Configure and access audit logs for Azure Database for MySQL in the Azure portal

APPLIES TO: Azure Database for MySQL - Single Server

You can configure the Azure Database for MySQL audit logs and diagnostic settings from the Azure portal.

Prerequisites

To step through this how-to guide, you need:

Configure audit logging

Important

It is recommended to only log the event types and users required for your auditing purposes to ensure your server's performance is not heavily impacted.

Enable and configure audit logging.

  1. Sign in to the Azure portal.

  2. Select your Azure Database for MySQL server.

  3. Under the Settings section in the sidebar, select Server parameters. Server parameters

  4. Update the audit_log_enabled parameter to ON. Enable audit logs

  5. Select the event types to be logged by updating the audit_log_events parameter. Audit log events

  6. Add any MySQL users to be included or excluded from logging by updating the audit_log_exclude_users and audit_log_include_users parameters. Specify users by providing their MySQL user name. Audit log exclude users

  7. Once you have changed the parameters, you can click Save. Or you can Discard your changes. Save

Set up diagnostic logs

  1. Under the Monitoring section in the sidebar, select Diagnostic settings.

  2. Click on "+ Add diagnostic setting" Add diagnostic setting

  3. Provide a diagnostic setting name.

  4. Specify which data sinks to send the audit logs (storage account, event hub, and/or Log Analytics workspace).

  5. Select "MySqlAuditLogs" as the log type. Configure diagnostic setting

  6. Once you've configured the data sinks to pipe the audit logs to, you can click Save. Save diagnostic setting

  7. Access the audit logs by exploring them in the data sinks you configured. It may take up to 10 minutes for the logs to appear.

Next steps

  • Learn more about audit logs in Azure Database for MySQL
  • Learn how to configure audit logs in the Azure CLI