Forum Discussion
Unable to View Audit Logs
Hi all!
I am once again coming to you, asking for assistance.
We had a security alert in Azure and I was able to go all the way through to see what the issue was, BUT when I try to go into the "View Suspicious Activity" page I get the below. Now multiple users in my team get the same as me, but one user can see everything in here.
He's not even in the resource with any permissions yet he can see these logs. Am I missing something really obvious? Or is this another fun little bug?
Thanks in advance
ChrisCurtisIT
Hello Chris,
I faced the same problem with Audit, and before this problem I a bit extended QUERY STORE. The logs stopped working because of the low free space of about 100 MB.ALTER DATABASE [sqldb-p-xxxxx] SET QUERY_STORE = ON ( OPERATION_MODE = READ_WRITE, CLEANUP_POLICY = ( STALE_QUERY_THRESHOLD_DAYS = 30 ), DATA_FLUSH_INTERVAL_SECONDS = 900, MAX_STORAGE_SIZE_MB = 1000, INTERVAL_LENGTH_MINUTES = 60, SIZE_BASED_CLEANUP_MODE = AUTO, QUERY_CAPTURE_MODE = AUTO );But apart from this, I can read my Blob storage with logs with a simple query
So for now this approach that I'm using is the only way to check the logs.....SELECT * FROM sys.fn_get_audit_file(' https://xxxx.blob.core.windows.net/sqldbauditlogs/xxx/xxxxx/SqlDbAuditing_ServerAudit/2024-10-11/08_46_00_673_697.xel'So, I guess the problem with the amount of data.
In my case, it is about 30-50 records x 50MB per day, and as far as I remember Audit is using the whole folder PATH and not the exact file, and it can be the problem
