Remediation

From Azure Portal

Part 1 - Turn on audit logs

Log in to Azure Portal using https://portal.azure.com.
Go to Azure Database for MySQL flexible servers.
For each database, under Settings, click Server parameters.
Set audit_log_enabled to ON.
Click Save.

Part 2 - Capture audit logs (diagnostic settings are examples only, send these logs to the appropriate data sink for your logging needs)

Under Monitoring, select Diagnostic settings.
Select + Add diagnostic setting.
Provide a diagnostic setting name.
Under Categories, select MySQL Audit Logs.
Specify destination details.
Click Save.

It may take up to 10 minutes for the logs to appear in the configured destination.

From Azure CLI

Use the following command to enable audit_log_enabled:

az mysql flexible-server parameter set \
    --resource-group {{resource-group-name}} \
    --server-name {{server-name}} \
    --name audit_log_enabled \
    --value on

From PowerShell

Use the following command to enable audit_log_enabled:

Update-AzMySqlFlexibleServerConfiguration `
    -ResourceGroupName {{resource-group-name}} `
    -ServerName {{server-name}} `
    -Name audit_log_enabled `
    -Value on

From Azure Portal​

Part 1 - Turn on audit logs​

Part 2 - Capture audit logs (diagnostic settings are examples only, send these logs to the appropriate data sink for your logging needs)​

From Azure CLI​

From PowerShell​

From Azure Portal

Part 1 - Turn on audit logs

Part 2 - Capture audit logs (diagnostic settings are examples only, send these logs to the appropriate data sink for your logging needs)

From Azure CLI

From PowerShell