Azure Database Auditing not capturing login failures
I'm looking to capture login failures against our Azure Database. I've set up auditing on my Azure Database as such
After running some queries, I can see login successes for the principal in question, shown by the action_id DBAS eg
However, when generating failures both from SSMS and our application, the auditing doesnt capture any failures, which I expect to be shown with action_id DBAF
The info box for this auditing option does say its supposed to capture login failures. Is this a bug or am I doing something wrong here?
Solution
Make sure you have given correct file path. Try with below query:
select event_time,server_instance_name,database_name,action_id,server_principal_name,application_name from sys.fn_get_audit_file
('https://banuadls.blob.core.windows.net/sqldbauditlogs/dbservere/db/SqlDbAuditing_Audit_NoRetention/2024-05-31/08_44_54_724_0.xel',default,default)
where event_time <= '2024-05-31T09:11:00.5349194'
It is giving login failed error audits as shown below:
| event_time | server_instance_name | database_name | action_id | server_principal_name | application_name |
|---|---|---|---|---|---|
| 2024-05-31T08:44:55.3341817 | dbservere | AUSC | NT AUTHORITY\SYSTEM | Internal | |
| 2024-05-31T08:45:13.8966156 | dbservere | db | DBAF | server | Azure SQL Query Editor |
| 2024-05-31T08:45:14.7871436 | dbservere | db | DBAF | server | Azure SQL Query Editor |
| 2024-05-31T08:45:21.8808280 | dbservere | db | DBAF | server | Azure SQL Query Editor |
| 2024-05-31T08:54:55.4361409 | dbservere | db | DBAF | server | Microsoft SQL Server Management Studio |
| 2024-05-31T08:55:18.9358867 | dbservere | db | DBAF | server | Microsoft SQL Server Management Studio |
| 2024-05-31T09:11:00.5349194 | dbservere | db | DBAS | server | Azure SQL Query Editor |
| 2024-05-31T09:11:00.5349194 | dbservere | db | BCM | server | Azure SQL Query Editor |
For more information you refer to this SO answer.
- opposite of "top" in sql server, without using order by, there are no keys/indices
- Getting log messages from an SSIS package executed with an SQL query
- Project fails to load due to missing SqlServer.targets file after upgrading to Visual Studio 2013
- How to remove a specific character from a string, only when it is the first or last character in the string.
- convert datetime to bigint
- How to fix the "system cannot find the file specified" error in ASP.NET MVC and SQL Server 2019
- How to get all auto generated foreign key names?
- Untrusted Certificate Error when connecting to SQL Server running in Docker from .NET 7 API in VS2022
- In a junction table, should I use a Primary key and a unique constraint, or a compound/composite key?
- Convert to ASCII char in SQL Server
- SQL transaction locks query weird behavior
- Update SQL with consecutive numbering
- Returning Continuous Months and Copying Values from the Previous Month
- Export stored procedure results as CSV (UTF 8 BOM format) to external server from SQL Server 2012
- SQL Server XML Data - How to insert if empty or update if not
- "Incorrect syntax near ')'." from cmd.ExecuteNonQuery();
- SQL Server - get next Friday in DATETIME
- Prevent Role with limited SELECT access discovering object names in Azure SQL or SQL Server
- What is the best way to create and populate a numbers table?
- How to preserve data comma ',' while exporting data from SQL Server to flat file (CSV) where column delimiter is ','
- SQL Selecting if "active" = true
- Delete partial dulicate rows - sql
- How to disable transactions for individual migrations in Flyway on SQL Server
- Why does a WHERE IN query on a uniqueidentifer column result in a "range seek" (greater than/less than)?
- Stored procedure to insert a new employee and return the newly created record (including the Id)
- Generating a histogram from column values in a database
- Get size of all tables in database
- How can I get the size in bytes of a table returned by a SQL query?
- Reading a table from SQL Server into a DataFrame using SQLAlchemy
- QSqlQuery causing ODBC Function sequence error