dashboard to:
476
-
* Identify failed login and their geo locations.
477
-
* View recent DDL, DML, DQL, and TCL statements.
478
-
* Track who (host name, service principal, ip address) and what (object, database, server) information associated with any database operation.
475
+
* Identify failed login and their geo locations.
476
+
* View recent DDL, DML, DQL, and TCL statements.
477
+
* Track who (host name, service principal, ip address) and what (object, database, server) information associated with any database operation.
@@ -524,4 +523,4 @@ These alerts are metrics-based and will work for Azure SQL.
524
523
|`Azure SQL - Data IO percentage`| This monitor triggers alerts when High Data IO percentage is detected in Azure SQL. | Count > 90 | Count =< 90 |
525
524
|`Azure SQL - DTU Percentage`| This monitor triggers alerts when High average DTU consumption percentage is detected in Azure SQL. | Count > 80 | Count =< 80 |
526
525
|`Azure SQL - Tempdb Percent Log Used`| This monitor triggers alerts when High Tempdb Percent Log Usage is detected in Azure SQL. | Count > 60 | Count =< 60 |
527
-
|`Azure SQL - High Worker Usage`| This monitor triggers alerts when High Worker Usage is detected in Azure SQL. | Count > 60 | Count =< 60 |
526
+
|`Azure SQL - High Worker Usage`| This monitor triggers alerts when High Worker Usage is detected in Azure SQL. | Count > 60 | Count =< 60 |
0 commit comments