1) this is actually kinda cool, overall. I plan on mining this in the future for code changes, etc.
2) You can filter it! predicateexpression is the term you're looking for, available via the powershell module
3) if you're trying to add predicates, it uses SQL Audit syntax. In our case, we wanted to ignore a particular stored procedure call, so we used:
"(NOT [statement] like '%myspnamehere%')"
4) BEFORE YOU DO THIS and add the predicate: turn all the audits off on that "server" first.
The database AND the server-level.
The regular AND the microsoft.
We had a heck of a time figuring out why it wasn't working right.
Between this and making sure the Database-Level Auditing was off, this worked.
Disconnect-AzAccount myguidhere
Connect-AzAccount -Tenant myguidhere
Set-AzSqlServerAudit -ResourceGroupName "ourRGname" -ServerName "ourSERVERname" -PredicateExpression "(NOT [statement] like '%myspnamehere%')" -WorkspaceResourceId "ourworkspaceidforourLogAnalyticsTarget" -LogAnalyticsTargetState ENABLED
Set-AzSqlServerMSSupportAudit -ResourceGroupName "ourRGname" -ServerName "ourSERVERname" -WorkspaceResourceId "ourworkspaceidforourLogAnalyticsTarget" -LogAnalyticsTargetState ENABLED
No comments:
Post a Comment