🛡️ Azure MySQL Flexible Server audit_log_events Parameter is not set with the CONNECTION event🟢

Contextual name: 🛡️ Flexible Server audit_log_events Parameter is not set with the CONNECTION event🟢
ID: /ce/ca/azure/mysql-database/flexible-server-audit-log-events-parameter
Tags:
- 🟢 Policy with categories
- 🟢 Policy with type
- 🟢 Production policy
Policy Type: COMPLIANCE_POLICY
Policy Categories: RELIABILITY, PERFORMANCE

Logic

🧠 prod.logic.yaml🟢
- 📗 Azure MySQL Server
- 🔌 Azure MySQL Server - object.extracts.yaml
- 🧪 test-data.json

Description

Description

Set audit_log_enabled to include CONNECTION on MySQL flexible servers.

Rationale

Enabling CONNECTION helps MySQL Database to log items such as successful and failed connection attempts to the server. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.

Impact

There are further costs incurred for storage of logs. For high traffic databases these logs will be significant. Determine your organization's needs before enabling.

Audit

From Azure Portal

From Azure Home select the Portal Menu.

Go to Azure Database for MySQL flexible servers.

For each database, under Settings, click Server parameters.

In the filter bar, type audit_log.

Ensure that the VALUE for audit_log_enabled is ON.

Ensure that the VALUE for audit_log_events includes CONNECTION.

From Azure CLI

Ensure the below command returns a value that includes CONNECTION:
az mysql flexible-server parameter show --resource-group <resourceGroup> --server-name <serverName> --name audit_log_events

... [see more](description.md)

Remediation

Open File

Remediation

From Azure Portal

Login to Azure Portal using https://portal.azure.com.

Go to Azure Database for MySQL flexible servers.

For each database, under Settings, click Server parameters.

In the filter bar, type audit_log.

Set audit_log_enabled to ON.

In the drop-down next to audit_log_events, check CONNECTION.

Click Save.

Under Monitoring, select Diagnostic settings.

Select + Add diagnostic setting.

Provide a diagnostic setting name.

Under Categories, select MySQL Audit Logs.

Specify destination details.

Click Save.

It may take up to 10 minutes for the logs to appear in the configured destination.

From Azure CLI

Use the below command to set audit_log_events to CONNECTION:
az mysql flexible-server parameter set --resource-group <resourceGroup> --server-name <serverName> --name audit_log_events --value CONNECTION
From PowerShell

Use the below command to set audit_log_events to CONNECTION:
Update-AzMySqlFlexibleServerConfiguration -ResourceGroupName <resourceGroup> -ServerName <serverName> -Name audit_log_events -Value CONNECTION

... [see more](remediation.md)

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v3.0.0 → 💼 5.3.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL flexible server (Automated)			1		no data
💼 Cloudaware Framework → 💼 Logging and Monitoring Configuration			65		no data

Logic​

Description​

Description​

Rationale​

Impact​

Audit​

From Azure Portal​

From Azure CLI​

Remediation​

Remediation​

From Azure Portal​

From Azure CLI​

From PowerShell​

policy.yaml​

Linked Framework Sections​

Logic

Description

Description

Rationale

Impact

Audit

From Azure Portal

From Azure CLI

Remediation

Remediation

From Azure Portal

From Azure CLI

From PowerShell

policy.yaml

Linked Framework Sections