azureazure-sql-databaseazure-log-analyticsazure-log-analytics-workspace

Exclude SQL statements in Audit logs for Azure SQL Server using Set-AzSqlServerAudit


I'm trying to remove all Select statements from Log Analytics of Microsoft Azure SQL server. I found in Microsoft docs that introducing PredicateExpression in Set-AzSQLServerAudit can help me to achieve this. I tried couple of expressions to disable the logs using Powershell Cmdlet, however I still see the logs with Select statements with the same pattern as in Predicate expression.

I tried with following predicate expression already, but it still I see Select statements.

Set-AzSqlServerAudit -ResourceGroupName "myresourcegroup" -ServerName "mysqlserver" -PredicateExpression "statement <> 'exec sp_executesql N%select%' or statement <> 'SELECT 1%'"

and also, with this one

Set-AzSqlServerAudit -ResourceGroupName "myresourcegroup" -ServerName "mysqlserver" –PredicateExpression “statement <> ‘exec sp_executesql N’select%’' or statement <> 'SELECT 1%'”

Anyone has idea where am I going wrong?


Solution

  • Could you please try the following predicate expression to see if it meets your expectations?

    Set-AzSqlServerAudit -ResourceGroupName "myresourcegroup" -ServerName "mysqlserver" -PredicateExpression "statement not like '%select%'"