|
2 | 2 | title: Auditing |
3 | 3 | titleSuffix: Azure SQL Database and Azure Synapse Analytics |
4 | 4 | description: SQL Auditing for Azure SQL Database and Azure Synapse Analytics tracks database events and writes them to an audit log in your Azure storage account, Log Analytics workspace, or Event Hubs. |
5 | | -author: sravanisaluru |
6 | | -ms.author: srsaluru |
7 | | -ms.reviewer: wiassaf, vanto, mathoma |
8 | | -ms.date: 09/04/2025 |
| 5 | +author: WilliamDAssafMSFT |
| 6 | +ms.author: wiassaf |
| 7 | +ms.reviewer: srsaluru, vanto, mathoma |
| 8 | +ms.date: 12/19/2025 |
9 | 9 | ms.service: azure-sql-database |
10 | 10 | ms.subservice: security |
11 | 11 | ms.topic: conceptual |
@@ -54,13 +54,12 @@ You can use SQL Database auditing to: |
54 | 54 | - Permissions required to view Audit logs: |
55 | 55 | - `VIEW DATABASE SECURITY AUDIT` permission in user database |
56 | 56 |
|
57 | | -### Recommended Auditing Approach for Large OLTP Workloads |
| 57 | +### Recommended auditing approach for large OLTP workloads |
58 | 58 |
|
59 | | -- For environments with many databases running heavy OLTP workloads, using server‑level auditing with default settings can lead to extremely large audit volumes, often hundreds of GBs to multiple TBs across the logical server. Since all events from all databases are written into the same audit folder, querying audit logs for a single database becomes slow and operationally expensive. |
| 59 | +For environments with many databases running heavy OLTP workloads, using server‑level auditing with default settings can lead to very large audit volumes across the logical server. Since all events from all databases are written into the same audit folder, querying audit logs for a single database becomes slow and operationally expensive. To improve performance and reduce noise: |
60 | 60 |
|
61 | | -- To improve performance and reduce noise: |
62 | | - - Switch to database‑level auditing so each database writes to its own audit log folder, making retrieval faster and reducing the total volume scanned. |
63 | | - - Review the audit configuration to determine whether capturing all batch‑completed events is necessary, or if a custom filtered configuration can meet your security and compliance requirements |
| 61 | + - **Switch to database‑level auditing**. Each database writes to its own audit log folder, reducing the total volume scanned and making retrieval faster. |
| 62 | + - **Review the audit configuration**. Determine whether capturing all batch‑completed events is necessary, or if a custom filtered configuration can meet your security and compliance requirements. |
64 | 63 |
|
65 | 64 | ## Auditing limitations |
66 | 65 |
|
|
0 commit comments