Azure SQL Database audit events with ledger-enabled tables

APPLIES TO: Azure SQL Database

Note

Azure SQL Database ledger is currently in public preview.

When you perform forensics activities with ledger-enabled tables, data is captured in the ledger view and database ledger. Other action IDs are added to the SQL audit logs, too. The following tables outline these new audit logging events. The conditions that trigger the events follow each table.

Enable ledger

Column Value
action_id ENLR
name ENABLE LEDGER
class_desc OBJECT
covering_action_desc NULL
parent_class_desc DATABASE
covering_parent_action_name LEDGER_OPERATION_GROUP
configuration_level NULL
configuration_group_name LEDGER_OPERATION_GROUP
action_in_log 1

Conditions that trigger the event: When you create a new ledger table or convert a regular table to a ledger table.

Alter ledger

Column Value
action_id ALLR
name ALTER LEDGER
class_desc OBJECT
covering_action_desc NULL
parent_class_desc DATABASE
covering_parent_action_name LEDGER_OPERATION_GROUP
configuration_level NULL
configuration_group_name LEDGER_OPERATION_GROUP
action_in_log 1

Conditions that trigger the event: When you drop or rename a ledger table, convert a ledger table to a normal table, and add, drop, or rename a column in a ledger table.

Generate ledger digest

Column Value
action_id GDLR
name GENERATE LEDGER DIGEST
class_desc DATABASE
covering_action_desc LEDGER_OPERATION_GROUP
parent_class_desc SERVER
covering_parent_action_name LEDGER_OPERATION_GROUP
configuration_level NULL
configuration_group_name LEDGER_OPERATION_GROUP
action_in_log 1

Condition that triggers the event: When you generate a ledger digest.

Verify ledger

Column Value
action_id VFLR
name VERIFY LEDGER
class_desc DATABASE
covering_action_desc LEDGER_OPERATION_GROUP
parent_class_desc SERVER
covering_parent_action_name LEDGER_OPERATION_GROUP
configuration_level NULL
configuration_group_name LEDGER_OPERATION_GROUP
action_in_log 1

Condition that triggers the event: When you verify a ledger digest.

Ledger operation group

Column Value
action_id OPLR
name LEDGER_OPERATION_GROUP
class_desc DATABASE
covering_action_desc NULL
parent_class_desc SERVER
covering_parent_action_name NULL
configuration_level GROUP
configuration_group_name LEDGER_OPERATION_GROUP
action_in_log 0

Condition that triggers the event: N/A

Column Value
action_id OPLR
name LEDGER_OPERATION_GROUP
class_desc SERVER
covering_action_desc NULL
parent_class_desc NULL
covering_parent_action_name NULL
configuration_level GROUP
configuration_group_name LEDGER_OPERATION_GROUP
action_in_log 0

Condition that triggers the event: N/A

Next steps