Azure SQL Database Auditing – Move from Azure Table Storage to Blob Storage

Published Mar 13 2019 06:40 PM 851 Views
Microsoft
First published on MSDN on Apr 13, 2017
Microsoft recently deprecated the use of Azure Table storage for SQL Database Auditing. Use Azure Blob Storage to save your auditing files instead.

If you were using Azure Table Storage for your auditing data, here is a simple step by step on how to move to Azure Blob Storage instead.

On this database, called “Sales”, I am inheriting the auditing settings from the server “auditingdemo”. Auditing is not individually configured for this database, as this is not a supported feature for Auditing with Table Storage (for more details about it, please read the session “ Blob/table differences in server auditing policy inheritance ”).

[caption id="attachment_146" align="alignnone" width="576"] Image 1 - Auditing with Azure Table Storage (Update 2017-10-30: note that this screed look different now on Azure Portal)[/caption]

To change it from Table to Blob Storage, all you need to do is the following:

  1. Go to the SQL Database server, and modify it from Table to Blob. (Yes, as simple as that)

  2. Click Save, and now you have Auditing type Blob at the server level:


[caption id="attachment_156" align="alignnone" width="575"] Image 2 - Auditing with Azure Blob Storage (Update 2017-10-30: note that this screed look different now on Azure Portal)[/caption]

That’s it. Now you have blob auditing enabled. If you need to have database level auditing, you may set it at the database level as well, but it is not a recommended setting, as per the feature documentation :

You should avoid enabling both server Blob auditing and database Blob auditing together, unless:

  • You need to use a different storage account or retention period for a specific database.

  • You want to audit different event types or categories for a specific database that are being audited for the rest of the databases on this server (e.g. if table inserts need to be audited only for a specific database).




You may ask: “What about the auditing data that was in the Table Storage? Will I lose it?

The answer is No. The old data continues in Table Storage, and the new auditing data goes to blob storage from this point onwards.



We created the following PowerShell script to help you quickly and easily identify all the resources (Azure SQL Servers + Databases) across all your subscriptions that currently have Table auditing enabled and require migration to Blob auditing.

Thanks to Tomer Weisberg and Gilad Mittelman for sharing

[code language="PowerShell"]Login-AzureRmAccount

$arrayTableFound = @()

foreach($sub in Get-AzureRmSubscription)
{
Write-Host 'Looking for table auditing in subscription'$sub.Name'('$sub.SubscriptionId')'

Set-AzureRmContext -SubscriptionName $sub.Name
$sqlServers = Get-AzureRmResourceGroup | Get-AzureRmSqlServer
foreach($sqlServer in $sqlServers)
{
$serverName = $sqlServer.ServerName
Write-Host 'Looking for table auditing on server'$serverName

$serverAuditingPolicy = $sqlServer | Get-AzureRmSqlServerAuditingPolicy -WarningAction SilentlyContinue

if ($serverAuditingPolicy.AuditState -eq 'Enabled' -and $serverAuditingPolicy.AuditType -eq 'Table')
{
Write-Host -ForegroundColor Red 'Found table auditing on server'$serverName
$arrayTableFound += ,@("SERVER: $serverName")
}
foreach($sqlDB in $sqlServer | Get-AzureRmSqlDatabase)
{

if ($sqlDB.DatabaseName -eq 'master')
{
#no support for auditing on master
continue
}
Write-Host 'Looking for table auditing on DB'$sqlDB.DatabaseName
$DBAuditingPolicy = Get-AzureRmSqlDatabaseAuditingPolicy -ServerName $sqlServer.ServerName -DatabaseName $sqlDB.DatabaseName -ResourceGroupName $sqlDB.ResourceGroupName -WarningAction SilentlyContinue

if ($DBAuditingPolicy.AuditState -eq 'Enabled' -and $DBAuditingPolicy.AuditType -eq 'Table')
{
Write-Host -ForegroundColor Red 'Found table auditing on database'$sqlDB.DatabaseName'Server'$sqlServer.ServerName
$databaseName = $sqlDB.DatabaseName
$arrayTableFound += ,@("DATABASE: $databaseName (on Server $serverName)")
}
}
}
}

Write-Host -ForegroundColor Green 'Total resources with Table auditing:'$arrayTableFound.Length

