Configure Audit Log Destination for Azure SQL Database
Question
You have an Azure subscription that contains an Azure SQL database named sql1.
You plan to audit sql1.
You need to configure the audit log destination. The solution must meet the following requirements:
-> Support querying events by using the Kusto query language.
-> Minimize administrative effort.
What should you configure?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C.C
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-log-analytics-wizardTo configure audit logs in Azure SQL database, you need to define the destination where the audit logs will be stored. The destination can be either an event hub, a storage account, or a Log Analytics workspace.
Event Hub is a data streaming platform and an event ingestion service that can receive and process millions of events per second. It can be used to receive real-time telemetry data from various sources and store the data in an Azure Blob storage account or Azure Data Lake. Event Hub can also integrate with other Azure services like Stream Analytics and Azure Functions to perform real-time analytics and processing on the incoming data.
Storage Account is a scalable and secure storage solution in Azure that provides multiple options for storing data, such as blobs, files, tables, and queues. It offers features like geo-replication, encryption, and access control to ensure data durability, availability, and security. Storage account is a common destination for audit logs in Azure as it provides cost-effective and easy-to-manage storage for large volumes of data.
Log Analytics Workspace is a centralized location in Azure for collecting, storing, and analyzing logs from various sources. It uses the Kusto query language to search and analyze data and provides rich visualization options for creating dashboards and alerts. Log Analytics workspace can be used to monitor and troubleshoot Azure resources, as well as collect and analyze audit logs from Azure SQL database.
In this case, the requirement is to support querying events by using the Kusto query language and minimize administrative effort. Both storage account and Log Analytics workspace can meet these requirements. However, a Log Analytics workspace provides more advanced features for analyzing and visualizing audit logs, and it is specifically designed for handling log data. Therefore, the recommended solution to configure audit logs for the Azure SQL database named sql1 is to use a Log Analytics workspace as the audit log destination.
