Saikios
Saikios

Reputation: 3721

Logs on azure sql database

We had an issue yesterday that we are trying to figure out. Out of nowhere everything on the database changed,

We know it was an update without a where clause, but we are just a few developers. So if any of us would have done it we would know it.

It was at a strange time of the day, very late at night and only a few ip addresses are allowed into the server.

Is there any way to get the full log with ips of all the transactions on azure? Did anyone had a similar problem? can it be a break through? Are there any software protections, scripts that we can add to limit this?

Upvotes: 6

Views: 23794

Answers (2)

TheGameiswar
TheGameiswar

Reputation: 28860

Is there any way to get the full log with ips of all the transactions on azure?

Few options i could think off,Even this is not possible in onpremises..if you don't have correct measures to detect this...else contact support for a request to read TLOG of the database(Azure support won't read the log,unless you have a business justification,as this involves involving many teams due to safety reasons)

1.) You could use activity log to know more details..

enter image description here

2.) There is an sys.event_log (Azure SQL Database) DMV ,which shows connections successfull or not .you can correlate to know the users based on your office set up..this won't show success or failures

To avoid this happening again,Audit data and Azure offers many features to know more on whats happening like

1..Get started with SQL database auditing
2. Enable rules to get alerted when some thing happens..

enter image description here

Upvotes: 3

carl rabeler
carl rabeler

Reputation: 101

Enable Auditing and Threat Detection on the server if you hadn't

For more information, please read this page.

Upvotes: 1

Related Questions