Audit MySQL Database
Do we have any option like server-level or database level Auditing in MySQL in Azure?
Also is Azure following any security baseline for MySQL databases?
Audit logging for Azure Database for MySQL is now available in preview. Audit logs are integrated with Azure Monitor Diagnostic Logs. To learn more, please check out the following doc: https://docs.microsoft.com/en-us/azure/mysql/concepts-audit-logs
Kristi R commented
I have a customer that would like this feature to be checked with Policy - but I am not showing any policy connections for this at this time. Do we have this planned?
Xudong Hu commented
Seems AWS support MariaDB Audit Plugin on RDS https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.MySQL.Options.AuditPlugin.html
Will something similar will be supported in the future like Mcafee Audit Plugin on RDS
Hiroaki Obayashi commented
My customer need audit feature too. It would be nice to be able to use 3rd party plugin.
yes, you are right. We need to audit the actions performed in the DB, both successful and unsuccessful. This will allow for accountability and traceability.
Is there anyway which we can enable more granular logging for MySQL, particularly on SQL statements executed on the database?
Mark Bolz commented
Greetings. We have standard server logs for MySQL and the Activity Log in Azure that are used to provide certain levels of auditing. However, there is no built-in auditing capability at the server or database level outside of what is offered by the community edition of MySQL.
Azure Database for MySQL is certified compliant with these industry standards: SOC 1, SOC2, SOC3, ISO 27001:2013, ISO 27018:2014, CSA STAR Certification, HIPAA / HITECH Act and PCI DSS Level 1. You can visit: https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings to understand Azure compliance offerings and what services are compliant for which offerings.