Write-Host -ForegroundColor Red 'The following resources have Table auditing enabled:'

foreach($item in $arrayTableFound)
{
Write-Host -ForegroundColor Red $item[0]
} [/code]
%3CLINGO-SUB%20id%3D%22lingo-sub-368882%22%20slang%3D%22en-US%22%3EAzure%20SQL%20Database%20Auditing%20%E2%80%93%20Move%20from%20Azure%20Table%20Storage%20to%20Blob%20Storage%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-368882%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20MSDN%20on%20Apr%2013%2C%202017%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20Microsoft%20recently%20deprecated%20the%20use%20of%20Azure%20Table%20storage%20for%20SQL%20Database%20Auditing.%20Use%20Azure%20Blob%20Storage%20to%20save%20your%20auditing%20files%20instead.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20If%20you%20were%20using%20Azure%20Table%20Storage%20for%20your%20auditing%20data%2C%20here%20is%20a%20simple%20step%20by%20step%20on%20how%20to%20move%20to%20Azure%20Blob%20Storage%20instead.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20On%20this%20database%2C%20called%20%E2%80%9CSales%E2%80%9D%2C%20I%20am%20inheriting%20the%20auditing%20settings%20from%20the%20server%20%E2%80%9Cauditingdemo%E2%80%9D.%20Auditing%20is%20not%20individually%20configured%20for%20this%20database%2C%20as%20this%20is%20not%20a%20supported%20feature%20for%20Auditing%20with%20Table%20Storage%20(for%20more%20details%20about%20it%2C%20please%20read%20the%20session%20%E2%80%9C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsql-database%2Fsql-database-auditing%23a-idsubheading-8ablobtable-differences-in-server-auditing-policy-inheritance%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Blob%2Ftable%20differences%20in%20server%20auditing%20policy%20inheritance%20%3C%2FA%3E%20%E2%80%9D).%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%5Bcaption%20id%3D%22attachment_146%22%20align%3D%22alignnone%22%20width%3D%22576%22%5D%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F88922i3E5C2B6442086108%22%20%2F%3E%20Image%201%20-%20Auditing%20with%20Azure%20Table%20Storage%20(Update%202017-10-30%3A%20note%20that%20this%20screed%20look%20different%20now%20on%20Azure%20Portal)%5B%2Fcaption%5D%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20To%20change%20it%20from%20Table%20to%20Blob%20Storage%2C%20all%20you%20need%20to%20do%20is%20the%20following%3A%20%3CBR%20%2F%3E%3COL%3E%3CBR%20%2F%3E%3CLI%3EGo%20to%20the%20SQL%20Database%20server%2C%20and%20modify%20it%20from%20Table%20to%20Blob.%20(Yes%2C%20as%20simple%20as%20that)%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EClick%20Save%2C%20and%20now%20you%20have%20Auditing%20type%20Blob%20at%20the%20server%20level%3A%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FOL%3E%3CBR%20%2F%3E%20%5Bcaption%20id%3D%22attachment_156%22%20align%3D%22alignnone%22%20width%3D%22575%22%5D%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F88923i83502D8F809A5716%22%20%2F%3E%20Image%202%20-%20Auditing%20with%20Azure%20Blob%20Storage%26nbsp%3B(Update%202017-10-30%3A%20note%20that%20this%20screed%20look%20different%20now%20on%20Azure%20Portal)%5B%2Fcaption%5D%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20That%E2%80%99s%20it.%20Now%20you%20have%20blob%20auditing%20enabled.%20If%20you%20need%20to%20have%20database%20level%20auditing%2C%20you%20may%20set%20it%20at%20the%20database%20level%20as%20well%2C%20but%20it%20is%20not%20a%20recommended%20setting%2C%20as%20per%20the%20feature%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsql-database%2Fsql-database-auditing%23a-idsubheading-8ablobtable-differences-in-server-auditing-policy-inheritance%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20documentation%20%3C%2FA%3E%20%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CEM%3E%20You%20should%20avoid%20enabling%20both%20server%20Blob%20auditing%20and%20database%20Blob%20auditing%20together%2C%20unless%3A%3C%2FEM%3E%20%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3E%3CEM%3E%20You%20need%20to%20use%20a%20different%20storage%20account%20or%20retention%20period%20for%20a%20specific%20database.%20%3C%2FEM%3E%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3E%3CEM%3E%20You%20want%20to%20audit%20different%20event%20types%20or%20categories%20for%20a%20specific%20database%20that%20are%20being%20audited%20for%20the%20rest%20of%20the%20databases%20on%20this%20server%20(e.g.%20if%20table%20inserts%20need%20to%20be%20audited%20only%20for%20a%20specific%20database).%20%3C%2FEM%3E%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20You%20may%20ask%3A%20%E2%80%9CWhat%20about%20the%20auditing%20data%20that%20was%20in%20the%20Table%20Storage%3F%20Will%20I%20lose%20it%3F%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20The%20answer%20is%20No.