Forum Discussion
Log Analytics query to create a alert for IP's blocked by firewall in Azure SQl Database.
Ah! I think you need https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure
"You can use SQL Database Auditing to audit server-level and database-level firewall changes."It also might be worth looking in the AzureActivity log - sorry I don't have any DBs configured with Auditing or DB level firewalls. If you get an example record we can help you parse for the IP address if needed.
Ah! I think you need https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure
"You can use SQL Database Auditing to audit server-level and database-level firewall changes."
It also might be worth looking in the AzureActivity log - sorry I don't have any DBs configured with Auditing or DB level firewalls. If you get an example record we can help you parse for the IP address if needed.
Adding to what Clive has suggested the following website article gives a little more detail on what to "query" for with regards to the "Denied Access"
https://www.sqlservercentral.com/articles/10-steps-to-securing-your-sql-server
This is a snippet from the article
I also like to turn on auditing of any type of permission denied
error, like #229. If you find all the items you’d like to audit, you can write a
script to update the sysmessages table (which holds all the SQL Server errors)
to turn on logging as shown below:
— Error Message #229: %ls permission denied on object ‘%.*ls’,
database ‘%.*ls’, owner ‘%.*ls’.
UPDATE sysmessages SET dlevel = (dlevel | 0x80) WHERE error = 229