%20The%20old%20data%20continues%20in%20Table%20Storage%2C%20and%20the%20new%20auditing%20data%20goes%20to%20blob%20storage%20from%20this%20point%20onwards.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20We%20created%20the%20following%20PowerShell%20script%20to%20help%20you%20quickly%20and%20easily%20identify%20all%20the%20resources%20(Azure%20SQL%20Servers%20%2B%20Databases)%20across%20all%20your%20subscriptions%20that%20currently%20have%20Table%20auditing%20enabled%20and%20require%20migration%20to%20Blob%20auditing.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Thanks%20to%20%3CSTRONG%3E%20Tomer%20Weisberg%20%3C%2FSTRONG%3E%20and%20%3CSTRONG%3E%20Gilad%20Mittelman%20%3C%2FSTRONG%3E%20for%20sharing%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%5Bcode%20language%3D%22PowerShell%22%5DLogin-AzureRmAccount%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%24arrayTableFound%20%3D%20%40()%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20foreach(%24sub%20in%20Get-AzureRmSubscription)%20%3CBR%20%2F%3E%20%7B%20%3CBR%20%2F%3E%20Write-Host%20'Looking%20for%20table%20auditing%20in%20subscription'%24sub.Name'('%24sub.SubscriptionId')'%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Set-AzureRmContext%20-SubscriptionName%20%24sub.Name%20%3CBR%20%2F%3E%20%24sqlServers%20%3D%20Get-AzureRmResourceGroup%20%7C%20Get-AzureRmSqlServer%20%3CBR%20%2F%3E%20foreach(%24sqlServer%20in%20%24sqlServers)%20%3CBR%20%2F%3E%20%7B%20%3CBR%20%2F%3E%20%24serverName%20%3D%20%24sqlServer.ServerName%20%3CBR%20%2F%3E%20Write-Host%20'Looking%20for%20table%20auditing%20on%20server'%24serverName%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%24serverAuditingPolicy%20%3D%20%24sqlServer%20%7C%20Get-AzureRmSqlServerAuditingPolicy%20-WarningAction%20SilentlyContinue%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20if%20(%24serverAuditingPolicy.AuditState%20-eq%20'Enabled'%20-and%20%24serverAuditingPolicy.AuditType%20-eq%20'Table')%20%3CBR%20%2F%3E%20%7B%20%3CBR%20%2F%3E%20Write-Host%20-ForegroundColor%20Red%20'Found%20table%20auditing%20on%20server'%24serverName%20%3CBR%20%2F%3E%20%24arrayTableFound%20%2B%3D%20%2C%40(%22SERVER%3A%20%24serverName%22)%20%3CBR%20%2F%3E%20%7D%20%3CBR%20%2F%3E%20foreach(%24sqlDB%20in%20%24sqlServer%20%7C%20Get-AzureRmSqlDatabase)%20%3CBR%20%2F%3E%20%7B%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20if%20(%24sqlDB.DatabaseName%20-eq%20'master')%20%3CBR%20%2F%3E%20%7B%20%3CBR%20%2F%3E%20%23no%20support%20for%20auditing%20on%20master%20%3CBR%20%2F%3E%20continue%20%3CBR%20%2F%3E%20%7D%20%3CBR%20%2F%3E%20Write-Host%20'Looking%20for%20table%20auditing%20on%20DB'%24sqlDB.DatabaseName%20%3CBR%20%2F%3E%20%24DBAuditingPolicy%20%3D%20Get-AzureRmSqlDatabaseAuditingPolicy%20-ServerName%20%24sqlServer.ServerName%20-DatabaseName%20%24sqlDB.DatabaseName%20-ResourceGroupName%20%24sqlDB.ResourceGroupName%20-WarningAction%20SilentlyContinue%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20if%20(%24DBAuditingPolicy.AuditState%20-eq%20'Enabled'%20-and%20%24DBAuditingPolicy.AuditType%20-eq%20'Table')%20%3CBR%20%2F%3E%20%7B%20%3CBR%20%2F%3E%20Write-Host%20-ForegroundColor%20Red%20'Found%20table%20auditing%20on%20database'%24sqlDB.DatabaseName'Server'%24sqlServer.ServerName%20%3CBR%20%2F%3E%20%24databaseName%20%3D%20%24sqlDB.DatabaseName%20%3CBR%20%2F%3E%20%24arrayTableFound%20%2B%3D%20%2C%40(%22DATABASE%3A%20%24databaseName%20(on%20Server%20%24serverName)%22)%20%3CBR%20%2F%3E%20%7D%20%3CBR%20%2F%3E%20%7D%20%3CBR%20%2F%3E%20%7D%20%3CBR%20%2F%3E%20%7D%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Write-Host%20-ForegroundColor%20Green%20'Total%20resources%20with%20Table%20auditing%3A'%24arrayTableFound.Length%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Write-Host%20-ForegroundColor%20Red%20'The%20following%20resources%20have%20Table%20auditing%20enabled%3A'%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20foreach(%24item%20in%20%24arrayTableFound)%20%3CBR%20%2F%3E%20%7B%20%3CBR%20%2F%3E%20Write-Host%20-ForegroundColor%20Red%20%24item%5B0%5D%20%3CBR%20%2F%3E%20%7D%20%5B%2Fcode%5D%20%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-368882%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20MSDN%20on%20Apr%2013%2C%202017%20Microsoft%20recently%20deprecated%20the%20use%20of%20Azure%20Table%20storage%20for%20SQL%20Database%20Auditing.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-368882%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eauditing%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20SQL%20Database%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Mar 13 2019 06:40 PM
Updated by: